Share this article on:
A special report on CNBC.com into mobile device ransomware was compiled in the aftermath of the Hollywood Presbyterian Medical Center ransomware cyberattack. The attack crippled the hospital´s internal computer system, shut down its email servers and prevented access to EMRs. The hospital had no option but to pay a $17,000 ransom to obtain the encryption key that would unlock its data and communications system.
Although investigations are still ongoing into how the crippling malware found its way into the hospital´s system, mobile device ransomware has not been ruled out. Indeed, the CNBC.com article starts with cyber security expert Robert Herjavec commenting that 40% of threats come from inside and – knowing this – cybercriminals are taking advantage of mobile device ransomware to launch more sophisticated cyberattacks.
Not the First Ransomware Attack on a Medical Facility
Ransomware – a type of computer malware – is an effective weapon for cybercriminals. Traditionally it has been used to encrypt files on a computer to make them inaccessible, and normally finds its way into a computer network via a downloaded Trojan that has been disguised as a legitimate file, or via bogus advertising links that take visitors to a website that can detect vulnerabilities in browser plugins. More recently, says Herjavec, mobile device ransomware has become more prolific.
Ransomware has been used before to attack medical facilities. In 2012, access to the medical records of 7,000 patients at the Surgeons of Lake County was blocked by ransomware, while two years later Clay County Hospital in Illinois was also subject to a ransomware attack – this time affecting the records of 12,621 patients. Details of how the ransomware infected the two computers systems have not been released – nor how much ransom the two medical facilities had to pay to recover their files.
Ransomware: Potentially A Matter of Life and Death
According to cybersecurity expert Lillian Albon medical facilities make good targets for ransomware attacks because they rarely have the IT security resources available to larger organizations. Hussein Syed – Chief Information Security Officer for Barnabas Health – added that computer system in the healthcare industry have to be kept running at all times because of patient care issues. “In some cases” Syed said, “it is a matter of life and death”.
In the compilation of the CNBC.com report, author Bob Woods spoke with Kevin Haley, a Director at Symantec Security Response. Haley was adamant that cybercriminals are expanding their attacks beyond desktop computers to include mobile device ransomware. Haley claimed that almost any device that has an operating system and “potentially anything connected to the Internet” can be used to launch a ransomware attack.
Security Issues for Healthcare Organizations with Unsecure BYOD Policies
Mobile device ransomware creates all kinds of security issues for healthcare organizations with unsecure BYOD policies. Not only has it been forecast that ransomware attacks will increase over the next year, but also proven that malware on a mobile device can infect a computer network via an organization´s Wi-Fi router.
At the conclusion of the CNBC.com article, Dmitriy Ayrapetov – Director of product management at Dell SonicWALL – predicted that security measures could be in place to prevent mobile device ransomware attacks within two years. Until then, unless healthcare organizations take steps to secure their communication systems, it may only be a question of time until ransomware attacks – such as that which crippled the Hollywood Presbyterian Medical Center – appear on the news daily.