View All R&D Articles

Ransomware Market Expands as Healthcare Industry Continues Feeling the Effects

October 25, 2017

A computer security company determined that the dark-web ransomware market has grown by 2,500 percent from 2016 to 2017. The company, Carbon Black, credits that expansion to the relative anonymity of Bitcoin and Tor as well as the lucrative return-on-investment that ransomware offers.

“It’s like some sort of gold rush,” Limor Kessem, executive security adviser for IBM Security, told NBC News. “Cybercriminals are using ransomware to bring extortion to the masses and more criminals are now doing it because they’re interested in getting a piece of the action.”

The news is particularly worrisome for the healthcare industry, which is a frequent victim of ransomware. It’s not clear if hackers intentionally target hospitals and medical centers, but because doctors need access to crucial files, medical organizations feel more pressure to pay ransoms to restore data.

Arkansas Oral and Facial Surgery Center is the latest victim from the medical industry.

The healthcare organization discovered the attack on July 26, 2017, but only recently sent an explanation to its patients. In the notice, the medical practice explains that ransomware rendered three weeks worth of imaging files, x-rays, and other documents inaccessible.

The U.S. Department of Health and Human Services lists the incident as a case currently under investigation and reports that 128,000 individuals may have been affected. The Arkansas Oral and Facial Surgery Center did not disclose information about a ransom payment, but did say that they reported the case to the FBI.

A number of factors make the healthcare industry a frequent victim of ransomware attacks.

Perhaps the biggest factor is that hospitals and other medical centers need immediate access to files. This makes them more likely to pay a hefty ransom, as happened with the Hollywood Presbyterian Medical Center.

A Locky ransomware attack froze up services at Hollywood Presbyterian in February 2016. The medical group quickly paid $17,000 to its attackers in order to receive a decryption key and regain access to their files.

In May 2017, WannaCry ransomware affected hundreds of thousands of computers in 150 countries. The most prominent victim was Britain’s National Health Service (NHS), whose services were severely disrupted by the incident.

The NHS incident laid bare another factor that makes medical centers more susceptible to ransomware attacks.

Many healthcare organizations use medical devices that run on older, unsupported operating systems. Because the systems no longer receive patches, hackers can find and exploit their vulnerabilities.

During the WannaCry attack, Forbes reported that some medical facilities in the U.S. had radiology equipment compromised by the ransomware. Of course, healthcare facilities are reticent to say what operating systems they use, but clearly, many are relying on older systems.

This is horrifying to computer security experts, but it’s a simple matter of economics for hospitals. A ransomware attack is costly, but so is replacing a building full of medical equipment and retraining employees every time an operating system becomes obsolete.

Operating systems are now adding defenses against ransomware, but that doesn’t protect everyone.

Microsoft has been beefing up their anti-ransomware capabilities and claims there have been no successful attacks against their “most hardened” operating system, Windows 10 S. That’s great news for those who have up-to-date software, but leaves behind those organizations running unsupported systems.

For those organizations, backing up files offline and educating employees on phishing schemes are crucial to avoiding ransomware. Experts say that security awareness training for employees can dramatically decrease the rates of clicking on scam emails.

Training employees and using more secure operating systems will make it harder for successful ransomware attacks. Unfortunately, with the malware market burgeoning, hackers will continue searching for vulnerabilities in software and in internet users.