Three more US hospitals hit with ransomware

News by Max Metzger

Three more hospitals have been hit with ransomware, in what seems to be an endless rash of hospital attacks.

Three more hospitals have been hit with cyber-attacks. After a rash of worrying infections on medical bodies over the last few months, several more hospitals in the US have been subjected to ransomware attack

Kentucky Methodist Hospital, Chino Valley Medical Center and Desert Valley Hospital were all the victims of such an attack.

The two California hospitals had some of their systems disrupted, before shutting down computers so the malware didn't spread further.

At Kentucky Methodist Hospital, attackers copied original files, encrypted the copies and then deleted the originals, isolating hospital staff from the data they needed to do their jobs. Investigative journalist and cyber-sec expert Brian Krebs reported that the situation had thrown the hospital into an “internal state of emergency.”

Delivered via phishing emails, the ransomware got into several of the hospital's systems before IT staff shut down all the facility's desktop computers.

The FBI are now investigating and none of the hospitals are known to have paid the ransom.

Ransomware is getting more and more popular each day. Commonly downloaded through phishing emails, the malware encrypts important data on the targeted computer and then charges the unlucky victim to decrypt his or her data. Furthermore, its relatively easy to procure through the Deep Web, thanks to the prevalence of cyber-crime as a service.

And top among the list of targets for those wielding ransomware, seems to be medical institutions.

In recent months, several hospitals on both sides of the Atlantic have been hit with a series of attacks. Last week attackers made off with a trove of treatment information and profoundly personal details from a series of cancer treatment centres in the US.

The first attack to really grab headlines was the attack on Hollywood Presbyterian Medical Centre, which shut down day-to-day operations for several days and ended in a payment of $17,000 (£12,000). A post on Pastebin, a website for sharing developer code, later claimed that Turkish hackers had perpetrated the attack on account of US support for Kurdish forces fighting in northern Iraq.

At the same time a ransomware attack hit several hospitals in Germany, shutting down email capacity and one of the hospital's' X-ray systems. In most cases, the ransomware only gets so far within the hospital's servers before the IT team wipes the servers of the infection and backs up. What keeps the IT teams of hospitals up at night, though, is the prospect of it spreading further through the hospital's systems.  

The fact is, hospitals are very lucrative targets for the ill-intentioned. Brian Spector, CEO of MIRACL told that, “Public institutions like hospitals are a key target for hackers because they hold such a treasure trove of personal data. In the US, the potential bounty is even larger, due to the additional layer of financial transactions taking place.”

Spector added that,  “Hospital IT systems are notoriously fragmented and complex, with networks crossing wards, laboratories and offices. They are also among the most vital and important in any organisation – because if their systems go down, people's lives may be at risk. For this reasons, criminals may believe hospitals are more likely to succumb to ransomware demands than other organisations, and target them more as a result.”

Richard Beck, head of cyber-security at QA also spoke to hospital's status as a high value target for hackers. “They are singled out as they are so lucrative. Either the organisation pays up and the criminal exhorts a princely ransom, or they don't and the criminal still receives high value data such as full medical records, which they can sell on”, Beck told SC.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews