A non-profit healthcare group has warned that U.S. hospitals should brace for a surge in ransomware attacks by malicious criminals, a trend that has already shown to be true in recent times.
Following a study and survey of some 30 mid-sized U.S. hospitals, the Health Information Trust Alliance has revealed that over half of them were infected by malicious software. The study showed that 52 percent of them were infected by malware, CEO of the HITRUST Alliance Daniel Nutkis revealed to news service Reuters.
Nutkis added that the most common type of malware was ransomware. The strain of malware was discovered in 35 percent of attacks targeting hospitals.
HITRUST also notes that it expects such attacks to increase in the future because of the tied-in profitability that ransomware guarantees for cyber criminals.
The results of the hospital-centric ransomware study will be made public soon. Nutkis points to the data which demonstrates that malicious hackers have moved away from breaching servers with patient data to deploying ransomware.
Stealing data by breaching servers involves far more planning and work. It could also require the attacks to stay dormant in the network, undetected for months at a time. Beyond stealing the data, the attackers would then need to find buyers. With ransomware, the attackers could infect entire networks of computers by simply using a targeted spear phishing campaign containing the malicious email attachment that contains the ransomware paylod.
“If stuff isn’t working, they move on. If stuff is working, they keep doing it,” said Nutkis.
Organizations that are paying have considered their options, and unfortunately they don’t have a lot of options.
The most prominent cyberattacks in recent times have predominantly involved hospitals being targeted by ransomware extortionists.
Last month, the Hollywood Presbyterian Hospital in Los Angeles was the target of one such attack. Following a two-week stand-off, the hospital eventually paid a ransom of $17,000 in the virtual currency bitcoin to regain access to its encrypted data.
The initial ransom demand put forth by the hackers sought 9,000 bitcoins, approximately $3 million, LIFARS reported previously.
MedStar Health, a non-profit healthcare organization that operates multiple hospitals was at the receiving end of a ransomware attack last week. A report revealed that the attackers have offered MedStar a bulk decryption discount, seeking $19,000 in exchange for regaining access to 15 affected computers.
Notably, the hospital has not paid the ransom, yet.
Image credit: Pexels.
