Ransomware and Health and Hospital attacks in 2016
A surprising fact came to light lately when a letter from Senator Barbara Boxer (D-CA) was sent in April 2016 to the FBI Director James Comey regarding recent ransomware attacks on various health care facilities across the USA. As a matter of fact, medical information is not the sort of data which can be used for profitable insider trading but it still can be appealing to hackers interested in social security numbers or Medicare provider credentials, not to mention the possibility of extorting ransom by locking the access of care providers to critical patient information.
MedStar Health in Washington DC is one of the victims of these attacks who had to turn away patients after loosing access to its record data base, following a cyberattack.
Alvarado Medical Center in San Diego California suffered a “malware disruption” which affected some of its systems.
The Hollywood Presbyterian Medical Center in Los Angeles, California was forced to pay about $17000 in ransom for regain access to the data which was locked as a result of a hacker attack and to restore the patient’s electronic medical files .
King’s Daughters’ Health hospital discovered an infected file on one of the personal computers and powered down its systems until their IT made sure that all the data bases are clean and the systems can be restarted. In the mean time, they used manual processes for recording necessary data.
Chino Valley Medical Center and Desert Valley Hospital discovered that they also had been hit by viruses but they managed to clean-up and restore their systems with minimum disruptions and without paying any ransom..
These are only partial examples of health organizations affected by Ransomware and cyber attacks. The reason for the increased attacks on these organizations is most likely due to the high vulnerability of their servers and security software systems. In addition, these organizations, as well as the medical device manufacturers , do not conduct regular or periodical risk assessments on their systems .
In order to efficiently deal with the rise of these attacks on health Organizations, there is a need of a significant change in the attitude and approach of the whole health industry. It is just about time for these organizations to treat seriously the IT related issues and invest seriously in maintaining and constantly testing and upgrading their systems.