Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Healthcare Online User Group

Healthcare Take Notice - a Warning from Down Under

Medical Records held for Ransom
Created: 21 Jan 2014 • 1 comment
Axel Wirth's picture
+1 1 Vote
Login to vote

Yahoo!7 News Australia just published a noteworthy article: "Cyber attacks: pharmacies, patient records targeted 'ransomware' attacks" (17-Jan-2014), highlighting a worrisome trend of using Ransomware to specifically attack medical institutions, encrypt critical data (pharmacy records in this case) in place and demand a ransom in exchange for the encryption key.

Although we have seen these types of attacks before (Express Script, 2008; Virginia Health Professions Database, 2009; or Surgeons of Lake County, 2012), these recently reported attacks are raising the bar for a number of reasons: 10 reported cases in an 18 months period, all focused on a specific industry and geography, presumably enabled by the wide availability of very mature Ransomware tools and especially through the spread of the Cryptolocker Trojan since 2013.

Unlike previous targeted attacks on healthcare institutions, which were mainly driven by the motivation to steal patient demographic and financial data, this type of an attack has immediate operational impact and puts patients' safety at risk. As reported from Australia: "If that happened they can't ensure the safety of patients in terms of previous medications et cetera," with the  Pharmacy Board of Australia issuing a formal warning and comparing the latest attacks to "financial terrorism".

Losing your EHR database or other critical system to a Ransonware attack prevents clinicians from accessing clinical information, like patient history or lab results, and prevents them from providing care; or in case of an emergency, prevents the care team from having access to the complete medical picture, leading to potentially compromised decision making.

Cyber attacks on healthcare institutions are not new, and malware outbreaks (targeted or general, unintentional) are only too common. Unfortunately, many healthcare providers have a weak security posture and their ability to prevent, detect, or quickly and efficiently respond to an attack may be limited. I am afraid that this new attack paradigm, targeted encryption of critical health data, puts healthcare institutions square into the cross hair of a new and highly sophisticated threat.

 

 

Comments 1 CommentJump to latest comment

powelledmond's picture

Cyber attacks seem to be very common now days. In several countries around the people were suffer from cyber attacks, basically in cyber attacks we were losing various kinds of information and data from our systems. And here in this article we have found cyber attack in health care institution that definitely affects the entire health details and report of the health care system. So cyber attacks in health care institution definitely bring various negative changes in health care sector.

urgent care clinic Columbia, MS

0
Login to vote