Look out, healthcare organizations:
Ransomware is infecting your facilities. It’s your IT and other data systems —
not your patients — that are getting sick. Think of ransomware as a chronic
superbug threat that simply won’t go away. Antivirus tools won’t work.
Firewalls won’t stop the disease. In fact, because ransomware is mutating and
evolving rapidly, there’s no single surefire way to stay safe – or even
minimize the harm.
Medical professionals, such as doctors,
nurses, orderlies and lab technicians, are trained in hygiene to protect their
own health against a patient’s illness or infection – and to avoid spreading
diseases from one patient to another. There are practices designed to protect
against human contact, either directly (such as by touching an infected
patient) or indirectly (such as by touching a doorknob). There are other
practices for protecting against droplets (like coughs) and airborne risks.
The same should be true of anyone in a
healthcare organization that touches any computer equipment that’s connected to
a network. Bad digital hygiene can result in not only infection of the user’s
computer, but can potentially spread infection to the organization’s data
center, servers, databases, security systems and even cloud storage services.
The threat is real, and ransomware is
the Methicillin-resistant Staphylococcus aureus (MRSA) of today’s infectious
malware. When a system loads the ransomware code, most often the malicious
software does many things, such as:
- It
investigates the system and its network to look for vulnerabilities and
other systems to infect
- It
encrypts the user’s data — rendering the computer unusable and its data
inaccessible
- It
demands a ransom (payable in an untraceable currency like Bitcoins) to
decrypt the data
- If
the data is paid, the data is decrypted… but the malware itself still
remains on the system in a dormant state (at least for awhile)
There is no guarantee that this is all
that will happen. It could be worse. There is nothing to prevent the ransomware
from installing a keylogger to capture passwords to secure resources for
example. The malware could spy on the network or provide remote access to IT
resources for remote hackers. It could steal patient data or other protected
information. And… there’s no guarantee that even if the organization pays the
ransom that the data will actually be decrypted. It’s not like you can call the
hacker’s tech-support line and ask for assistance or a house call if the
decryption process fails.
