The New Front in Hospitals’ Battle Against COVID-19: Ransomware
In 2016, hackers attacked Hollywood Presbyterian Medical Center in Los Angeles. While systems critical to patient care weren’t affected, for two weeks, employees were locked out of email and other forms of electronic communications.
Ultimately, hospital administrators decided that the most cost-effective way to regain control was to pay the $17,000 ransom. Last year, a similar but more devastating attack hit three Alabama hospitals, forcing them to turn away all but the most critical patients. They, too, paid an undisclosed ransom, but were hardly the only victims of targeted ransomware attacks.
Recent news stories celebrating a drop in ransomware cases last year on the heels of 2018’s record may cause some to wonder whether ransomware is on its way out. But as we noted in the 2020 SonicWall Cyber Threat Report, ransomware isn’t going away, it’s just getting more efficient. “Spray and pray,” the report concluded, is over—but for big-game hunting, the season is just beginning.
Today, ransomware operators have one guiding principle: The bigger the potential disruption caused by an attack, the bigger the chance of a payday. According to the report, 2019 saw widespread attacks of K-12 schools, public utilities, and state and local governments. 2020 looks to be more of the same, with one crucial difference: Amid a global pandemic, already wildly disruptive in and of itself, many attackers who once targeted a wide swath of businesses and organizations that kept our lives running are now targeting the businesses and organizations that keep us alive.
Data presented in the 2020 SonicWall Cyber Threat Report suggests that in 2019, many medical companies had security insufficient for threats they faced then. Out of the year’s top 40 data exposures, roughly 18% were organizations in the medical/healthcare industry; these incidents resulted in compromised data for 42 million people.
But now, as future healthcare workers are being offered early graduation and retired ones are being called back into the field — as ailing patients are being doubled up on ventilators and facilities begin to reach, and then surpass, capacity — the more predatory hackers are seeing an opportunity to turn a nation’s suffering into some of the easiest money they’ll ever make. “You can keep the money you’ll need to ensure care later,” their bargain implies, “or lose access to the data that’s allowing you to offer care now.”
Either way, healthcare providers lose.
In 2019, SonicWall Capture Labs researchers uncovered 187.9 million ransomware attacks globally. If that number doesn’t rise — which seems increasingly unlikely — and just 20% more of those cyberattacks targeted the healthcare industry, the results would be devastating.
“In a modern, citizen-centric environment, successful ransomware attacks are highly disruptive,” SonicWall President and CEO Bill Conner wrote for Forbes. “Networks from city hall, law enforcement agencies, sanitation, courthouses, or the DMV could be compromised in minutes and everyday operations held for ransom, often at exorbitant costs.”
Like the virus itself, this situation has arrived in some places far sooner than expected. Medical labs, doctors’ offices, and hospitals are already seeing an increase in attacks, with one group even targeting a lab that was actively working on a COVID-19 vaccine.
As increasingly desperate hospitals quickly and reliably pay ransomware demands to ensure minimal disruption during a situation in which there’s no room for error, hackers are becoming more audacious in their demands — according to Bloomberg News, there has been not only an increase in the quantity of attacks on healthcare organizations, but also the amount of ransom requested.
The old adage about planting trees could just as easily apply to cybersecurity: The best time to develop a crisis continuity plan and put appropriate security measures into place was 20 years ago. The second-best time is right now.
While it’s of utmost importance to ensure the doctors, nurses and staffers currently risking their lives to save others have access to enough ventilators, beds and hospital gear to adequately care for their patients, it is equally important that doctors have access to the patient data — such as health conditions, current medications, and allergies — that guides care and ultimately helps save lives.
Prepare for What’s Next
Download the complete 2020 SonicWall Cyber Threat Report for critical threat intelligence to better understand how cybercriminals think — and be fully prepared for what they’ll do next.