On February 5, Hollywood Presbyterian Medical Center (HPMC) employees were unable to access the hospital’s network. They’d been hit with malware that locked access to certain computer systems and shut down e-communications. The 434-bed hospital was forced to switch to paper and low-tech methods of communication such as fax machines.

According to an Ars Technica article, HPMC executives decided “the quickest and most efficient way to restore our systems and administrative functions was to pay ransom and obtain the decryption key.” President and CEO of HPMC Allen Stefanek continued, “In the best interest of restoring normal operations, we did this.”

40 Bitcoins (aka $17,000) later, the hospital was back online. The hospital claims there is no evidence patient data was stolen from the network and at no time was patient care compromised. However, due to the impact on the emergency department, some 911 patients were diverted to other hospitals.

If you’re in the security industry, this comes as no surprise. “Healthcare organizations are notoriously vulnerable to cyberattack due to the vast number and variety of endpoints and outdated, unpatched software,” said Skybox Director of Product Marketing Michael Bruchanski. “Every connected device, usually made and/or run by third parties with potentially lower security standards, is a point of entry attackers could exploit. And considering the high value of medical information even in comparison to other PII, healthcare is most certainly in the crosshairs of hackers.”

Ransomware attacks targeting businesses and larger organizations is becoming increasingly common. Cybercriminals have graduated from holding files from an individual’s computer demanding $500 to focused, corporate-level attacks that can prove much more lucrative. While there is usually an air of doubt around claims made by recently hacked organization that no critical data or systems were accessed, this may likely be the case for HPMC. In a sort of last-ditch effort for profitability, if hackers are unable to extract valuable assets, they can at least take the network hostage.

The fact that HPMC paid up is consistent with the many ransomware victims that came before them. 40 percent of CryptoLocker victims reportedly paid out ransoms, and even an FBI special agent for the Cyber and Counterintelligence Program admitted crypto-ransomware is usually so good, they often “advise people just to pay the ransom” (though this is not the FBI’s official recommendation on the issue). This has created a dilemma in business and cybersecurity that while paying for crypto-keys is often the fastest, easiest way to regain access, it likely perpetuates the larger problem.

The HPMC attack is another feather in the cap of cybercriminals, so expect more corporate ransomware attacks to come. The best you can do is be ready.

  • Know your attack surface. Having up-to-date information on your total IT infrastructure and the threats against it are the foundation of a battle-ready security program. Intelligence at-the-ready can mean the difference between a minor incident and headline news.
  • Patch and protect. Unpatched software is low-hanging fruit to attackers. If you’re unable to keep up with patches, implement them due to business needs or no patch is available, make sure vulnerable systems are below layers of security and segmented from critical assets.
  • Back that asset up. If HPMC regularly backed up data—whether redundantly online and offline as well—the hackers’ ransom demands would be irrelevant. While this is a tall order for enterprise businesses, making offline back-ups standard may be the key to stamping out ransomware attacks.

 

Resources

What does your attack surface look like? How can you reduce it? Use these five best practices to better protect your network and your business. Learn more >

When global enterprise is reduced to communicating via fax: surviving the data breach and lessons learned. Learn more >