Following the news about a hacker is advertising hundreds of thousands of alleged records from healthcare organisations on a dark web marketplace, including social security and insurance policy numbers, while also holding the organisations to ransom. IT security experts from Tripwire and MIRACL commented below.
Travis Smith, Senior Security Research Engineer at Tripwire:
“The next stage of ransomware has finally arrived. Traditional ransomware is a semi-automated process in which the malicious software infects the victim and encrypted as much critical data as possible. However, the victim could easily forgo the ransom in lieu of restoring from recent backups. This is the next stage of ransomware, in which the attacker is mitigating the risk of the victim restoring from backup by keeping a copy of the private data. Now the victim may have to make decisions on paying not only to recover their data, but to prevent it from being leaked externally. For businesses, this could mean fines and diminished reputation from the breach. For consumers, this could be private or damaging information.
A lot of attention for ransomware has been shining on the recovery aspect, as it’s relatively simple to have recent backups and restore your encrypted data. With this evolution, both businesses and consumers will need to focus more heavily on prevention. This includes keeping applications and operating systems up to date with the latest patches and training users not to click links or open attachments from unknown sources.”
Brian Spector, CEO at MIRACL:
“Hospital IT systems are notoriously fragmented and complex, with networks crossing wards, laboratories and offices. They are also among the most vital and important in any organization – because if their systems go down, people’s lives may be at risk. This makes healthcare organisations the perfect victims for ransomware.
So it is not surprising that there has been such a spate of ransomware attacks on hospitals in the past year. This will most likely grow in the future so all healthcare organisations must take time to constantly evaluate and improve their defence configurations and make sure they have a full back up in place so that if they are affected they can recover quickly without paying the ransom.
It’s as true for hospitals as it is for the Web itself, where the efforts of hackers are becoming bolder and more frequent. We believe that the security challenge is a problem that can’t be patched. The best thing to do is start over with a new system which distributes trust across multiple points instead of continuing to provide single points of compromise.”