Healthcare Ransomware Problem Getting Worse

Healthcare Ransomware Problem Getting Worse. Ransomware attacks are one of the most prevalent cyber attacks on healthcare. It has been around for many years; however, it became a trend in 2016. Recently, there is a significant increase in the frequency and types of Healthcare ransomware problems perpetrate.

Since 2019, even before Covid-19, healthcare providers became the primary target of ransomware attackers because they are more likely to pay the ransom. They want to prevent the attackers from stealing or leaking patients’ sensitive information such as the patients’ names, social security numbers, addresses, phone numbers, medical data, insurance details, and so much more.

Covid-19 only made the vulnerability of the healthcare sector worse. Numerous healthcare providers had to lay off staff, including IT and cybersecurity staff. There is more vulnerability, and this is what these malicious criminals are leveraging. The consequences of ransomware attacks are dire for the healthcare industry. In addition to security issues that come with data breaches, it also leads to disruption of medical care. To prevent loss of life, healthcare providers, to a great percent, tend to give in to ransomware criminals’ extortion requests.

For example, in June 2020, the University of California San Francisco (UCSF) School of Medicine paid its attackers $1.14 million. Ransomware attacks are so successful despite their tremendous danger and financial costs, largely because of inadequate cybersecurity strategies on the part of healthcare providers. The development of Cybersecurity strategies has to embrace to detect and prevent ransomware attacks. This cybersecurity strategy starts from understanding the life cycle of ransomware attacks.

A 2019 Juan and his team presents the life cycle of ransomware attacks as follows:

Ransomware Cybersecurity attacks start from ransomware design. This is where the ransomware developer creates a malware variant. After creating the malware variant, the attacker distributes the malware to victims through spam email, phishing, and other infection vectors. Upon arrival, the malware activates. It discovers the host details and obtains a unique encryption key from a remote control server. After that, the ransomware search process begins, and it locates targeted file types.

After obtaining the targeted files, the encryption process begins. They delete the original files while renaming the newly encrypted files with a new file extension. At the end of the process, the ransom message typically displays the attacker’s instruction on paying the ransom amount.

The infection vectors are the most important aspect of a ransomware cybersecurity attack. If the infection vectors are locked, ransomware attacks will be dead. All possible infection vectors are patched up, including exploit kits, downloaders, Trojan botnets, social engineering tactics, and traffic distribution systems.

Researchers recommend that healthcare cybersecurity teams patch up all the possible infection vectors by applying all the available patches. However, despite patches’ availability, surprisingly, some healthcare providers are yet to patch up their infection vectors.

In situations where no patches release yet, the OCR 2018 report suggests that IT departments should implement compensating controls to reduce the risk of identified security vulnerabilities to an acceptable level. The compensating controls include restricting network access and disabling network services or software components to protect vulnerabilities that could exploit via network access (OCR, 2018).