Hancock Regional Hospital in Greenfield, Indiana, was hit hard with a ransomware attack in January 2018. To protect patients the hospital decided to pay the hackers, its CEO Steve Long is now educating others.
The Attack on Hancock Regional Hospital
Though prepared for such an attack, the hospital systems were targeted during a flu outbreak and a snowstorm. To protect patients, CEO Long decided to pay the attackers the cryptocurrency ransom equivalent to $55,000 USD.
The criminal group behind the attack had gained the login information of one of the hospital’s information system vendors. It enabled them to add malware to the hospital’s systems and encrypt patient and hospital data.
Within hours the hospital had shut down all its systems and called in cybersecurity company Pondurance and the FBI to assess the attack, its origins and limit the effects. Experts from Pondurance concluded there was no easy way to eradicate the threat or use a clean backup to restore systems.
In his free time, Long now teaches other healthcare groups and IT organizations in the U.S what he learned from the attack, and how they can prepare.
Healthcare Sector Has More Cyber and Ransomware Incidents Than Any Other Sector
Data from insurance giant Chubb indicates the healthcare sector is hit harder by cyber incidents and ransomware attacks than any other, costing on average $231,000 USD per incident. It also states that personal health information is 10 times more valuable on the black market than data stolen from other sectors.
Protecting Systems from Cyberthreats
The co-founder of Pondurance, Ron Pelletier, has a number of recommendations for healthcare organizations which he shared with CNBC in its coverage of the story.
Multifactor Authentication
Pelletier recommends multifactor authentication for hospitals, which could include both a password and a secondary method such as fingerprint scanning or the use of an application like Google Authenticator for randomly generated tokens.
Vulnerability Management
As well as antivirus tools, system managers should actively look for risks like open internet access and take appropriate measures.
Vendor Management
Vendors of software, systems and the like should have minimum access to customer systems and be properly vetted, including assessing if they operate a secure password system themselves.
AI Enabled Antivirus
Pondurance prefers to use next-generation artificial intelligence (AI) based antivirus programs to protect systems. Next generation products need fewer updates, can work offline, and utilize mathematical models to assess threats without the need for additional programming.
Logging System Activity
Large organizations can employ some level of logging to assess attacks and provide evidence when it comes to a forensic investigation of any type of criminal attack
Lessons for Other Organizations and Individuals
It’s not just healthcare organizations and hospitals that need to actively manage the security of their networks and be aware of cyber threats like ransomware. Data from Chubb indicated that 19% of professional services organizations, 14% of financial institutions and 6% of educators, real estate firms, and retailers have been affected by ransomware attacks.
Sadly, cryptocurrencies are now often featured in cyber-attacks as they provide a less trackable method of reward for hackers. Adding protection to any system at home or at work can prevent many types of attack including the newer threat of cryptocurrency mining malware.
Do you feel organizations are adequately aware of the risks hacks and hackers pose? Will you be increasing the security of your own computer systems in 2018?
Images Courtesy of CNBC, Chubb, Shutterstock
