Ransomware Hackers are Targeting Healthcare Facilities: Here’s Why

The ransomware scourge afflicting the world is sparing no one— just a few days ago, the Anglesey island school district’s IT systems were the latest Welsh victims of the cyber pandemic.

Healthcare facilities are also among the favorite targets of hackers. Targeting healthcare infrastructure in the midst of the COVID pandemic might seem especially spiteful, but it’s actually a consequence of an ongoing arms race in cyberspace.

The Evolution of Ransomware

You probably remember the WannaCry ransomware attack, which brought ransomware fully into the popular consciousness in 2017. The virus affected more than 200,000 computers, causing billions in damages by holding user data hostage. 

WannaCry took advantage of a security vulnerability in Windows and spread automatically. Once the vulnerability was patched, the spread of the virus stopped. Newer generations of ransomware are a completely different beast, however.

Since the early strains of ransomware, hackers have come a long way. Cryptocurrencies like Bitcoin not only allow hackers to demand anonymous payments; they also made possible the development of a specialized hacking ecosystem. 

Different hackers can specialize in different tasks and charge for their services without having to reveal their identity. Some hackers specialize in developing viruses that can evade the latest antivirus software. Others specialize in breaking into individual networks. Still others operate online marketplaces where hackers can anonymously congregate and recruit affiliates or offer up their services.

As ransomware has grown more common, people have gotten smarter about backing up their data. If you have a recent copy of your data, you can simply reformat the memory of your computer or network along with the ransomware and start over. In response, hackers have started to search for new ways to pressure victims into paying.

Data Exfiltration Attacks

One of the most important recent developments in ransomware is the rise of data exfiltration attacks and blackmail.

As techniques improved, hackers started going after bigger and bigger targets and demanding bigger ransoms. One of the ways to achieve this was by getting their hands on sensitive data and then threatening to release it. 

This is one of the reasons for the rise in attacks on healthcare facilities. Medical records are confidential documents, and in many countries, leaking medical data comes with considerable legal consequences. 

In the United States, for example, the average cost of a data breach is around $4.5 million dollars. In the healthcare sector, however, the average is $6.5 million— two million higher than for other industries. 

This higher price tag means there is more pressure on those in charge to buckle to the demands of the hackers. This pressure is, of course, in addition to the already high pressure of maintaining infrastructure which could quite literally mean the difference between life and death.

Notable Ransomware Attacks on Healthcare

• In 2020, police in Germany opened the world’s first ever murder investigation in relation to ransomware. A woman in critical condition died in an ambulance when a hospital shut down due a ransomware attack. Her ambulance was diverted to another hospital, significantly delaying potentially life-saving treatment.
• Around the same time, a ransomware attack affected Universal Health Services, a chain of hospitals with more than 400 locations in the US and Europe. And of course, one of the most well known incidents of the WannaCry crisis was its impact on the UK’s National Health Services. 
• Some hackers pledged not to attack healthcare facilities during the COVID crisis, but this appears to be the exception rather than the rule. Microsoft reported that some ransomware hackers— apparently with nation-state backing— attempted to extort major pharmaceutical companies racing to develop a COVID-19 vaccine.
• One of the top 10 biggest ransoms ever paid was paid by the University of California – San Francisco’s medical school. 

A Sustained Threat

For the time being, there’s very little that can be done to stop the ransomware crisis completely. Better cybersecurity practises and awareness can prevent ransomware infections in almost all cases. 

One of the biggest challenges is improving phishing awareness. For example, in one case, hackers pretended to be officials working with the World Health Organization in order to gain the confidence of their victims.

Almost any employee can provide an entry point to a network, so broad-based awareness among all employees is necessary to prevent hacks. Hopefully the difficult phase we are going through now will be a learning phase on the path to a higher level of cybersecurity preparedness. 

The impact of ransomware on healthcare in particular underscores the fact that the difficult adjustments necessary for improved security are not optional.