Checking mistakes
Short essay 3: The Internet is a Dangerous Place
The Wave of Ransomware Attacks
Introduction
Ransomware is fetal software that encrypts or removes access to computer files until a ransom payment is made. Ransomware has been around since 1989, but has multiplied over the past few years due to it’s widespread success (Protects). Countries around the world, including the U.S., have experienced this type of unconventional cyber attack. A new trend in ransomware attacks have transformed into targeting hospitals. About 60% of hospitals in the U.S. were targeted by ransomware attacks from 2015-2016 and the costs of these rasomware attacks are growing exponentially (Radke). Ransomware strategically locks the computer system to prevent healthcare facilities from accessing data until ransom is paid, usually in Bitcoin. It is essential for hospitals across the U.S. to reevaluate their cyber security strategies to protect themselves from ransomware attacks.
How Ransomware Operates
Malware is extremely powerful and calculated software. A user does not have to be present at the time of infection as computers can become infected without being touched. The only thing a hacker needs to infect a computer is for the computer to be on and on the network (Chapell). It is simple for a hacker to use an encryption vector specifically against health care facilities and shut down their operations (Fox-Brewster). The infection of a computer happens in one of two ways: by clicking on a link or attachment in an email or by an exploit kit released by a compromised website. Hackers use encryption and other techniques to get their software to slip past antivirus security undetected. A hacker could have access to a network for months or even years without the users knowledge and could deploy ransomware at any time (Radke). Ransomware is different from other viruses because it alerts users of it presence as part of it routine (Protects). Ransomware encrypts nearly all types of files on hard drives and their shared networks, including MS Office files, PDFs, documents, pictures and videos (Radke). Once the encryption stage is complete, a lock screen is displayed informing the user that they have a limited time period to pay a ransom, usually in the form of Bitcoin. To restore access the user must pay the ransom in exchange for a decryption key. If the ransom isn’t paid by the deadline, the price will go up for the files or the files will be destroyed. Infection of a single computer can compromise the entire network (Fox-Brewster). Digital extortion leaves organizations with two options, decide if they can live without the encrypted data or pay the ransom.
The Beginning of Widespread Ransomware Attacks
Widespread Ransomware attacks began when the National Security Agency’s (NSA) cyber weapon WannaCry ransomware, a powerful hacking tool, was stolen from the NSA in 2016. A linked team of hackers known as the Shadow Brokers stole the Windows hacking tool. The hacking tool infected users of Windows Systems, which included many hospitals around the world including the U.S. (Fox-Brewster). This tool created by the NSA has created unexpected damage and done more harm than good. Analysis of ransomware discovered that multiple techniques are used to spread the virus. One of the techniques was addressed by a security update previously provided for all platforms of Windows XP to Windows 10. The Shadow Brokers figured out a way to take advantage of the vulnerability in the Windows operating system, which is how the WannaCry ransomware attack was able to spread. After the attack, Microsoft advised users to use caution when opening files in emails from unknown sources, which is how malware is usually spread (Glaser). WannaCry has proved that there is vulnerable infrastructure capable of being hacked if systems aren’t safeguarded.
U.S. Hospitals Affected by Ransomware
Hospitals hold sensitive customer data that needs to be protected to ensure effective service and consumer privacy, making them ideal targets for hackers. If healthcare providers lose control of patient information, they may be unable to deliver treatment when needed. There are also strict legal requirements governing the protection of patient data. Both cases make hospitals subject to lawsuits that could cost far more than what they would have to pay in ransom (Yates). In February of 2016, Hollywood Presbyterian Medical Center, located in Southern California was hit with a ransomware attack. The hackers demanded ransom for $17,000, which was one of the largest ransoms ever paid as result of a ransomware attack (Protects). Hollywood Presbyterian experienced over a week of downtime and disruption to their services due to the attack. The attack affected all areas critical for keeping the hospital up and running. Hollywood Presbyterian suffered estimated losses of over $100,000 per day from disruption to CT scans alone (Protects). Similarly in May of 2016, Kansas Heart Hospital, in Wichita, KS, became infected with ransomware and lost access to their files. The hospital paid the ransom but received access to only some of its files. The attacker then demanded more money before allowing the hospital to access more of its files. Kansas Heart Hospital declined to pay any more in ransom (Radke). Hospitals have critical information and money to pay, making them easy targets.
