• September 27, 2016

Health Scare System: Hackers Target Hospitals

Hackers are zeroing in on medical facilities with ransomware.

According to a recent report by the Ponemon Institute, 89 percent of the healthcare organizations surveyed have suffered data breaches over the last two years. These attacks cost the industry at least $6.2 billion. And the tenor of these attacks has turned sinister.

Spread of Hospital Attacks

Hackers are zeroing in on hospitals and medical facilities with ransomware—malicious code that specifically targets and encrypts data files, leaving them inaccessible to users. Once data is encrypted, ransomware self-deletes and leaves behind a notice with instructions on how the target can purchase de-encryption codes.

  • In February 2016, Hollywood Presbyterian Medical Center suffered a Locky ransomware attack, which encrypted the hospital’s medical records. The medical center paid a $17,000 ransom in bitcoins to obtain the de-encryption key.
  • In March, Methodist Hospital in Henderson, Kentucky, declared an internal state of emergency after cybercriminals locked down its data. Hospital officials say they thwarted the attack without giving into attacker ransom demands.
  • Two more California hospitals were the targets of ransomware attacks in March: Chino Valley Medical Center and Desert Valley Medical Center, part of Prime Healthcare. Neither hospital paid the ransom demanded by the attackers.
  • Also in March, the MedStar Health network of 10 Maryland hospitals and 250 outpatient facilities in the Washington area was hit with a ransomware attack. Users were blocked from logging onto the network’s computer systems. MedStar Health shutdown its systems and was able to bring them back up without paying the ransom attackers demanded.


Why are cybercriminals suddenly targeting the $3 trillion U.S. healthcare system? Hackers see hospitals as soft targets with lax security postures that make them easy prey. Medical facilities are often equipped with a hodgepodge of outdated systems and applications accessed primarily by rushed employees. Healthcare personnel also receive almost zero training on cyber threat awareness.

Proliferating Security Vulnerabilities

In this environment, ransomware is easily delivered by exploiting security holes in applications, infecting websites with compromised ads, or launching mass email phishing campaigns with infected links or attachments. And because hospitals deliver critical care dependent on up-to-the-minute health records, their willingness to pay a ransom is heightened.

The underlying technology for ransomware has been floating around cyberspace for decades. Its sudden prominence is being fueled by the ubiquity of connected digital workplaces, improved targeting, and secure anonymous payment systems such as bitcoin. Unfortunately, many attack victims believe paying out ransoms is the most effective way to retake control of their data. Yet as more and more businesses pay up, attacks escalate and hackers gain the resources to fuel the next generation of ransomware.

Hardening Enterprise Defenses

Cybercriminals are increasingly training their sights on local governments and small- to medium-size enterprises. How can these organizations defend against attacks? Prevention measures include deployment of formal, up-to-date data backups to maintain access to critical data; training programs featuring random simulated email phishing attacks; and mail server configurations that block ZIP and other file formats likely to be malicious.

With a focused, hardened defense posture, hackers will seek out softer targets, taking their ransomware extortion threats elsewhere.

Like this article? Read more about ransomware here in an HPE white paper.