The threat of ransomware in healthcare

Healthcare cyber-security series

Ransomware is a type of malicious software (malware) that restricts access to an infected machine. Cyber-criminals will then demand a payment of a ransom, usually in a crypto-currency like Bitcoin, in exchange for the key to decrypt the data.¹

For many in the healthcare industry, ransomware became known when WannaCry tore across the globe in 2017, infecting 250,000 machines in more than 150 countries including the NHS here in the United Kingdom.² This particular attack affected patient care directly, costing £92m and leading to 19,000 cancelled appointments. However, the NHS has since improved its security posture, markedly in many respects, and have been hit by only six successful ransomware attacks since WannaCry (compared to 203 in the three years prior to 2017).³

Healthcare remains the most targeted industry for cyber-criminals, and a ransomware incident is one of the most disruptive and costly attacks your organisation can suffer. Beazley reports that the healthcare industry accounts for 34% of total ransomware attacks and small-to-medium sized businesses account for 71% of ransomware attacks.⁴

Understanding how ransomware works and then adopting basic cyber hygiene is key to avoiding a ransomware incident or any other cyber-attack.

Ransomware scenario

Initial compromise of your environment

Cyber-criminals will start by targeting your organisation with a phishing email campaign. If one of your colleagues falls for their scam email and clicks a link or attachment – the malware can be successfully installed on their PC.

Malware is installed

The user and their IT teams are unaware that malware has been installed on the PC. Using this foothold, the cyber-criminals explore your network undetected looking for vulnerable systems and sensitive data. This includes the PCs of other colleagues as well as servers supporting critical applications and file stores.

Ransomware is deployed

The cyber-criminals use the access they have achieved to deploy a strain of ransomware which spreads across your network, encrypting and disrupting your business.

Extortion

At this point, the attackers will demand money for the decryption key. The disruption this causes to your business might make the attack public knowledge, causing reputational damage. The Information Commissioner’s Office (ICO) gets involved to understand if there has been a mishandling of customer sensitive data – posing the risk of a significant fine.⁵

Top 5 ways to prevent ransomware

1. Training

Make cyber-security awareness a priority this year, and run phishing email campaigns to help employees recognise phishing attacks. Start by downloading our interactive test and circulate to your team.

2. Backups

Segment backups properly to prevent malware from spreading and infecting them.

3. Lock down remote desktop ports (RDP)

Close down RDP ports, or if that’s not possible, enable multi-factor authentication on the port. Change the RDP port from the default port and use a strong password.

4. Multi-factor authentication

For any remote connection to the network or business applications, require a password as well as a second factor – typically a security code. This makes it more difficult for attackers to gain unauthorised access.

5. Patching and anti-virus

Patches are the name for software changes designed to update, fix or improve that software’s functionality. Patches are deployed to fix security vulnerability and bugs, improving the user experience or increasing performance . Allow automatic patching of your operating system and internet browsers. Stay on top of anti-virus software updates to detect new emerging threats, which can go unnoticed in a system if the anti-virus programme is out-of-date.

The role of cyber liability insurance

Our healthcare cyber-security series aims to help you prevent a cyber-attack on your business, however no organisation can be entirely safe. In event of an attack, a cyber liability insurance policy provides comprehensive cover as well as access to a team of breach specialists that can help you address risks and issues at pace.

Insurance covers your liabilities on media, data security, viruses and hacking. However, the cover reaches much further than your initial liabilities. Customer notification, credit monitoring and legal fees are also included.

Our team has decades of experience in the healthcare sector. We work with our insurance partners to arrange a cyber liability policy that is truly fit for purpose. For advice or a quotation – get in touch.

^Sources: 

^{1 Beazley Cyber International: Ransomware}

^{2 Acronis: How ransomware attacks health care providers and other industries}

^{3 NS-Healthcare: Wannacry ransomware NHS}

^{4 Beazley breach briefing 2019}

^{5 Beazley’s 360 degree approach to ransomware protection}

^{6 Quostar: Patching management FAQ}