Ransomware’s Impact on Hospitals
Administrative PC’s aren’t the only computers hacked during a ransomware attack on hospitals, medical devices themselves are affected to. When a hospitals network is compromised, it has the potential to affect other Windows based devices connected to that network. The impacts ransomware attacks have on hospitals are detrimental to a hospital’s performances and patient lives. These attacks can cause medical device outages, which will lead to a delay in patient care, trigger more clinical mistakes, and lead to an increase in resource needs (Fox-Brewster). Many of the bigger machines in hospitals such as x-ray, CAT Scan, and MRI machines run the Windows operating system. Hackers preventing these machines from being used and encrypting their information aren’t just canceling operations and turning patients away, they have the potential to negatively affect life and death situations. Ransomware locks medical staff out of patient’s records until ransom money is paid up, and even then it is not guaranteed that all the files will be unlocked. It is difficult for doctors and nurses to treat patients without their digital records or prescription dosages. The loss of patient records can result in critical services being halted and communication being suspended. Software affected by ransomware attacks could potentially cause millions of peoples data to be exposed (Protects). It is vital for hospitals to work with their IT security teams to improve security software so they wont have to pay the price of ransomware attacks.
Ransomware and it’s Cost to U.S. Hospitals
Due to success several high profile attacks have had on hospitals, criminals are increasingly targeting healthcare providers. Digital extortion is becoming more popular because Ransomware cuts out the digital middlemen. Rather than collecting credit card details that will need to be sold on the dark web for lesser money, ransomware demands money directly from healthcare providers for higher prices (Yates). In order to calculate the true cost of ransomware, the cost of downtime due to an attack has to be taken into account. Some ransomware attacks have left entire hospitals shutdown for days, outweighing the cost of the ransom itself. Unplanned downtime at hospitals costs on average, $7,900 a minute per incident and it takes physicians double time to perform administrator tasks manually when their systems are down (Protects). Hospitals are prime targets because they need up-to-date information from patient records and often would rather pay a ransom than risk delayed patient care that could result in lawsuits (Radke). In order for hospitals to avoid a ransomware attack, they need to make frequent backups, get good antivirus protection, and train their employees on security awareness.
Preventing Ransomware Attacks
Cyber security firms and IT professionals are scrambling to find ways to prevent future ransomware attacks on major companies, organizations and hospitals globally. Hackers are constantly developing different types of ransomware variants that avoid detection by staying a step ahead of traditional security software. In 2015, there were 362,000 new crypto-ransomware variants spotted. That is an average of almost one thousand new variants everyday, making it incredibly difficult for antivirus to keep up with changing ransomware tactics (Protects). Ninety three percent of phishing emails are delivering ransomware because they attack a mass market, are low cost, and fully automated (Protects). Unless hospitals have taken preventative measures and invested in effective backup strategies, their options are going to be extremely limited (Zetter). Each variation of ransomware works differently, and hospitals must be able to respond to new threats as rapidly and effectively as possible by having technologies in place to recognize already-used variations (Radke). FBI recommends that organizations not pay ransoms, because attackers will not always give you the key to decrypt your files. Also, paying the ransom simply leads to more ransomware attacks (Radke). The best way for hospitals to prevent ransom ware attacks is by restricting permissions to areas of the network. Instead of having thousands of people accessing files on a single server, they need to break the network into smaller groups. This way, if a server gets infected, it won’t spread ransomware to everyone on the network. This forces attackers to work harder to locate and lock down more servers (Zetter). If hospitals are able to turn their network into a hard target to hack, these ransomware attackers will have to work harder to hack their system.
Works Cited
Chappell, Bill, and Maggie Penman. “Ransomware Attacks Ravage Computer Networks In Dozens Of Countries.” NPR, NPR, 12 May 2017, www.npr.org/sections/thetwo-way/2017/05/12/528119808/large-cyber-attack-hits-englands-nhs-hospital-system-ransoms-demanded.
Fox-Brewster, Thomas. “Medical Devices Hit By Ransomware For The First Time In US Hospitals.” Forbes, Forbes Magazine, 18 May 2017, www.forbes.com/sites/thomasbrewster/2017/05/17/wannacry-ransomware-hit-real-medical-devices/#241febfb425c.
Glaser, April. “U.S. Hospitals Have Been Hit by the Global Ransomware Attack.” Recode, Recode, 27 June 2017, www.recode.net/2017/6/27/15881666/global-eu-cyber-attack-us-hackers-nsa-hospitals.
Protects, Inc Barkly. “Ransomware ProtectionA Guide to Ransomware for Hospitals and Healthcare Providers.” Ransomware for Hospitals and Healthcare Providers: A Guide | Barkly, www.barkly.com/hospital-ransomware-healthcare.
Radke, Bruce A., et al. “Ransomware Rises Among Hospitals.” VedderPrice, Vader Thinking | Articles, July 2016, www.vedderprice.com/ransomware-rises-among-hospitals.
Yates, Mark. “The Cost of Ransomware.” AVG, 9 May 2016, www.avg.com/en/signal/the-cost-of-ransomware.
Zetter, Kim. “Why Hospitals Are the Perfect Targets for Ransomware.” Wired, Conde Nast, 3 June 2017, www.wired.com/2016/03/ransomware-why-hospitals-are-the-perfect-targets/.