Ransomware has evolved to become one more dangerous cyberattack to industries and the business landscape. Once released upon an unsuspecting network, the ransomware virus holds hostage the software and/or the hardware of the intended victim. The personnel of the targeted company cannot access their laptops and other devices. All their files are encrypted and cannot be used. The ransomware hacker will ask for a ‘ransom’ price which can range from a few hundred to a hundred thousand dollars. Upon payment, usually through untraceable Bitcoin, he will send the company the key to decrypt and make the files accessible again. Failure to pay the ransom can cause damage and permanent loss of the files which will disrupt the business community and lead to major losses in revenue.
Corporate America is mounting its defense systems and investing in technology to counter ransomware. The financial toll has been staggering: Channel Partner Online’s estimates have reached $24 million in the U.S. alone in 2016. One industry has been attracting ransomware invaders like honey drawing in bees and other sugar-loving insects: healthcare. In a Healthcare IT News report, 80 million patients had been affected due to ransomware attacks in 2015; another theft of six hard drives can compromise 950,000 medical records of patients and doctors.
Unfortunately, all factors indicate these numbers will increase in 2017 and the next few years. While ransomware attackers prize data, medical information is the most coveted of them all. The knowledge that their bank records and other financial documents have been hacked can cost many individuals sleepless nights; a similar case happening to their medical records, which contain their list of illnesses, diagnoses, and medical costs, can be far more traumatic.
While worrisome, the theft of a bank account information or credit card data can still give the victim time to maneuver. He can transfer his money to a new account, and ask the credit card company to block his card. He can anticipate to a reasonable degree what the hacker can do to his financial information, and create a counter-move.
What is alarming about the theft of healthcare information is that it is difficult to anticipate what the ransomware thief will do with it. According to Healthcare Dive, past healthcare victims suffered exploitation, misuse, and unauthorized disclosure of their data. These examples show how the hackers can take advantage of patient information: A business owner in a conservative community can experience customer withdrawal if the hacker discloses that he has a serious medical condition. A CEO fighting a potentially debilitating disease might be asked to step down by his Board of Directors if that condition is made public. A job applicant can miss out on a job opportunity if the hacker releases information that he has heart risk problems.
Other wily hackers can use stolen medical information to create false identities to obtain medical insurance or prescription drugs they, otherwise, would not have access to.
In a worst-case scenario, ransomware can actually be a catalyst to inflict physical injury. Imagine what would happen to a team of doctors whose records have suddenly become captive to ransomware. They could not give proper medical diagnosis to their patients. Those preparing themselves for an actual surgery will perform that operation with incomplete data; rather than endangering the patient’s lives, some will just postpone the activity.
No wonder the price is soaring for medical records on the black market. As reported by Info Security Magazine, one database of electronic health records can fetch as much as half a million dollars. A piece of social security data sells at $1, while a patient’s medical record can command as high as $50. Healthcare Dive further reports that 89 percent of medical establishments have experienced data breach.
This is why hospitals, medical centers, clinics, and other institutions of wellness have made it to the top of the list of targets for ransomware hackers. Fortunately, many have invested in counter-ransomware measures like fortifying their firewalls, deploying anti-virus technology, and training their personnel how to spot and neutralize a ransomware threat.
These efforts and their expansion cannot come soon enough. The security of the healthcare industry safeguards the physical and constitutional well-being of millions of individuals. Though it is difficult, some of us can forego acquiring a credit card; however, at some point in our lives, all of us must visit a hospital or a clinic where our medical records will be registered and stored. Our data should be protected – that is non-negotiable.