Ransomware: How Snail Mail and Low Demands Could Mean Big Losses for Healthcare

Written by: Francesco Trama | Published on: April 18th, 2016

About The Author

Francesco Trama
As Chief Executive Officer and Founder, Francesco is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

A healthcare employee opens an email that looks important and clicks on the link. He goes about his day, only to return to see a message on his screen telling him all files on the system are now locked. Even worse, if he doesn’t pay a ransom within 48 hours, those files will be deleted permanently.

That may not be such a big deal for a few personal files, but in a healthcare environment where patient records and other sensitive files are digitally stored in their thousands, this is a huge problem — and it’s a problem that’s on the rise. Just last week, two hospitals in the US experienced security breaches of this kind, and while a ransom was not paid in either case, there was significant disruption.

Ransomware. Just when you got a grip on viruses, spyware and malware, another ugly threat arises, and this time lives could be at risk. The problem with many healthcare systems is that they rely on legacy hardware and software, and are therefore at a greater risk of exposure. As with all digital threats, measures need to be taken to reduce vulnerabilities and prevent networks from being exposed to harmful and malicious attacks.

Why Low Demands Could Equal High Risk

Let’s say your organization gets hit with a ‘files locked’ message and a demand for a sum to release them or lose them forever. Your waiting rooms are full of patients, and you need to have access to those files now. IT is at a loss, and the clock is ticking. What do you do? If it means restoring normal service and causing the least disruption, this sum may seem like a small price to pay. So you pay it, and the files are released and normal service resumes. Then, the same thing happens a few hours later, only the price has risen from the last sum paid to release the files. The small problem suddenly becomes a crisis as you realize this problem isn’t going to go away.

Threats From an Unlikely Source

Most IT security policies focus on alerting users about the dangers of opening unsolicited emails or suspicious attachments. Most large organizations commonly use a range of email security tools to prevent spam and malicious emails from hitting user mailboxes, and this can work very well to reduce the threat of ransomware and ensure good housekeeping. However, attackers always seem to be one step ahead of the game, and they are now choosing an unlikely vulnerability to infiltrate systems with ransomware, namely snail mail.

Yes, you read that right, and it’s a simple but effective means of distributing malicious files. Let’s say, attackers, claiming to be a healthcare supplies company mail out 1,000 USB drives (containing malware) to 1,000 healthcare organizations. Their bogus, but very enticing, sales message states that the recipient of the USB drive can keep it if they send back an accompanying card with more information. The majority of people will keep the USB drive, and then use it and unwittingly infect their systems. The attackers are then good to go.

Next-Gen Geo-IP Threat Protection: The Ultimate Defense for Healthcare Organizations

There are many ways healthcare organizations are being exploited in the latest evolution of security threats, and the problem seems to be growing. Layered security solutions are essential to protect an organization from ransomware and other malicious attacks. One of those layers should be Geo-IP threat protection. Whether the threat is initiated as inbound or outbound traffic, Geo-IP software can provide the first line of defense against ransomware and should be incorporated into your firewall policy as a matter of urgency.

Have you been affected by ransomware? What measures are you taking to protect yourself?