Since patient data is worth big money on dark net markets and hacking forums, hospitals have more to lose than other organizations regarding cyber attacks. According to a threat report by Solutionary’s Security Engineering Research Team in Q2 2016, 88% of all ransomware attacks were targeting hospitals. The security firm claims that 94% of the attacks in the healthcare system were linked to the same ransomware called CryptoWall.
The report says the reason why hospitals are vulnerable to these kinds of cyberattacks is because they use so many systems and devices that there are more entry and pivot points for hackers to exploit. Rob Kraus, director of research for Solutionary’s Security Engineering Research (SER) team, said in a statement:
“The most important steps in protecting your company’s and your customers’ data from the growing malicious ransomware onslaught are ensuring that you have a robust backup and recovery process, and that your security software is up-to-date and able to detect the most recent ransomware variants. As the threat continues to evolve, it will be crucial for organizations to have defined incident-response procedures and proper detective and preventive controls in place to reduce ransomware’s impact.”
Some of the most high-profile hospital data breaches in 2016 have been due to ransomware. In March, Hollywood Presbyterian Medical Center in California was locked out of its EHR for a week and providers were forced to use pen and paper until the decision was made to pay the $17,000 ransom to the hackers. In June, the same hacker sold a healthcare database with 655,000 records, and 2 days later another list with 9.3 million records on TheRealDeal market.