We’re in “an internal state of emergency”. Probably not something you want to hear, right? According to an official statement on their website, that was the case for Kentucky's Methodist Hospital was hit with ransomware.
According to CNN, an email that made it past the hospital’s spam filter was the source of the ransomware. The particular form of ransomware is known as Locky, one of the newer threats to come up on the radar.
The ransomware compromised several other systems as it spread through the hospital’s internal network. To unlock the encrypted files, hackers demanded a Bitcoin ransom of four bitcoin, equal to around $1,600, a mere fraction of the $17,000 sum that was demanded of Hollywood Presbyterian (another hospital recently hit by ransomware). The hospital was forced to shut down all computers to prevent any further damage. While they were indeed in an emergency, no patient information was compromised, according to the hospital. Methodist refused to pay the ransom, but it is not known how much data was lost in the attack.
Heading farther north, an Ontario hospital, Norfolk General Hospital, confirmed that its website was recently hacked by cybercriminals. Website visitors were hit with a “drive-by-download” attack, meaning a user doesn’t actually have to click on anything in the page to get infected. Visitors to the hospital’s portal (accessed by hospital staff as well as patients and their families) could have malware installed on their computers simply by visiting the compromised site—within seconds.
According to Jerome Segura of Malwarebytes Labs, hospitals are ideal targets for these attacks because “Their systems are out of date, they have a lot of confidential information and patient files. If those get locked up, they can’t just ignore it.”
What can be done?
Hospitals need to ensure they are using the most current software as older versions tend to be hit more easily by cybercriminals. Strong passwords, of course, are essential. And, employees must be trained to be vigilant when it comes to opening or downloading suspicious material. To prevent the damage caused by a ransomware attack (and prevent shelling out money to cybercriminals), organizations need a BCDR solution in place. With a BCDR solution, you can restore critical data to the point in time before corruption occurred and avoid paying a ransom.
Cyber extortion is not limited to the healthcare industry, either. Recently the Crown Plaza in Boston contracted a crypto-variant virus but was able to restore their data and keep operations running smoothly.
As always, taking the proper precautions is the best way to protect yourself from any form of ransomware. In the event you’re attacked, the best way to avoid paying a ransom is to have a proper business continuity and disaster recovery (BCDR) solution featuring up-to-date backups. This will allow you to restore your data to a point in time before the infection, and retain your precious data. To learn more about all things ransomware, including the common types, how it is spread and how to prevent it, download our eBook: The Business Guide To Ransomware.