Ransomware presents growing threat to healthcare

14 September 2016
The researchers identified nearly $100,000 in payments from hospital ransomware victims to specific bitcoin accounts. While healthcare is still clearly a small proportion of the overall ransomware ‘business,’ McAfee Labs expects a growing number of new industry sectors to be targeted by the extensive networks launching such attacks.

Legacy IT systems in hospitals

The research team attributes the increased focus on hospitals to such organizations’ reliance on legacy IT systems, medical devices with weak or no security, third-party services that may be common across multiple organizations and the need for hospitals to have immediate access to information to deliver the best possible patient care.

“As targets, hospitals represent an attractive combination of relatively weak data security, complex environments and the urgent need for access to data sources, sometimes in life or death situations,” said Vincent Weafer, vice president for Intel Security’s McAfee Labs. “The new revelations around the scale of ransomware networks and the emerging focus on hospitals remind us that the cybercrime economy has the capacity and motivation to exploit new industry sectors.”

The 1.3 million new ransomware samples in Q2 2016 were the highest ever recorded since McAfee Labs began tracking this type of threat. Total ransomware has increased 128 percent in the past year.

Intel Security 2016 Data Loss Prevention Study

The Q2 report also features the results of a primary research study assessing data loss incidents, including the types of data leaking out, the ways data exits organizations, and the steps organizations must take to take to improve the capabilities of data loss prevention.

The survey found that retail and financial services organizations have deployed the most extensive protections against data loss, a finding McAfee Labs attributes to organizational responses to the frequency of cyber-attacks and the value of the data held by companies in these two sectors. Having sustained fewer cyber-attacks historically, healthcare and manufacturing enterprises have made fewer IT security investments and, accordingly, possess the least comprehensive data protection capabilities.

The weaker defenses in these two sectors are particularly disturbing given that cybercriminals continue to shift their focus from easily replaceable payment card numbers to less perishable data such as personally identifiable information, personal health records, intellectual property, and business confidential information.

“Industry sectors such as healthcare and manufacturing present both opportunity and motive for cybercriminals,” Weafer continued. “Their relatively weak defensive capabilities coupled with highly complex environments simplify breaches and subsequent data exfiltration. The cybercriminals’ motive is ease of monetization, with less risk. Corporations and individuals can easily cancel stolen payment cards soon after a breach is discovered. But you can’t change your most personal data or easily replace business plans, contracts, and product designs.”

Some conclusions in short:
  • Intel Security tracks $100,000 in targeted hospital ransomware payments through suspect Bitcoin accounts.
  • Intel Security survey shows healthcare and manufacturing sectors are among the least prepared to prevent data loss.
  • More than 25 percent of companies surveyed do not monitor sharing of or access to employee or customer data.
  • Only 37 percent of organizations surveyed use endpoint monitoring of user activity and physical media activity.
  • Ninety percent of respondents have cloud protection strategies, but only 12 percent have visibility into data activity in the cloud.
  • New mobile malware reaches highest level recorded in Q2 2016; total mobile malware grows 151 percent year over year.
  • Total ransomware grows 128 percent year over year; macro malware grows 106 percent.