por
John R. Fischer, Senior Reporter | February 13, 2023
The server has been infected with ransomware -- now what?
Working with international partners, the FBI made headlines in January when it seized control of servers that had been taken hostage by the Hive ransomware group, which has extorted over $100 million from over 1,500 victims worldwide, including hospitals. The agency retrieved decryption keys and gave them to victims so they could unencrypt their systems and data, circumventing hundreds of millions of dollars in ransoms.
Cybersecurity firm Sophos found that 34% of ransomware attacks in 2020 targeted healthcare providers, and in 2021
that percentage jumped to 66%. According to its report,
The State of Ransomware in Healthcare 2022, it takes an average of one week and $1.85 million for hospitals and health systems to recover.
Care providers are popular targets due to the amount of sensitive information they hold, which can be sold on the dark web and used for identity theft. They also commonly lack the software infrastructure and personnel training needed to combat these attacks or address them.
Allie Roblee, intelligence analyst for cybersecurity firm Resilience, told HCB News that one major issue that makes it hard for providers to prevent or combat attacks is the complexity of handling patient data and lack of a game plan and interoperability among different departments for addressing these instances.
“Because so much hospital data is regulated, even a minor incident can often have severe legal and fiscal impacts,” said Roblee. “This is why a cyber resilience approach to managing digital risk is critical. Hospitals must not only consider protecting data but also how to deal with successful attacks,” she said.
To pay or not to pay
A multimillion-dollar ransomware crisis may start with one employee opening a malicious email attachment, website, or text message. A bad actor can send out thousands of emails with a single click and only one recipient needs to take the bait for the operation to succeed. These phishing tactics are nothing new, but the amount of chaos they can cause has increased dramatically as everything goes digital and malware becomes more sophisticated.
What happens next depends on a range of factors, and experts agree there is no right or wrong answer. What kind of data has been compromised? Do you have access to backup copies? How much money are the hackers asking for? To what extent is the breach compromising patient care?
According to Sophos' survey, although providers paid most often of any type of healthcare industry organization (61% of the time), only 2% got back sensitive data with lifesaving value. “It’s easy to say that you shouldn’t pay up — there is no guarantee that you will get your data back and it also incentivizes future attacks. I don’t think you’ll find anyone that will recommend paying,” Chad Waters, senior cybersecurity engineer for device evaluation at ECRI, told HCB News. “But as a very last resort if your disaster recovery fails, some tough decisions may be made.”