Maryland’s state assembly recently passed a bill to increase the penalties and sentences for cybercriminals involved in ransomware attacks. A wide-scale cryptovirological attack on one of the state’s healthcare facilities prompted lawmakers to come with a revised penal code for ransomware operators.
From 2017 onwards, cryptovirological operators have been particularly targeting healthcare facilities serving in the public sector. Whether its Indiana’s Hospital or California’s Orthopedic Center or Hawaii’s Fetal Diagnostic Institute, security experts have repeatedly found ransomware at the center of cyber attacks directed toward healthcare establishments.
Cryptovirological operators attack healthcare facilities because they see good chances of extortion payments from the affected organizations to get ransomware removal decrypter. But they are perhaps not aware of the fatal nature of their cyber shenanigans.
The Damages Go Beyond Data Lockdowns
It is generally believed that a cryptovirological attack only locks the affected entities out of the patient data. That’s definitely major ransomware aftermath that results in appointments cancellations causing inconvenience and losses to patients and the targeted entities respectively.
However, the ransomware-inflicted damages on a healthcare entity are not just confined to data lockdowns. A ransomware attack can affect computer devices and connected medical equipment as well.
The notorious WannaCry attack of 2017 that affected users in more than 140 countries is a good example of how a ransomware attack can affect healthcare sector. In that attack, affected healthcare facilities had to cancel 20,000 appointments. Moreover, more than 70,000 devices including some important medical equipment like MRI machines and CT Scanners had to be shut down in order to prevent the spread of cryptovirological infection.
According to research conducted by the faculty members of Vanderbilt University’s Owen Graduate School of Management, now around 2000 patient fatalities are related to cyber attacks on healthcare establishments that also include ransomware. The non-access to patient data and the closing down of medical equipment are the major reasons behind the increase fatality rate at the healthcare establishments.
Dealing With Cryptovirological Menace
There is no easy answer to protect healthcare establishments from ransomware attacks. The permanent reliance on digital technology highlights the importance of taking the ransomware threat head-on. For starters, it is important to educate the staff about ‘ransomware threat’ instead of using the vague term of ‘cyber attack’.
Moreover, healthcare entities have to do segmentation of their networks. Otherwise, any ransomware attack will continue to result in shutting down the entire digital network of the targeted facility. Hospitals must have in-house ransomware removal experts who can prevent and deal with any cryptovirological activity in real time.
Lastly, it is important that organizations maintain data backups of critical information so they don’t have to cancel appointments in the wake of a ransomware attack.