How Ransomware is Attacking Healthcare

Posted on by Nick Campbell | Updated:
Home > Blog > Solutions > How Ransomware is Attacking Healthcare

Covid-19 has shown both the best and worst sides of humanity. On the one hand, you have those tirelessly working to defeat the disease and stop its spread. On the other hand, you have the profiteers, charging outrageous prices and cashing in.

Unfortunately, ransomware attackers are falling very firmly into the latter category. Despite assurances by some hackers that medical targets were off-limits, there have been several attacks against hospitals.

While some hackers are being true to their word (if there is such a thing as hacking with integrity), many bad actors have seen the dollar signs and are looking to cash in.

In this post, we'll look at how ransomware is affecting Healthcare, and also look at ways you can watch and be prepared for these attacks.

Ransomware Attacks

Despite the disputes within the community, some hackers are upscaling their attacks on hospitals to extort even more money. The current format is simple. 

Bad actors hack the hospital’s servers and then steal confidential patient information. From there, they encrypt the files so that the hospital can’t access them. 

If that was the worst of it, it would be bad enough. However, in an effort to get even more money, bad actors now threaten to publish the information on the dark web.

If the ransom isn’t paid, they’ll typically post some of the information and then send links to the affected parties.

Hospitals face a dual-threat – loss of access to information, and the leak of breaches that expose them to lawsuits and penalties in terms of privacy laws.

The plan is actually deviously clever on the part of the bad actors. By only publishing some of the details at a time, they can prove that they have the information. If they published everything all at once, there wouldn’t be much incentive for hospitals to pay the ransom because the damage had been done.

But all hope is not lost. If you can understand the ways they access your information, you will know how to best defend against intrusion.

How Are They Gaining Access?

Here again, the bad actors are using the crisis to their advantage. While there are several ways to infect a computer, the most common methods used here are phishing and social engineering.

Phishing Attacks to Watch Out For

By now you’ve probably been warned to watch out for random emails coming from the World Health Organization, or health or government officials in your country. These emails will typically ask you to register to receive more information.

This information might be about the disease, finding out where community testing will take place, or more information about financial aid programs. When you click through to the link, everything will look legitimate.

What you don’t realize is that one of two things will happen. 

Either you’ll be asked to download a file containing the “application form” or malware on the site will infect your computer."

Now, granted, a healthcare worker is unlikely to fall for some of those ploys. That’s no problem for the phishers, they just shift their focus.

The next approach requires some research, but the potential rewards are worth the effort. Bad actors will impersonate someone senior at the hospital. Perhaps they’ll send through a duty schedule or application for a PPE protection.

The point is, they’ll send through a request that won’t raise suspicions. They’ll even go so far as sending their request on what looks like official stationery and what looks like the right address.

Look closely, and you’ll notice that one or two characters are different. If you’re a nurse coming off a long shift, how closely would you look, though?

If the wrong employee downloads the document or clicks on the wrong link while at a work computer, the hacker gains access.

Social Engineering Attacks to Watch Out For

Logically, most of us understand that social media is not the best place to access information, but it is still a viable option for hackers to try.

Be on guard on social media and watch for the following signals: 

  1. Strangers might try and friend you on the site. They’ll then strike up a conversation and try to get information from you. 
  2. Alternatively, they might lurk in social media groups looking for the right victim.

The goal is invariably the same. They might use you to collect the information that they need. They look for private details about your life to “get to know you better.” What you don’t realize is that this is often an exercise to find the answers to security questions or clues to what your password might be.

Alternatively, they’ll ask an employee to do something that breaks the rules. Another route that they might take is to find compromising photos and threaten to publish them.

With social media, it’s best to use the top privacy settings and not accept friend requests from anyone that you don’t know.

Take Security Precautions

Healthcare providers must take extra measures to secure their databases and systems. They’ll also need their staff to be more alert to the potential dangers out there.

But with the right training, knowledge, and awareness, healthcare professionals can keep protected from the threats of phishing and social engineering attacks.

Find Out How This Specialist Pharmacy was Able to Go to Market with Life-Saving Medication 3 Weeks More Quickly Using HIPAA Compliant Hosting and VMware Private Cloud. Download the Case Study Now.
Avatar for Nick Campbell
About the Author

Nick Campbell

Nick is the Senior Director of Security & Compliance at Liquid Web. He has over 20 years of experience in Technology and brings a wealth of knowledge and a strong understanding of data security to help safeguard our customers' environments.

View All Posts By Nick Campbell