Ransomware attacks against healthcare providers aren’t new. In 2017, two crypto-malware infections affecting medical organizations made The State of Security’s top list of ransomware attacks for the year. The first involved an unknown strain that targeted Arkansas Oral & Facial Surgery Center, an incident which affected X-ray images, documents, and patient data related to recent appointments. The second was the now-infamous outbreak of WannaCry, ransomware which affected 34% of National Health Service (NHS) trusts in England. (Most NHS trusts still have a “considerable amount” of work to do to prevent an attack like WannaCry from occurring again, says the Department of Health.)

So why are ransomware attackers targeting healthcare providers? First, these intended targets are inclined to follow the example of Hollywood Presbyterian Medical Center and Hancock Health by paying the ransom if they lack data backups. Healthcare providers offer critical services that draw the line between life and death; as a result, digital attackers figure that hospitals and similar organizations are less likely to shrug off an affected server or spend weeks trying to recover their encrypted data.

Second, attackers can monetize healthcare records to an extent that utterly eclipses other stolen data sources. As reported here, a stolen credit card can net someone 30 AUD (approximately 23 USD) on the dark web. That pales in comparison to medical records, which sometimes go for as much as $1,350.

With those factors in mind, ransomware attackers will likely continue to target healthcare providers in 2018. Some did just that in January 2018 when they singled out electronic health record (EHR) solutions provider AllScripts. One Twitter user said the security event, which involved SamSam ransomware, “dramatically impacted patient care and disabled practices nationwide” because it limited medical professionals’ ability to access patients’ medical records and some e-prescribing (Read more...)