Health Care Cybersecurity Issues

Ransomware Attacks on Hospitals

Cybersecurity threats have become widespread in recent years, impacting several hospitals and healthcare systems in high-income countries, including the United States and lower-middle-income nations globally. Ransomware is one of the most common cybersecurity threats to hospitals and healthcare systems. Ransomware is malware (malicious software) used by cyber attackers. It affects computers, rendering the computer or user’s files unusable until a ransom payment is made (Keshavarzi & Ghaffary, 2020). Whereas ransomware is just one form of malware impacting healthcare systems, a study by the US Department of Justice in 2016established that approximately 4000 ransomware assaults happened in various sectors, representing a 300% upsurge from 2015. The healthcare sector was in the top three of the most impacted fields by ransomware attacks globally (Pope, 2016). This presents a mounting worry as hospitals globally are progressively turning to hospital information systems for medical, administrative, and financial functions. The application of cloud storage services connected to medical devices and network systems is also rising in the healthcare sector (Argaw, Bempong, Eshaya-Chauvin, & Flahault, 2019). Understanding the effects of ransomware attacks on the hospital systems and the drivers behind their success are critical for hospitals’ cybersecurity teams to install better mechanisms to counter ransomware.

The healthcare sector is a prime victim of ransomware attacks. There were about 172 ransomware attacks on the United States healthcare systems between 2016 and 2020, costing the country over $157 million, affecting more than 1446 clinics, hospitals, and organizations (Al Qartah, 2020). The hospital systems are susceptible to malware attacks since working within the healthcare environment makes them particularly sensitive to any distraction. A halt in the hospital operation system can have a devastating impact on patient safety. The broad attack surface is the primary driver behind the success of many cyberattacks on the healthcare systems as it makes it easier for cybercriminals to establish a vulnerability and monetize its exploits. (Argaw, Bempong, Eshaya-Chauvin, & Flahault, 2019). For instance, a ransomware attack on the Los Angeles ‘ Hollywood Presbyterian Medical Center in February 2016 disrupted the hospital’s computer networks for more than ten days, significantly impacting the emergency room systems for the hospital to transfer some of its patients to other hospitals. The attack disabled computer systems’ different functions, including CT scans, X-rays, email services, laboratory operations, documentation, and pharmaceutical services. The hospital was forced to part with 40 Bitcoins, about $17,000, to get the decryption key (Sipior, Bierstaker, Borchardt, & Ward, 2018).

November 17^th, 2019, another hospital, Virtual Care Provider Incorporated (VCPI) of Milwaukee, experienced ransomware, preventing over a hundred hospital’s care facilities from gaining access to critical patient medical data. The attackers demanded a ransom amount of $14 million in exchange for unlocking the data, though the company declined to pay the amount (Chinthapalli, 2017). Study shows that VCPI was attacked by ransomware, Ryuk, affection vital operating functions of the organization, including patient medical records, electronic billing, internet, payroll systems, and telephone and email systems. Based on the letter to clients by VCPI management, the IT team quickly focused on incident response and recovery, invoking the documented Incident Response and Management Process.

On the second day of the attack, November 18^th, VCPI built a new network and started restoring vital enterprise applications, including Domain Name Systems, Active Directory, and vCenter servers. VCPI’s cybersecurity team corrected all the affected servers in a non-production setting to ascertain that they do not have any virus or security risks. Three core domains were restored on the second day, and their password was reset according to the letter sent to clients. Between days two and three, the cybersecurity team restored all the client applications, including financial application, Citrix, and Client HER, alongside hosted Microsoft Exchange email (VCPI, 2019). Luckily, VCPI has several mitigating mechanisms that prevent the ransomware threat from crippling the company’s entire operations. First, the cybersecurity team promptly detected suspicious activity in the system, causing the management to order for immediate network shutdown. VCPI also offsite data backups isolated from the organization’s central infrastructure (Al Qartah, 2020). Mitigation and response mechanism is critical to cybersecurity threats is vital for any organization, not just hospitals, as it helps to minimize the probability of occurrence and impact of threats.

These cyber-attacks increase risks to patients’ safety because the healthcare provider loses access to computerized patient records, including existing prescriptions, comorbidities, or allergies (Williams, & Woodward, 2015). Besides the impacts on health care delivery, cyberattacks also disclose patients and hospitals’ sensitive information, which can adversely impact an individual’s professional and social life, even exposing the patient to social risks of stigma and blackmailing. Furthermore, cybercriminals use the patient information to commit various crimes, including medical fraud and identity theft with the patient’s identifiable information (Khan, & Hoque, 2016). As for healthcare organizations,’ the financial consequences of ransomware threats are significant, including direct costs such as patient compensations and regulation penalties, and other long-term impacts that come with damage to the organization’s reputation. Interrupted health care delivery can impact the entire hospital network systems, spreading into nursing homes and care, pharmacy, ambulance, and health insurance operations (Silver, Binder, Zubcevik, & Zafonte, 2016), and cause deaths of patients if a response and mitigation mechanism is not in place promptly.

Mitigating any cyber threat, particularly ransomware attacks, is a multifaceted socio-technical challenge. Thus, the mitigating approach is similar to other health information technology (HIT) associated problems. Several methods have been proposed and tested to guard against ransomware, including backup and recovery plans, incident response plans, deception technologies, threat intelligence sharing, and network segmentation. Having adequate data backup and protection plans is essential to ensure the hospital data is recoverable following an attack and ransomware encryption. Healthcare organizations must have several copies of critical data in multiple locations for retrieval in case of attacks. A three-two-one backup strategy is the most preferred and recommends that an organization store three copies of essential data in three different locations in different forms of media for geographic diversity, redundancy, and resiliency (Spence, Niharika Bhardwaj, & Paul 2018).

Healthcare organizations should also have an incident response plan procedure to reduce the impact of ransomware breaks. The ransomware attacks should be tackled within the response policy because mitigation may differ depending on the type of incident. The response plan must detect and analyze the event, respond and recover from the incident, and improve the organization’s capacity to tackle future incidences (Argaw, Troncoso-Pastoriza, Lacey, Florin, Calcavecchia, Anderson, & Flahault, 2020). Deception strategy is another method healthcare organizations can use to guard against ransomware. Because ransomware mostly modifies or encrypt files, the IT team can deploy early warning mechanisms by positioning fake files in various points of the internal systems and continuously checking for the integrity of the files (Gómez-Hernández, Álvarez-González, & García-Teodoro, 2018). These are just a few strategies, but several options exist that hospitals can exploit to guard against ransomware.

This study has explored ransomware attacks on the hospital systems and the drivers behind their success, and mechanisms to counter ransomware. The hospital systems are prime victims of malware attacks since work within the healthcare environment makes them particularly sensitive to any distraction. The hospital’s broader attacks surfaces make it easier for cybercriminals to establish a vulnerability and monetize its exploits. However, ransomware attacks have a devastating impact on the patient’s safety, including potential deaths and injuries and disclosure of sensitive information, and are costly on the side of the hospitals. Several mitigation mechanisms have been proposed and tested, including a backup plan and incident response plan, among other strategies that can guard hospitals against ransomware.

References

Al Qartah, A. (2020). Evolving Ransomware Attacks on Healthcare Providers (Doctoral dissertation, Utica College).