When Hollywood Presbyterian Medical Center admitted in February to paying a $17,000 ransom to decrypt data scrambled by malware, the only surprise was that the hospital's ordeal had become public.
Health care organizations, such as HPMC, are under attack by cyber-criminals looking for easy money and nation-state actors seeking data. More than half of all midsize hospitals have signs of malware infections, according to data collected by the Health Information Trust Alliance (HITRUST). Much of the activity, however, has gone unreported.
Yet, those same organizations are finding it difficult to remain mum as criminals turn to ransomware, a far more disruptive tactic. Already, some 18 percent of midsize hospitals have been infected with crypto-ransomware, according to the HITRUST study. While many businesses can continue to operate if their data is effectively destroyed, hospitals' operations are far more sensitive to disrupted access to data.
"Most advanced malware and previous attacks [on hospitals] were intentionally conducted to not raise alarms—they focused on thievery," Daniel Nutkis, CEO of HITRUST, told eWEEK. "[C]rypto-ransomware—that creates a different dynamic; it wakes you up immediately."
Ransomware has evolved into a serious threat. Starting with early programs that locked Windows systems more than a decade ago, the increasing use of encryption-enabled malware shows how ransomware has become more sophisticated.
Because of the potential to disrupt their operations, hospitals are logical targets for attacks. If infected, they may have little choice but to pay the ransom—and quickly, said Matt Devost, CEO of security consultancy FusionX, which is now owned by Accenture.
"If I target a midtier, medium-sized business and encrypt their data, there is probably a period of time during which they can operate without access to their data," he told eWEEK. "With hospitals, that is not the case, and that makes them a ripe target."
The attacks have worried officials so much that in early April, the United States and Canada issued a joint advisory warning all businesses of the danger.
"Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist," the U.S. Department of Homeland Security (DHS) and Canadian Cyber Incident Response Centre (CCIRC) said in the statement.
The HITRUST study, which placed network security equipment inside the networks of 30 hospitals to monitor for malware, found that 54 percent of the midsize hospitals had a malware infection. Almost 35 percent of those infected—18 percent of all hospitals in the study—had been infected with crypto-ransomware.
The HITRUST data should be considered conservative. Double the number of health care organizations that participated—more than 60—refused to have their data incorporated into the study after they received the results, according to HITRUST's Nutkis.