Hospitals already fight viruses, but they’re quickly becoming familiar with the kind that affect computers and not the human body. The Hollywood Presbyterian Medical Center made recent headlines when it was forced to pay off hackers after ransomware was installed on the hospital’s computer system. The incident has further fueled a national discussion of digital security and cyberattacks, especially in light of the health care industry’s notoriously weak cyber security.
How ransomware works
According to a statement by its CEO, Allen Stefanek, Hollywood Presbyterian had to pay 40 bitcoins, which amounts to around $17,000, to the hackers that installed the virus so it could restore its electronic medical record system. Stefanek said hospital staff began encountering issues with the computer network on February 5, which lead to the discovery of the encrypted medical record files.
This is how ransomware usually operates. Hackers install it on a computer system, encrypting important files and essentially holding them for ransom, promising to release the data as soon as the money is paid. Since 2015, there have been numerous versions of ransomware, and recently, the public took notice of a new form named “Locky.”
The new form, ‘Locky’
According to Healthcare IT News, Locky disguises itself as a Microsoft Word invoice attached to an email with the subject “Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice.”
When the recipient opens the document, the text is unreadable, prompting a macros activation. That’s when the ransomware is installed in the system and a lock screen with a timer appears, counting down to when the ransom is owed. If the ransom isn’t paid before the clock runs out, the keys to unlock the files, and the files themselves, are supposed to disappear.
Kevin Epstein, the vice president of the Threat Operations Center at cyber security company Proofpoint, told Healthcare IT News that while the computer is technically still usable, files are encrypted, and users are unable to tell which ones are safe. He warns that this virus spreads faster than any other.
Like other ransomware hackers, the people behind Locky keep their word about releasing files once a ransom is paid. Epstein says hackers do this because it sets a precedent for future incidents, and most victims usually pay. It costs less than building a new system and losing all that data.
How can providers protect themselves?
Since healthcare began adopting digital record-keeping technology, data breaches have been a major issue. While ransomware has financial motivations targeting the businesses themselves, other viruses aim to collect data about their customers to commit identity theft or sell to other fraudsters. Medical information is 10 times more valuable than other types of financial or personal information, making it especially appealing to thieves.
According to Epstein, prevention is difficult but not impossible. The key is taking the steps to avoid human error. Often, health care providers rely on their staff to make the judgment on suspicious emails, but mistakes or oversights are inevitable. This means it’s necessary to install or invest in a security system that can detect suspicious activity and deem what’s unsafe.
With the health care industry so vulnerable to attacks, more consumers are concerned about the state of their personal information. To further your own protection against identity theft, you can invest in a service that will monitor your Social Security Number, credit file and public records and notify you of certain activity that could indicate fraud.