News Feature | September 16, 2016

Healthcare Continues To Be Top Cyber Attack Target

Christine Kern

By Christine Kern, contributing writer

Report finds 88 percent of ransomware attacks in Q2 2016 were on healthcare entities.

Almost 90 percent of ransomware attacks during the second quarter of 2016 were on healthcare entities, according to a report by cybersecurity vendor NTTSecurity, previously Solutionary. Trailing healthcare were education (6 percent) and finance (4 percent), with attacks on all other industries combined accounting for less than 2 percent.

“As healthcare and education sectors continue to be plagued with ransomware and often pay the demanded ransoms, the probability of more targeted attempts in these sectors will increase,” the report stated.

While the value of protected health information is one part of the explanation for these attacks, report authors suggest the industry has played a role in the increased attacks by paying ransoms. As an Everbridge infographic points out, hospitals are particularly vulnerable (and thus more likely to give into ransom demands quickly) because patient health is at immediate risk; cyber security has lagged behind in the rapid automation of hospital systems; and the high number of system users create literally thousands of potential entry points hackers can target.

Symantec Health Information Technology Officer David Finn agreed with the reason hackers are targeting healthcare, adding, “The impact of a ransomware infection could be devastating; therefore they are more likely to pay up. Additionally, because healthcare has lagged first in digitizing their business and then in protecting that digitized data, it tends to be an easier target. The value of healthcare data is much higher than say, just a credit card number. Healthcare tends to aggregate information about patients to make it easier to provide care and process claims.”

One case that made headlines was Hollywood Presbyterian Medical Center in California which, as Health IT Outcomes reported, decided to pay the ransom after being reduced to using paper records for more than a week after an attack.

According to the hospital, the attack was random leading them to give into ransom demands and pay the $17,000 to return to business. In a statement, CEO Allen Stefanek said, “The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”