Why Hospitals Are Being Targeted By Ransomware

Drastic times, drastic measures

Key Takeaways

  • Medical centers around the country are working to prevent ransomware attacks. 
  • Federal law enforcement agencies recently warned that criminal gangs are targeting hospitals. 
  • Some hospitals are proactively shutting down their email systems and backing up records in case they are attacked.
A hospital worker in front of two computer screens.
 Reza Estakhrain / Getty Images

Hospitals are taking forceful measures to prevent cyberattacks after federal agencies recently warned that they are being targeted with ransomware.

Medical centers around the country are doing everything from shutting down their email systems to backing up patient information in preparation for ransomware attacks.

The U.S. Cybersecurity and Infrastructure Security Agency released a warning regarding ransomware activity targeting health care facilities. Criminals are targeting hospitals because they are more likely to pay the ransom than other types of institutions, observers say. 

"With the risk of networks staying down for hours or even days, hospitals simply cannot afford the time it would take to recover if they did not pay a ransom," Justin Fier, the director of cyber intelligence and analysis at cybersecurity firm Darktrace, said in an email interview.

"It's not just the bottom line and revenue loss that hospitals need to worry about—prioritizing their patients' health is the first and foremost concern and even the smallest amount of downtime for medical equipment or networks could endanger patients."

Increasing Threat

The FBI and two federal agencies said recently that they had collected intelligence pointing to "an increased and imminent cybercrime threat" to U.S. hospitals and health care providers. Groups are targeting the healthcare sector with attacks aimed at "data theft and disruption of healthcare services," officials said. 

The particular strain of ransomware that has experts most worried is called Ryuk. Like most kinds of ransomware, Ryuk can transform computer files into meaningless data until the target pays whoever launched it. Dozens of hospitals have reportedly been hit by ransomware in recent months.

A physician looking at a computer screen that has ransomware displayed.
 Tinpixels / Getty Images

Some hospitals aren’t waiting to be attacked and are taking steps that might once have been considered extreme. A hospital in Ogdensburg, N.Y., Claxton-Hepburn Medical Center, closed its email system to prevent cyberattacks, according to a news report. The hospital is still functioning without email.

Meanwhile, Copley Hospital in Morrisville, Vt., is reportedly going so far as to back up all its patient information every night. The hospital also saves back-up information that’s not connected to the internet. 

Vulnerabilities Abound

Hospitals are good at securing highly sensitive patient data, but they’re still surprisingly vulnerable, experts say. "Hospitals rely on numerous different software and hardware platforms, which creates openings hackers can exploit," Ara Aslanian, a cybersecurity advisor to LA Cyber Lab and CEO of Inverselogic, an IT service company, said in an email interview.

"They also have a lot of expensive specialist equipment, which often runs on legacy or outdated software platforms that are not updated against the latest threats. In addition, there are no universal standards for hospitals on data security as there are in other critical industries, like defense contractors. As a result, each health organization determines its own cybersecurity practices and, inevitably, some will do a better job than others."

Ransomware attacks on hospitals can have life or death consequences. Earlier this year, in Germany, a woman may have become the first person to die as a result of a ransomware attack on a hospital. In another case last month, a Finnish psychotherapy center was attacked by ransomware and criminals attempted to blackmail thousands of patients after gaining access to their therapy records. 

"If an attack is successful, the collateral damage can be significant," Aslanian said. "For example, if hospital data is encrypted from a ransomware attack and the emergency medical records system goes dark, doctors, nurses, and technicians do not have the vital information they need to treat patients."

"With the risk of networks staying down for hours or even days, hospitals simply cannot afford the time it would take to recover if they did not pay a ransom."

The medical devices hospitals use are also vulnerable to attack. One of the ways medical device manufacturers are fighting cybercrime is through the use of unique device identities to authenticate users and devices.

"For medical device manufacturers making IoT connected infusion pumps, for instance, this means binding a unique device identifier to each and every infusion pump that it produces during manufacturing, even before it is sold or put into service," Diane Vautier, IoT product marketing manager at GlobalSign, said in an email interview. 

Shutting down an entire hospital’s email system sounds drastic. But recent history shows that ransomware attacks on medical institutions can take lives.