Caregivers Cut Off

As technology advances, crime keeps pace. Modern lawbreakers can now hold lives hostage from afar. It’s all because of type of malicious software called ransomware. These programs are designed to lock down computers and data until a monetary demand is paid. When these viruses first cropped up, they generally targeted users indiscriminately by casting a wide net of spam emails and infected links, waiting for an unsuspecting web surfer to bite. Your computer would freeze, or your data would disappear under encryption, and you’d be treated to a pop-up asking you to pay up. But cyber criminals have gotten more sophisticated with their methodology just as the technology itself has evolved. These hackers now increasingly target health care organizations for their vast wealth of confidential medical records, which can be sold on the dark web for up to $1,000 each. At the same time, the attackers can deny access to the health care organization’s systems, including their electronic health records and medical administration solutions. This can have huge consequences for caregiving. Since most health organizations now rely on tablet-based charts, staff are left without medical histories and care plans to ensure proper treatment, putting their patients’ lives at risk. Long-term care under attack Hospitals aren’t the only care facilities affected by ransomware. Criminals have begun targeting businesses who handle the IT service needs for smaller organizations in health care – including senior living providers. This way, hackers can infiltrate hundreds of client businesses from a single breach. It’s what recently happened to Virtual Care Provider Inc, based out of Milwaukee, Wisconsin. On November 17, a criminal group encrypted the data of their entire customer base: 110 skilled nursing and acute care providers in 45 states. Resident records were locked, internet access blocked and medication...

Ransomware Rundown

Though some experts predicted the final payoff would hit one billion dollars, Friday’s ransomware attack – believed to be one of the largest ever perpetrated – ended with a fizzle over the weekend with the hackers barely pulling in $26,000 before being  temporarily stopped in their tracks by an anonymous cyber security expert. Summarizing the situation Monday morning, Jan Op Gen Oorth, senior spokesman for Europol, told the AFP, “The number of victims appears not to have gone up and so far the situation seems stable in Europe, which is a success.” “It seems that a lot of internet security guys over the weekend did their homework and ran the security software updates.” A Simple Fix According to Gizmodo the damage was mitigated, in part, due to the quick action of an “anonymous 26-year-old security researcher” named MalwareTech, who managed to temporarily slow the spread of the ransomware attack late Friday. After discovering the domain name associated with the ransomware, iuqerfsodp9ifjaposdfjhgosurijfaewrwergwe- a.com was available for purchase for just $10.69, MalwareTech bought the domain and halted the attack. “Initially someone had reported the wrong way round that we had caused the infection by registering the domain, so I had a mini freak out until I realized it was actually the other way around and we had stopped it,” MalwareTech told The Guardian. According to Matthieu Suiche, founder of cybersecurity firm Comae Technologies, MaltechWare’s registration of the domain stopped the malware from spreading throughout the US. “The kill switch is why the U.S. hasn’t been touched so far,” he told the New York Times on Saturday. “But it’s only temporary. All the attackers would have to do is create a variant of the hack with a different domain name. I would expect them to do that.” A Global Attack The flurry of ransomware attacks shut down several...

Healthcare Hackers

In December of 2014, MIT Technology Review declared 2015 the “Year of the Hospital Hack.” Unfortunately, their prediction came to pass. By the end of 2015, Websense researchers reported a 600% surge in cyber-attacks on hospitals – and that number is only expected to climb. Both the Ponemon Institute and the Privacy Rights Clearinghouse have identified health care data particularly susceptible to cyber-attacks. A Top Target As we reported last month, the threat of ransomware continues to grow, and hospitals, in particular, are in the crosshairs. With assaults escalating every day, healthcare facilities face a tricky balancing act as they weigh the benefits of technology against the need for security. While 2015 saw a significant uptick in cyber-attacks at hospitals and other healthcare facilities, 2016 is shaping up to be even worse. During the first few months of the year, four major hospitals – Canada’s Ottawa Hospital, Hollywood Presbyterian Medical Center, Medstar Washington, and Kentucky’s Methodist Hospital – were on the receiving end of a ransomware aggression. In each case, hackers held the facility captive by demanding bitcoin payments to release their computer systems. Unfortunately, experts warn the healthcare industry will continue to experience these types of scenarios. Even worse, these attacks could result in a whole host of dire consequences, including some with life-threatening implications. “One can imagine how detrimental it would be if someone was in the middle of a major operation and suddenly all of their health records became unavailable,” says Malwarebytes security researcher Jérôme Segura. Data Rich Targets Carl Leonard, principal security analyst for Websense believes hospital hacks are alluring because of the type information stored by medical facilities. Medical records, which often contain social security numbers, dates of birth and other sensitive information, can provide enough material to “build...