Ransomware is a type of malware that takes control over a computer or computer system by encrypting all the data on the drive. The data is then held at ransom until a predetermined cost is paid. Due to the use of cryptocurrencies (e.g., bitcoins) for payment it is difficult to track those demanding the ransom making it tough to prosecute.
A rapid increase in the computerization of health care organizations, many without the capacity to keep up to date with the extensive privacy and security measures required, has made them targets for cyber-criminals. In the last couple of years there have been numerous ransomware attacks that has held critical hospital data at ransom.
Health Centers may be perceived as more vulnerable targets by cyber-criminals due to a potentially smaller IT staff and older set of IT infrastructure (e.g., operating systems without latest security updates).
Examples in the News
Massive Locky ransomware attacks hit U.S. hospitals
Security report - Nearly 90 percent of ransomware attacks target healthcare
Virginia dermatologist hit by ransomware attack, records for 13,000 patients seized
- E-mails posing as legitimate business or tempting links
- Trojans acting as update requests
- Anti-Virus programs patches and updates
- Windows system updates
- False “You’ve got a virus” notifications
- Gaining access by exploiting known network or security softwarae vulnerabilities