Source: Ransomware targeting health systems in more ‘sophisticated’ ways. Alerts from federal agencies, cybersecurity companies and information-sharing groups help chief information security officers stay up-to-date on emerging threats, but chasing new variants of ransomware is a never-ending job.
Sometimes, ransomware can feel like the flu. As soon as hospitals find a defense, a new and more sophisticated version appears—making it difficult for hospital leaders to keep up.
Cryptic names like WannaCry, Petya and SamSam—all variants of ransomware—have become common points of discussion in healthcare. But while those ransomware campaigns targeted businesses across industries, it’s becoming more prevalent to see hackers tailor their approaches within the healthcare industry, finding new technical vulnerabilities to exploit at specific hospitals and more closely customizing the phishing emails that deploy malware.
John Riggi, the American Hospital Association’s senior adviser for cybersecurity and risk, said he’s also noticed an increase in the “sophistication and severity” of ransomware attacks against healthcare organizations.
“They now appear to be highly targeted and highly specific attacks against specific hospitals,” he said.
In healthcare, ransomware accounted for more than 70% of all malware—”malicious software”—attacks, according to a data breach report Verizon released last year. Ransomware attacks can come with a hefty price tag for their victims, with hackers demanding thousands to millions of dollars in exchange for decrypting an organization’s computer files.