Prescription for Disaster: 60% Surge In Healthcare Attacks

What has become an easy target for malware attacks has gotten even worse. The results from Malwarebytes, The State of Healthcare Cybersecurity report, are enough to make anyone feel ill. The report found that in just the first nine months of 2019, malware attacks against healthcare were up 60% over the entirety of the previous year. Healthcare has long been a sitting target for ransomware attacks against one of the most vulnerable populations; those in need of medical help. Not only are healthcare providers like doctors and hospitals at risk, but the patients who depend on a flow of medical information are also in the cross hairs.

The two biggest trojans known for targeting healthcare are Emotet and Trickbot. Both trojans are often the first step to inserting ransomware into a system. They encrypt data and hold it for ransom, and the bad actors behind the malware know the need for PHI (Protected Health Information) is crucial to the welfare of countless patients. With that in mind, they know the likelihood is very high for getting a ransom paid, and quickly. Even if Emotet and Trickbot don’t end up installing ransomware on a system, the damage they can do is still severe. Both trojans steal a ton of PHI, and not just patient health records. Other heisted data includes names, addresses, and dates of birth. These are all things hackers can easily exploit for identity theft.

Despite the outright value of ransomed and stolen information, experts believe there are other mitigating factors why healthcare is such a ripe target. Since email phishing is the road to installing malware, employees need cyber education to spot phishing red flags. Remember, just one wrong click can encrypt an entire system. Experts believe outdated systems and inadequate IT funding are other big reasons healthcare is a guaranteed target. Increased funding is vitally important to stop a ransomware attack before it starts.

Regular back-ups of system data is another way for healthcare to be proactive about its cybersecurity. Should a ransomware attack freeze and encrypt data, the ability to replace it quickly and without paying a ransom is invaluable. The FBI recommends never paying a ransom as it only encourages more ransomware attacks. Healthcare cybersecurity needs to drastically and quickly improve when lives are at risk, and experts say the time is now.