Now, Cyber Security Experts needs not only in the IT department even in the Health departments too. Could you imagine that the Health Sector has also become Vulnerable? Yes, you have heard right.
Cyber Criminals are targeting Health departments too. Among the recently witnessed attacks, Ransomware attacks are highly turned into healthcare data breach.
On 19th July, Health Management Concepts (HMC) discovered that the attackers were “inadvertently provided” a file containing personal information, including names, Social Security numbers, and health insurance plan data, on IBU members. HMC explained that it provides chronic condition management to IBU (Inlandboatmen’s United of the Pacific National Benefit Funds).
HMC said it paid the attackers for the decryption key, which they provided. HMC decrypted the data without impact on the healthcare management services it provides to clients.
The Institute for Critical Infrastructure Technology (ICIT) called 2016 the year of ransomware, in a report released earlier this year. ICIT added that ransomware will “wreak havoc” on America’s infrastructure.
“Ransomware is less about technological sophistication and more about exploitation of the human element,” ICIT said in its ransomware report. “Simply, it is a digital spin on a centuries old criminal tactic.”
The inability to access critical information “can be catastrophic,” according to the Federal Bureau of Investigation (FBI). Especially “in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation.”
The report authors also note that this data appears to be consistent with other sources. Kaspersky Lab recently found that the total number of ransomware events decreased by approximately 30 percent from 2016-2017 to 2017-2018, the report notes.
“The Kaspersky report notes that ransomware attackers are searching for more profitable activities such as cryptojacking. As per Kaspersky, they have found that ransomware is ‘rapidly vanishing,’ and that cryptocurrency mining is starting to take its place,” the Cryptonite report authors wrote.
“We do believe that ransomware still presents a formidable threat to healthcare and expect new variants, such as AI-based malware, to present very difficult challenges to healthcare institutions later in 2018 and into 2019,” the report authors wrote.
Recent Ransomware Attacks on Health departments are as following
On March, 18000 patients of Metropolitan Urology exposed in Ransomware attack.
In Urology, Austin, also exposed 200,000 patient data breach in the Ransomware attacks. This information leaked patients name, address birth dates, Social Security Numbers and medical data.
On 9th July, The hospital announced that it became aware of a crypt malware attack on the morning. The incident affected the organization’s internal communications systems and access to its electronic health record (EHR).
According to reports, many hospitals have paid ransom to cyber criminals to decrypt their data.
Airway Oxygen, Inc, learned that unknown cyber criminal had gained access to their technical infrastructure and installed ransomware in order to deny Purity Cylinder and Airway Oxygen, two affiliated companies, access to their own data. The types of protected health information that were involved in the breach including private information of their customer/end users and payment sources with full name, home address, birth date, telephone number, diagnosis, the type of service being provided, and health insurance policy numbers.
The Ransomware attacks were mostly trending in the year 2017, now the attack percentage is down in 2018 as compared to the last year.
How can the Hospitals and Medical departments Secure their Data?
- They need to update their computer system with the latest OS version.
- They should implement end point security application to secure all of their networks.
- They should Back up data on regular basis.
- Use Data loss prevention software and keep monitoring.
- Block users to install software, keep permission is only for admin.