Due mainly to the personal nature of data, combined with the critical dependency on patient information, it is no surprise that the healthcare industry is still a major target for ransomware attacks. Just last year a major Los Angeles based healthcare center, Hollywood Presbyterian, was forced to pay $17,000 in bitcoin to regain access to their files. And there have been more recent attacks that are troublesome.
Ransomware is a special kind of malicious software, or malware. Malware usually causes problems through software installations, pop-ups while surfing the internet, and otherwise draining system resources. Ransomware takes it a step further and encrypts the data of the computer drive as well as network and connected external drives. If the ransom isn’t paid, the data is deleted. Once the ransomware virus is on the computer, nothing short of a complete wipe and reinstall of the operating system will get rid of it.
Victims of ransomware are often left with a difficult choice of paying the ransom, which is usually in the form of a cryptocurrency like bitcoin, or losing all of their data. This can be mitigated by having cloud solutions for medical software, like GE Centricity Hosting.
Recent Ransomware Attacks
In June, Iowa based Waverly Health Center was the victim of a cyber-attack where the attacker demanded bitcoin, although the hospital system files were encrypted. Waverly Center was able to avoid having to pay the ransom.
In July of 2017, Caro Community Hospital was knocked offline and took two weeks to recover. Patient files, network services and phone systems were all affected. The hacker demanded about $120,000 in ransom, which the hospital did not pay and then suffered the consequences.
Finally, in May of 2017 in Pennsylvania, the Women’s Health Group discovered that 300,000 patient records were held under ransomware. It is not known if the ransom was paid to recover the files.
With ransomware attacks increasing, it is becoming more important than ever to partner with IT professionals like GE Centricity to ensure HIPAA compliance and network security. Training and endpoint protection will continue to be effective tools in combating the ransomware epidemic.