Ransomware epidemic will continue to ravage healthcare
There is a ransomware epidemic spreading across the healthcare industry that shows no signs of slowing down, according to GreyCastle Security CEO Reg Harnish.
He contends that healthcare isn’t any more vulnerable to ransomware than other industries. But Harnish observes that—given the value of patient data and medical records—providers are the focus of cyber criminals who are targeting them with file-encrypting malware.
“You take their data away, and it literally threatens lives, patient safety and patient care, so they are much more likely to pay a ransom,” he adds.
Business is booming at GreyCastle, which is experiencing triple-digit growth year over year. The Troy, N.Y.-based consultancy has only been in operation for six years, but Harnish contends that his company is one of the largest cybersecurity risk assessment, advisory, and mitigation firms in the country.
“We have a very deep practice in healthcare, including incident response where we’ve been dealing with ransomware,” says Harnish. “It’s everywhere. This problem is not going away.”
When it comes to prevention, Harnish believes that healthcare organizations must conduct regular and systematic assessments to identify, prioritize and measure cybersecurity risk. He notes that most ransomware cases occur “because an end user on the clinical staff or administration falls victim to a social engineering attack.”
To prevent these kinds of breaches, Harnish recommends healthcare organizations adopt a heightened sense of awareness that comes from training end users on emerging cyber threats and what to do about them. “An effective awareness program that helps their employees and contractors to be able to recognize a social engineering attack and then report it is job No. 1,” he emphasizes.
He says that Locky and Sage ransomware continue to appear on the phishing threat landscape in 2017. “The reality is that our adversaries are getting better faster,” according to Harnish, who says ransomware is evolving in terms of ease-of-use, features, and functionality.
“They are selling this stuff just like Microsoft,” he adds. “They’re in business to sell software or, in their case, malware. All of them today are undergoing a similar kind of evolution to (what we saw with) Microsoft Office. Cyber criminals are not a bunch of teenagers wearing hoodies. It’s very organized and sophisticated.”
Harnish advises that organizations have a response capability, which he sees as being critical for managing, coordinating and monitoring a cybersecurity incident from initial discovery through resolution. “They need to have a response plan so if and when it happens, they can respond very quickly,” he concludes.
On the question of whether or not organizations should give in to the demands of cyber criminals using ransomware, Harnish says that GreyCastle never recommends paying a ransom. “There’s no guarantee that the ransom will work,” he warns. “If you pay the ransom, you may not get decryption keys. And even if you do get decryption keys, they may not be the right ones.”
Further, Harnish cautions that those organizations that pay a ransom then get put on a list of victims who have complied with ransomware demands. As a result, he says they are much more likely to be targeted again as a “paying” customer. “None of our clients have ever paid a ransom,” he adds.