Cyber criminals don’t even have to steal data from the computers of hospitals to be able to make a quick buck.
Ransomware is a new data security threat that has targeted and victimized a number of hospitals in recent years.
It also pertains to a type of malware that cyber criminals infect on a healthcare organization’s IT system, preventing the company from accessing certain files or sectors. Usually, the infected components become encrypted and the authorized user is then unable to access them. The hackers will then deliver a message containing instructions for sending payment or ransom in exchange for restored access to the affected system.
What makes ransomware even more complex is that cyber criminals demand that payment be made through bitcoins. Unlike credit cards, bitcoin payments are difficult to trace which aids hackers in eluding authorities.
Aside from the inadequate cyber security programs of hospitals and health care institutions, one reason why cyber criminals use ransomware to force these companies to pay up is due to the nature of healthcare operations. Hospital and healthcare providers need speedy access to patient data as well as a functional communications system. Thus these institutions are more likely to pay out instead of letting their operations be affected by this type of cyber attack.
Ransomware attacks are on the rise, unfortunately. Symantec reports that for the first quarter of 2016 alone, there has been an average of more than 4,000 ransomware attacks per day. This represents a 300 percent increase over the 1,000 attacks-a-day reported by the company in 2015.
Some of the companies which admitted paying out to cyber criminals include Hollywood Presbyterian Medical Center, which paid $17,000 to hackers in February this year, and MedStar Health based in Columbia, Maryland, which paid $19,000.
According to the Ponemon Institute, unplanned downtime at healthcare organizations may cost the company around $8,000 a minute per incident. This may explain why most hospitals would rather pay up than have to deal with major operational losses.