{"id":18275,"date":"2021-04-29T05:23:58","date_gmt":"2021-04-29T01:23:58","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/ransomware-vs-healthcare\/18275\/"},"modified":"2021-04-29T05:23:58","modified_gmt":"2021-04-29T01:23:58","slug":"ransomware-vs-healthcare","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/ransomware-vs-healthcare\/18275\/","title":{"rendered":"Ransomware attacks on healthcare"},"content":{"rendered":"<p>A cyberattack on a clinic or hospital is literally a matter of life or death. In 2020, healthcare systems worldwide were already cracking under the strain of the COVID-19 pandemic, and the actions of cybercriminals only added to the load. One of the most significant threats of the past year for medical institutions came from ransomware attacks \u2014 cyberattacks in which cybercriminals encrypt data or extort management with threats to publish stolen data.<\/p>\n<p>The consequences of such attacks are manifold. In addition to the obvious and dangerous disruption to medical services, healthcare companies can face longer-term repercussions ranging from regulatory fines to claims from patients whose personal data was violated.<\/p>\n<h2>High-profile ransomware incidents<\/h2>\n<p>One of the most talked-about cases of the past year, and a sign of the extent of the problem, was the Ryuk ransomware <a href=\"https:\/\/www.nbcnews.com\/tech\/security\/cyberattack-hits-major-u-s-hospital-system-n1241254\" target=\"_blank\" rel=\"nofollow noopener\">attack on Universal Health Services (UHS)<\/a> last September. The group operates 400 medical facilities in the United States, the United Kingdom, and other countries. Fortunately, not all hospitals and clinics suffered, but the attack did hit UHS facilities in several US states. The incident occurred early on a Sunday morning: Company computers failed to boot, and some employees received a ransom demand. The telephone network was also affected. The IT department had to ask staff to work the old-fashioned way, that is, without IT. Naturally, that caused major interference in the usual flow of the clinic, affecting patient care, lab tests, and more. Some facilities had to refer patients to other hospitals.<\/p>\n<p>In its <a href=\"https:\/\/www.uhsinc.com\/statement-from-universal-health-services\/\" target=\"_blank\" rel=\"nofollow noopener\">official statement<\/a>, UHS said that there was \u201cno evidence of unauthorized access, copying or misuse of any patient or employee data.\u201d In March of this year, the company released a report stating that the attack had caused $67 million worth of damage, including data recovery costs, lost revenue due to downtime, reduced patient flow, and more.<\/p>\n<p>Meanwhile, <a href=\"https:\/\/www.hipaajournal.com\/ascend-clinical-and-alamance-skin-center-suffer-ransomware-attacks\/\" target=\"_blank\" rel=\"nofollow noopener\">an incident at Ascend Clinical<\/a>, which specializes in testing services for kidney disease, led to a data breach affecting more than 77,000 patients. The cause of the infection is known: An employee clicked a link in a phishing e-mail. Having penetrated the system, the attackers got their hands on, among other things, patients\u2019 personal data \u2014 names, dates of birth, social security numbers.<\/p>\n<p>An <a href=\"https:\/\/healthitsecurity.com\/news\/magellan-health-data-breach-victim-tally-reaches-365k-patients\" target=\"_blank\" rel=\"nofollow noopener\">attack on Magellan Health<\/a> in April 2020 compromised the personal data of both employees and patients (365,000 victims, according to media reports). The cybercriminals somehow managed, through social engineering, to impersonate a client, gain access to the internal network, use malware to intercept login credentials, and finally encrypt data on the server.<\/p>\n<p>Generally speaking, when attacking healthcare facilities, cybercriminals prefer to encrypt and steal data from servers rather than workstations. The same thing happened with the servers of the Florida Orthopedic Institute, when attackers encrypted the (previously stolen) data of 640,000 patients. That resulted in a rather unpleasant <a href=\"https:\/\/www.hipaajournal.com\/florida-orthopaedic-institute-facing-class-action-lawsuit-over-ransomware-attack\/\" target=\"_blank\" rel=\"nofollow noopener\">class action lawsuit<\/a>.<\/p>\n<p>The above is just a sample of high-profile incidents from the news last year. In fact, we had dozens more to choose from.<\/p>\n<h2>How healthcare institutions can secure themselves<\/h2>\n<p>Malware can penetrate a system in a variety of ways: through e-mail attachments, phishing links, infected websites, and more. Attackers can steal remote-access credentials, coax them out through social engineering, or simply use <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/brute-force\/\" target=\"_blank\" rel=\"noopener\">brute force<\/a>. The old medical adage that prevention is better than cure applies equally well to cybersecurity, and not least to protection against ransomware. Here are our preventive-care tips for all things cyber:<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kasap\">\n<ul>\n<li><a href=\"https:\/\/me-en.kaspersky.com\/small-to-medium-business-security?