Almost 3,000 patient appointments and several operations were canceled at three hospitals after a cyber attack involving a variant of Globe 2 ransomware, confirming once again the importance of the ransomware threat to Healthcare and, consequently, the justified reluctance to moving to EHR entirely.
The hospitals impacted in this incident were part of the “Northern Lincolnshire and Goole NHS Foundation Trust” and were targeted on Sunday, the 30th of October. At the moment, there is an ongoing investigation, and there is no information on how the infection occurred. This attack contributes to a surge in ransomware attacks toward healthcare institutions especially in the US and the UK and is an excellent example to analyze, following the main characteristics of successful ransomware attacks:
Weekend is time off, and time off means pretty much nobody’s watching
First of all, it happened during the weekend, and it did that for a good reason: weekend attacks became more frequent as there is less personnel using computers at that time, which means that it takes longer to detect running ransomware. Obviously, as the time to identify increases, more and more files are being locked and the chance to spread increases. Moreover, many computers run over the weekend and still have cached connections and mapped drives available, providing viable avenues for ransomware to spread across the network. Thus, weekend ransomware attacks benefit of two important factors: more time available to do malicious stuff, and a better chance to spread.
Healthcare a frequent target
The healthcare industry is a top target for ransomware, and there are good reasons for this as well.
First, technology adoption in healthcare is mostly aimed at medical devices, rather than clerks’ computers or backend servers (particularly in trusts made up of smaller hospitals and in private practice). Thus, many hospitals still run machines with older operating systems and outdated protection software (if any at all), most of them being easy targets for all sorts of malware. Even unsophisticated ransomware can wreak havoc in such environments, so most of the attacks in Healthcare do not use ransomware as sophisticated as the one employed in attacks against large companies. There is simply no need to. Plus, nowadays there is ransomware-as-a-service available, so anyone with malicious intents can use it in cyber attacks, even if their coding skills do not qualify.
Secondly, IT training and security awareness are not one of the priorities either. Indeed, anybody can spot ransomware once its work is done, and the data is locked, but it takes a trained eye to spot it as it starts encrypting files, and an even better-trained person to know what to do in such cases. Most healthcare employees do not associate computer slowness with danger, nor can they evaluate resource consumption or identify unusual process behavior.
Last, but not least, Healthcare has an important characteristic that makes it a viable source of money: data is critical, and lack of its availability is life threatening. Also, data is needed fast and gets updated in real time. Hence, locking the data shuts down operations and increases the chances of attackers receiving payment.
EHR adoption is slow because security is still a major concern. And not a month goes by without having some ransomware incidents in healthcare, proving that security concerns for HER adoption are well founded. Before considering EHR adoption, healthcare must get ready for increased reliance on IT, and protection against ransomware is only a piece of it.
TEMASOFT develops advanced anti ransomware technology that detects and blocks most present and future ransomware and allows file recovery if successful attacks occur. This technology will soon be available.
For more information, follow us on social media and subscribe to our newsletter.