Ransomware attacks have impacted 621 hospitals, healthcare centers, schools, and city entities as of the end of September. Through the ransomware attacks, an estimated $186 million in ransom has been paid, averaging nearly $270,000 per attack. Recently, ten hospitals in the United States and Australia were hit with ransomware attacks, causing one to plan on permanently closing their doors in December.
U.S. Hospitals Hit with Ransomware
In September, Campbell County Health Center was hit by a ransomware attack, resulting in the center being forced to cancel surgeries. Furthermore, the center was forced to cancel lab, respiratory therapy, and radiological exams and procedures, as well as turn away new patients.
Three Tuscaloosa, Alabama-based DCH Health hospitals temporarily closed their facilities to new patients due to an October 1st targeted ransomware attack. DCH Regional Medical Center, Northport Medical Center, and Fayette Medical Center are able to continue care of current patients and are only accepting new patients if they are in critical condition or require immediate medical treatment. Otherwise, all other patients are being diverted to nearby healthcare centers.
“A criminal is limiting our ability to use our computer systems in exchange for an unknown payment,” said a DCH Health System representative in a statement.
Seven Hospitals Hit by Ransomware in Australia
Seven hospitals located in Gippsland and southwest Victoria who are governed by the Government of Victoria, were also hit with a ransomware attack on October 1st. As of now, researchers do not believe the attacks between DCH and those in Australia are linked.
The Government of Victoria hospitals has been forced to cancel elective surgeries and all appointments. Multiple computer systems have been disconnected, causing patient records, bookings, and management services to be shut down.
Two Hospitals Permanently Close due to Ransomware Attacks
California-based Wood Ranch Medical will permanently close its doors after the healthcare provider was unable to recover patient records that were encrypted by ransomware. In August, Wood Ranch Medical suffered a ransomware attack, encrypting electronic health records. All patient data, including that on back up hard drives, was encrypted. The damage was severe enough that data recovery was not an option. As a result, Wood Ranch Medical officials said it would be impossible to rebuild its systems. The medical center will cease operations and close its practice permanently on December 17, 2019.
Wood Ranch Medical will become the second healthcare provider to permanently close its doors due to a ransomware attack this year. In March, Michigan’s Brookside ENT and Hearing Center refused to pay a $6,500 ransom demand after incurring a ransomware attack. Hackers subsequently erased all files including appointments, patient information, and payment records. The practice was permanently closed as of April 30, 2019.
Should Healthcare Organizations Pay the Ransom?
While it may or may not have saved Wood Ranch Medical and Brookside ENT and Hearing Center from permanently closing their doors, paying the ransom is generally frowned upon in the cybersecurity community. By doing so, organizations are not only making themselves bigger targets but creating targets for the entire sector as a whole. Due to the massive success hackers have had with the healthcare sector, ransomware attacks aren’t going anywhere.
“Unfortunately, the groups breaking into individual computers at organizations are becoming rapidly better at obtaining access across networks, and then causing chaos with the goal to being paid,” commented UK-based cybersecurity expert Kevin Beaumont.
“There is no reason to believe that attacks will become less frequent in the near future,” added Fabian Wosar, CTO at Emsisoft.
If these two healthcare organizations had CryptoStopper developed by WatchPoint as part of a comprehensive layered cybersecurity solution, they would still be in business today. These two organizations had ALL of their data encrypted, deleted, and their systems were subsequently unable to be repaired.
CryptoStopper uses deception technology to detect ransomware. During the installation process, decoy files are strategically deployed. We call these Watcher Files. When ransomware begins the encryption process, CryptoStopper detects it in real-time and takes automated action to stop the attack in milliseconds and then alerts you to the event.
Antivirus and firewalls no longer provide the protection you need to save your network from a ransomware attack.
Using deception technology and CryptoStopper is the only way to stop an actively running attack that has gotten past your traditional defenses. Click here to learn more about CryptoStopper and how WatchPoint can help with your cybersecurity needs!
Photo courtesy of ThreatPost.com