Ransomware Threats Show Hospitals Aren't Prepared GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Internet & Security
Ransomware Threats Show Hospitals Aren't Prepared
More unnecessary strain
By Sascha Brodsky Sascha Brodsky Senior Tech Reporter Macalester College Columbia University Sascha Brodsky is a freelance journalist based in New York City. His writing has appeared in The Atlantic, the Guardian, the Los Angeles Times and many other publications. lifewire's editorial guidelines Published on November 3, 2020 01:00PM EST Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming Key Takeaways
Federal agencies last week revealed a ransomware threat against US hospitals.More than half of the medical institutions aren’t prepared to defend against cyberattacks, one expert said.The ransomware, called Ryuk, affected at least five US hospitals last week. Luis Diaz Devesa / Getty Images A recent ransomware threat against hospitals highlights the fact that many medical institutions aren’t prepared to handle cyberattacks. Last week, the FBI warned that hackers could be targeting the healthcare and public health sector with ransomware. Such an assault could shut down hospitals that are already under strain from the coronavirus. Health centers have not prepared sufficiently for such attacks, experts say. "We found that 66% of hospitals do not meet the minimum security requirements as outlined by the National Institute of Standards and Technology (NIST)," Caleb Barlow, CEO of CynergisTek, a cybersecurity firm focusing on healthcare, said in an email interview. "In the midst of a pandemic when travel, tourism, and education have been severely hampered, healthcare is open and a soft target for hackers. "A ransomware attack on a hospital or healthcare organization often involves a kinetic impact as patients are diverted. This potential impact on patient care increases the likelihood that organizations will pay the ransom." A Credible Threat
In a joint alert last week, the FBI and two federal agencies said they had credible information of "an increased and imminent cybercrime threat" to US hospitals and health care providers. The agencies said groups are targeting the healthcare sector with attacks aimed at "data theft and disruption of healthcare services." We found that 66% of hospitals do not meet the minimum security requirements as outlined by the NIST. The ransomware, called Ryuk, affected at least five US hospitals last week. Like most ransomware, this strain can distort computer files into meaningless data until the target pays whoever launched it. "Ryuk can be difficult to detect and contain as the initial infection usually happens via spam/phishing and can propagate and infect IoT/IoMT (internet of medical things) devices, as we’ve seen this year with radiology machines," Jeff Horne, CSO of cybersecurity firm Ordr, said in an email interview. "Once attackers are on an infected host, they can easily pull passwords out of memory and then laterally move throughout the network, infecting devices through compromised accounts and vulnerabilities." Under Siege From Ransomware
For more than a year, the US has been assaulted by ransomware attacks. An attack in September crippled 250 facilities of the hospital chain Universal Health Services. Employees were forced to use paper for records and lab work was impeded. "Hospitals have been attacked in this way previously, but with the pandemic plus everyone relying on digital applications more than ever, we’re seeing an increase in these attacks," Sushila Nair, CISO at IT consultancy NTT DATA Services, said in an email interview. Suebsiri Srithanyarat / EyeEm / Getty Images Healthcare organizations have underestimated the threat, experts say, and normal antivirus software isn’t enough to fend them off. "These ransomware attacks are run by sophisticated attackers and malicious developers operating more like a criminal company with customer service, online support, call centers, and payment processors," Horne said. "Just like a modern customer-focused business, they have people who respond to questions, assist with payment and decryption, and are very organized." This potential impact on patient care increases the likelihood that organizations will pay the ransom. Not all experts agree that hospitals aren’t prepared for cyberattacks, however. "Healthcare organizations move quickly to remediate flaws in their applications, in part because they deal with high volumes of sensitive information," Chris Wysopal, Chief Technology Officer and co-founder of cybersecurity firm Veracode, said in an email interview. "Another contributing factor may be that healthcare companies are using more than one type of application security scan, allowing them to find and fix more flaws than if they used just a single type of scan, such as static analysis alone." With coronavirus cases trending upwards, the last thing hospitals need now is for their computer systems to be crippled. Let’s hope they don’t have to go back to paper and pencil to record COVID-19 test results. Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire Why Incognito Mode May Not Be Private and What You Can Do About It The 6 Best Free Malware Removal Tools of 2022 5G: Here's Everything That's Changing PC Matic Review A Brief History of Malware The Best Antivirus Software of 2022 What Is a Cyber Attack and How to Prevent One What Is 'Whaling?' What Are the Security Threats In VoIP Why Hospitals Are Being Targeted By Ransomware Khang Vuong: Healthcare Advocate for the Middle Class Don’t Let This Rediscovered Computer Hack Scare You Why Credentials Are the Best Way to Stay Safe on the Internet Here's Why Malicious Malware Wants Your Smart Home Tech Why Quantum Computing Advances Raise Privacy Concerns Why Amazon’s Guard Plus Has Security Experts Concerned Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies