Solution providers say the recent high-profile ransomware incident at a California hospital should be a warning sign for health care and other businesses to develop a more comprehensive security strategy, one that moves beyond protecting against information theft to also preventing unauthorized changes in information or loss of access.
The ransomware attack hit the Hollywood Presbyterian Medical Center on Feb. 5, when employees first noticed problems with the network. Since then, the hospital has been unable to access its network, any of its electronic health records or electronic communications, forcing it to revert to paper, telephones and fax machines to keep the medical center up and running.
Some reports said the incident was caused by a phishing attack, but those reports were not confirmed by the hospital.
In 2015, there were multiple mega breaches that struck the health care industry, though most were focused around the insurance industry, including such businesses as Anthem, Premera and Carefirst. According to the Privacy Rights Clearinghouse, there were 53 reported breaches in the health care and medical provider sectors (with an additional 36 in financial and insurance services).
However, this recent high-profile incident shows a different tone of attack, one that requires a much more comprehensive security strategy in health care, said Dan Berger, president of Redspin, a Carpinteria, Calif.-based security solution provider that focuses on the health care vertical. While many security strategies focus on stopping hackers from accessing information, Berger said it's important for health care organizations to focus on what he called the "full definition" of security, including information integrity and availability.
"We're starting to see the integrity and the availability of that triad is actually becoming more scary because then you're talking about hackers getting in and maybe changing medical records instead of stealing them, or in this case, they made them unavailable," Berger said. "Losing your personal data is one thing, but disabling the hospital from being able to operate is another."
Reports put the initial ransomware demands at around $3.4 million in equivalent Bitcoin, but the hospital said Wednesday that the demands were actually for around $17,000 in Bitcoin. The hospital said it has decided to pay the ransom, as it was in the "best interest of restoring normal operations."
Ransomware, in particular, is a trend that partners need to be paying attention to, Berger said. According to a recent study by Kaspersky Lab, ransomware was significantly on the rise in 2015, doubling in the number of attacks throughout the year. Berger said he saw sporadic ransomware events throughout the year, but none that are this high profile. However, he said he expects that will change as other hackers look to capitalize on the payout.
"I have a feeling this is now the tip of the iceberg," Berger said.