Our doctors and nurses stand on the front lines of the battle against COVID-19. They risk their own health to keep us well and to contain the spread of a virus we still know so little about. But the information they need to do their jobs effectively also makes them an easy target for malicious actors seeking to prey on them at a moment of considerable vulnerability.
Unfortunately, that has always been the case. The first documented ransomware attack happened in 1989 at the height of the HIV/AIDS crisis. A researcher named Joseph Popp sent 20,000 floppy drives to fellow AIDS researchers in 90 countries. Popp told them the disks contained a questionnaire to help better assess an individual’s risk of acquiring AIDS.
Instead, the disk delivered malware, later dubbed the “AIDS Trojan,” that remained dormant until the computer was turned on 90 times. Users subsequently saw a pop-up message that demanded payment of $189 and an additional $378 for a software release. Ransom demands have grown much higher in recent years, and the methods of attack are far more sophisticated.
Federal Authorities Warn of Imminent Threats
Back in July, SecureData documented several high-profile cyberattacks against healthcare facilities. Since that time, the list of affected facilities has grown significantly. A wave of ransomware attacks hit facilities across the country in September and October, including the University of Vermont Health Network, the Sky Lakes Medical Center in Oregon, and Universal Health Services.
Attackers targeted facilities big and small. Here are just a few other facilities that have suffered recent malware and ransomware incidents:
- UCare Minnesota: This nonprofit health plan reported an unauthorized incursion of company email accounts.
- Piedmont Cancer Institute in Atlanta: The institute notified more than 5,000 patients that their data had been accessed after an email phishing attack.
- University of Missouri Health Care: An email phishing attack led to the exposure of PHI for nearly 190,000 patients.
- Oaklawn Hospital in Michigan: Personal information and PHI for nearly 27,000 patients was exposed in a phishing attack.
In response to this wave of attacks, federal agencies including the FBI issued a joint warning of “an increased and imminent cybercrime threat” directed at healthcare providers. The threat included both ransomware attacks and data theft using malware known as Trickbot. Hackers have also increasingly engaged in a dual threat of ransoming access to encrypted files and then extorting additional payments to prevent data leaks.
New Technology Means PHI Is Even More Vulnerable
Cybercriminals know how critical PHI is to healthcare providers in caring for their patients. They also know how far administrators might be willing to go to avoid losing data permanently in a ransomware attack. As doctors rely more and more on new technology, digital devices and electronic data storage to treat their patients, the loss of access to that data could bring even the largest healthcare facility to a grinding halt.
Cybercriminals calculate that endangering the lives of patients will create sufficient panic that hospitals and clinics will gladly pay even the most exorbitant ransoms to maintain access to their data. COVID-19 has also put additional pressure on healthcare facilities. Administrators face a flood of malware that preys on anxieties about the virus and fears for the safety of loved ones.
A recent white paper by the Global Head of Cyber Futures at KPMG identified several current ransomware lures linked to COVID-19. They include:
- Information about vaccines, PPE and hoarded items like hand sanitizer
- Fraudulent offers of government assistance during the economic shutdown
- Free downloads of video and audio conferencing software
Limiting Healthcare Providers’ Exposure to Ransomware
Cybercriminals continue to exploit new and existing weaknesses in healthcare cybersecurity systems. These attacks put patients’ lives at risk. Administrators who submit to ransom demands might think that is the best option.
But some analysts say that ransom payments only ensure future attacks by giving cybercriminals greater incentive and facilitating investment in new and more sophisticated methods of attack. Any strategy for limiting vulnerability to ransomware must embrace multiple layers of protection.
That begins with educating individual employees on the most common ways that ransomware can infect computers and networks. Clear policies about verifying suspicious emails and links can help prevent malware and ransomware attacks before they begin.
How health workers handle PHI, particularly at a moment when such information needs to be portable, can also dramatically reduce the likelihood of a successful attack. Remote management of all portable storage devices, offline backups and software-independent offline file encryption can help create a comprehensive security solution for healthcare workers to know that their patients’ lives as well as their PHI will never be held hostage by cybercriminals.
SecureData aims to provide the most innovative data security and restoration solutions for the healthcare sector. Call us at 1-424-363-8535 to learn more about how we can help you protect your most sensitive data with our state-of-the-art cybersecurity solutions, including HIPAA-compliant data storage, offline backups, remotely managed hardware encrypted storage devices, and much more.