Ransomware is a Chronic Superbug Disease

Look out, healthcare organizations: Ransomware is infecting your facilities. It’s your IT and other data systems — not your patients — that are getting sick. Think of ransomware as a chronic superbug threat that simply won’t go away. Antivirus tools won’t work. Firewalls won’t stop the disease. In fact, because ransomware is mutating and evolving rapidly, there’s no single surefire way to stay safe – or even minimize the harm.

Medical professionals, such as doctors, nurses, orderlies and lab technicians, are trained in hygiene to protect their own health against a patient’s illness or infection – and to avoid spreading diseases from one patient to another. There are practices designed to protect against human contact, either directly (such as by touching an infected patient) or indirectly (such as by touching a doorknob). There are other practices for protecting against droplets (like coughs) and airborne risks.

The same should be true of anyone in a healthcare organization that touches any computer equipment that’s connected to a network. Bad digital hygiene can result in not only infection of the user’s computer, but can potentially spread infection to the organization’s data center, servers, databases, security systems and even cloud storage services.

The threat is real, and ransomware is the Methicillin-resistant Staphylococcus aureus (MRSA) of today’s infectious malware. When a system loads the ransomware code, most often the malicious software does many things, such as:

• It investigates the system and its network to look for vulnerabilities and other systems to infect
• It encrypts the user’s data — rendering the computer unusable and its data inaccessible
• It demands a ransom (payable in an untraceable currency like Bitcoins) to decrypt the data
• If the data is paid, the data is decrypted… but the malware itself still remains on the system in a dormant state (at least for awhile)

There is no guarantee that this is all that will happen. It could be worse. There is nothing to prevent the ransomware from installing a keylogger to capture passwords to secure resources for example. The malware could spy on the network or provide remote access to IT resources for remote hackers. It could steal patient data or other protected information. And… there’s no guarantee that even if the organization pays the ransom that the data will actually be decrypted. It’s not like you can call the hacker’s tech-support line and ask for assistance or a house call if the decryption process fails.

Healthcare organizations are huge targets for ransomware. While there are indications that this is deliberate, the vast number of users of hospital systems, the poor computer-security training of those users, and a focus on spending money on new lab equipment instead of new security equipment, can exacerbate the problem.