Data Privacy and Security

How to mitigate the threat of hospital ransomware set to hit the UK

This is a contributed piece from Stacy Leidwinger, VP of Product at RES

Ransomware is one of the growing threats to the healthcare sector. In the last 12 months, there’s been a number of hospitals that have had critical data locked out of their systems. And at the end of March, the MedStar group of hospitals saw just how devastating one of these attacks could be.

Worryingly, once it happens there seems little hospitals can do. Shortly after the attack on the Hollywood Presbyterian Medical centre, the FBI admitted that, the best way to deal with these attacks was to simply pay the ransom and regain control of their data as quickly as possible – now seen as a catalyst for further criminals to chance their arm. Combined with the fact that in 2015, the healthcare industry was attacked more than any other sector, this constituted a major change in tact.


Is the UK under threat?

While most attacks have happened in the US, a recent survey by Sophos into the NHS uncovered that only 10% the organisation had a “well established” approach to encryption. It’s a scary thought for such a large institution that is responsible for the wellbeing of millions, particularly when there have been attacks on other public sector organisations - Lincolnshire County Council for example. It is worth remembering that ransomware originated in Europe, before its extended attack against the US healthcare industry came to light over the last few years. In this time, it has evolved and become far more efficient; new trends such as ransomware-for-hire and even chat clients to communicate with the attackers are now being seen on a far more regular basis.


The true value of healthcare data

In 2014, the NHS suffered around 2,000 data breaches – a figure set to rise. There is a very good reason that the healthcare sector is seeing the steepest rise in data-related attacks such as ransomware – the value of the data that is being targeted. Rather than the pure monetary value which is the driving force behind many data breaches in other sectors, healthcare data holds within it a life or death value. Unless hospitals have a stringent back-up policy, there is little option other than paying the ransom so that clinicians and other medical professionals can continue to provide critical medical care.

I spoke to a nurse on a recent flight about the Hollywood Presbyterian attack, and she confirmed how severe a ransomware attack can be for a medical organisation. If a hospital, for example, were to be attacked, then lives could well be lost in critical departments such as emergency or the ICU. If clinicians cannot access the data due to being locked out from it, then they are completely unable to administer further medication or operate. No wonder that attackers are confident in their demands being met for data access to be restored.


Weighing up the cost

A distinguishing feature of healthcare ransoms is that the monetary value of the ransom is usually lower than those for financial data. The Hollywood Presbyterian attack mentioned earlier was settled for $17,000 dollars – much lower than is often associated with a data loss. This is merely the tip of the iceberg when it comes to the true cost of being locked out of medical data. Settling lawsuits with affected patients, the upcoming GDPR data-loss fines, legal fees and security upgrades mean that the cost can end up multiplying to far more than the ransom itself. For healthcare, the cost can be more devastating than even these significant financial implications. From unwanted media attention (remember that Hollywood Presbyterian was front page news the world over) to a terminal decline in the affected hospital’s reputation and worse – the loss of lives. To avoid such instances, healthcare professionals need to be aware of the impact this could have on them, and seek to best protect themselves against this scenario coming true.


Defending the threat

Due to the ever-evolving nature of ransomware attacks, the issue can never be stopped entirely. However, there are a number of steps that a healthcare organisation can take to make sure they are protected to the bet of their abilities. Here is a quick guide to the five key areas of security that healthcare organisations should focus on to better combat ransomware:

Staff education: Ransomware usually takes hold of a network through phishing or adware, so ensuring that staff are aware of the warning signs and know what to avoid or flag can stop many attacks before they have begun.

Proven technology: Technology can provide organisations with a further layer of protection. Strategies such as only allowing users access to the information on the network they need (permission-based access), only allowing accepted programmes to work in the network (whitelisting) and not allowing programmes to execute changes even if they make it through the whitelisting process (read-only blanketing) provide several stumbling blocks for ransomware programmes to navigate.

Vigilance: Information security can never be ticked off a list. Organisations such as hospitals should always assume they are being infiltrated, and therefore should carry out penetration tests regularly. Ethical hackers can prove invaluable in highlighting where weaknesses lie.

Back-up: In healthcare, built-in redundancies and back up can literally make the difference between life and death. Remember, the hackers are not obligated to hand back the unencrypted data once they have been paid, so ensuring that a backup is in place can be the difference between having to shut down or not.

Cyber-Insurance: Insurance regarding data is something that every organisation should have – not just those working in the medical field. The costs of an attack were previously mentioned, so ensuring that this amount won’t permanently close doors should be of paramount importance.


Time to take action

The UK healthcare sector must take a proactive stance against the potential threat that ransomware poses. It is important to highlight how severe these attacks can be, but they are not a new phenomenon; they are merely evolving. Yet by understanding the significance of these attacks, and why healthcare is particularly vulnerable to ransomware, organisations across the UK should draw the battle lines now. By educating staff, ensuring IT systems are backed up and that they have the right technologies in place, the UK healthcare sector can go a long way to minimising the threat of ransomware before they find themselves afflicted on a large-scale.


« The GOP internet conspiracy


Microsoft-LinkedIn: A curious combination »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Amazon Cloud looms over China: Bezos enters Alibaba home ground

Lewis Page gets down to business across global tech


Do you think your smartphone is making you a workaholic?