Vaccinating Hospitals from Ransomware

New research by Healthcare IT News and HIMSS Analytics Quick HIT Survey: Ransomware, posted in Advanced Healthcare Network Executive Insight says that although the majority of hospitals polled reported being targeted by ransomware in the past year, slightly over 50 per cent of respondents said they would not pay ransom to get encrypted patient data back.

Of the institutions polled, 73 per cent had a business continuity plan in place. Mike Overly, a Foley & Lardner information security lawyer, said in an article in Health IT Security that healthcare organizations should train employees, update its technology and make a comprehensive recovery plan.

Attacks on hospitals in Hollywood and in Canada led to a joint cyber alert in late March. The Toronto Sun reported that the U.S. Department of Homeland Security and the Canadian Cyber Incident Response Centre released the alert, which warned that “Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist.”

Once a hospital is attacked and pays a ransom, the problems don’t end there, says Overly, who cautions that it could put the hospital on a list for other hackers, or that the ransomware could remain undetected on the system.

The low cost of ransomware to the attacker and untraceable currency such as Bitcoin makes the risk to the attacker low, says Overly.