Software Integrity Blog


Hospitals under attack from ransomware

Are computer criminals drawn to hospital networks by the lure of valuable patient health data? Or is it perhaps because hospitals and healthcare providers appear to be the least secure kids on the internet these days?

On Monday, a healthcare facility based in Henderson, Kentucky said it was experiencing an “internal state of emergency” after an outbreak of ransomware. Unlike other malware, ransomware encrypts data on a number of systems, locking it until the victim pays a ransom. The BBC reported that two California hospitals—Chino Valley Medical Center and Desert Valley Hospital—had also experienced virus outbreaks this week. Neither Methodist Hospital nor Prime Healthcare Services, which operates the two California hospitals, provided comments prior to publication.

The hospitals are affected by Locky, a type of ransomware that first appeared around February 16, according to Naked Security. Locky, which gets its name because all the infected files end with “.locky”, spreads through unsolicited email messages. The ransomware poses as Microsoft Word file attachments containing invoices and other official documents. For the criminal hacker, prices to purchase the malware vary from BTC 0.5 to BTC 1.00 (a bitcoin is currently worth approximately $400/£280).

In a podcast on Security Ledger, Kevin Fu, a professor at The University of Michigan who has specialized in medical security, said hospitals are more likely to suffer from malware in general because their computer networks comprise a collection of systems, some old, and a lack of trained IT staff to support these structures. He said that hospitals lack the IT budgets to do what they need to do in computer security and likened what they have do have available to use as “dull tools.”

“From what I’m hearing, in the near term, most of these problems are breaking down open doors. You accidentally left open a port, somebody gets in from remote and doesn’t even realize it’s a hospital. Someone clicks on a link—classic social engineering—and you get ransomware,” Fu said.


More by this author