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Protect all devices<\/a> \u2014 and not only computers. Company smartphones, tablets, terminals, information kiosks, medical equipment, and absolutely anything else with access to the corporate network and the Internet;<\/li>\n<li>Keep all devices up to date. Again, that\u2019s not just computers. Cyberprotection for, say, a tomograph may not spring immediately to mind, but it too is essentially a computer with an operating system that might have vulnerabilities. Ideally, security should play a major role in the choice of equipment \u2014 at the very least, before buying, have the vendor confirm it releases updates for its software;<\/li>\n<li>Install security solutions to <a href=\"https:\/\/www.kaspersky.com\/small-to-medium-business-security\/mail-server?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____ksms___\" target=\"_blank\" rel=\"noopener nofollow\">protect e-mail<\/a>. Protecting electronic communications is vital; medical organizations receive a lot of e-mails, including spam, which can contain not only harmless trash, but also dangerous attachments;<\/li>\n<li>Train all employees \u2014 that means admins <em>and<\/em> doctors <em>and<\/em> anyone else who touches technology \u2014 in the <a href=\"https:\/\/k-asap.com\/en\/?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____kasap___\" target=\"_blank\" rel=\"noopener\">basics of cybersecurity awareness<\/a>. Ever more parts of medical care are going electronic, from the digitization of medical records to online video consultations. Cybersecurity awareness needs to be as routine as mask use during surgery.<\/li>\n<li>Many modern ransomware attacks are carried out in what we\u2019d call a \u201cmanual\u201d way. In other words, the cybercriminals behind modern ransomware attacks tend not to fire off malware scattershot, but rather to seek out ways to infect specific victims\u2019 computers and servers, often using the art of social engineering. Sometimes, after infiltrating a network, they study the infrastructure at great length in search of the most valuable data. To detect such attacks, for which endpoint protection may not suffice, we recommend engaging a <a href=\"https:\/\/me-en.kaspersky.com\/enterprise-security\/managed-detection-and-response?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">managed detection response service<\/a> to monitor your infrastructure remotely.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\">\n","protected":false},"excerpt":{"rendered":"<p>In the face of high-profile ransomware attacks on healthcare institutions, here\u2019s how to protect your business from the threat.<\/p>\n","protected":false},"author":2581,"featured_media":18276,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916],"tags":[2040,1622,1183,433],"class_list":{"0":"post-18275","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-extortion","10":"tag-healthcare","11":"tag-leaks","12":"tag-ransomware"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/ransomware-vs-healthcare\/18275\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/ransomware-vs-healthcare\/22793\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ransomware-vs-healthcare\/24681\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/ransomware-vs-healthcare\/22670\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/ransomware-vs-healthcare\/21794\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/ransomware-vs-healthcare\/25163\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/ransomware-vs-healthcare\/24544\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ransomware-vs-healthcare\/30604\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/ransomware-vs-healthcare\/9588\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ransomware-vs-healthcare\/39635\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/ransomware-vs-healthcare\/16861\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/ransomware-vs-healthcare\/17412\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/ransomware-vs-healthcare\/14784\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/ransomware-vs-healthcare\/26594\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/ransomware-vs-healthcare\/30659\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/ransomware-vs-healthcare\/26984\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/ransomware-vs-healthcare\/23834\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ransomware-vs-healthcare\/29169\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ransomware-vs-healthcare\/28966\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/ransomware\/","name":"ransomware"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/18275","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=18275"}],"version-history":[{"count":0,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/18275\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/18276"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=18275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=18275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=18275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}