Compromised patient data sets off a new health care crisis

Deception technology helps stop cyber thieves who see high value in medical records and systems

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The ransomware attack on health care company MedStar last week takes the wave of such assaults on hospitals to another level.

Ed note_TrapX_Carl WrightMedStar, which operates 10 hospitals and other facilities in the Baltimore-Washington, D.C., region, is reeling from an attack that disrupted access to crucial network systems. Earlier ransomware attacks that made news headlines were conducted against single institutions: Methodist Hospital in Henderson, Kentucky, Canada’s Ottawa Hospital, and Hollywood Presbyterian Hospital in Los Angeles.

Free resource: Planning ahead to reduce breach expenses

Clearly, such attacks against health care organizations are becoming common, posing a very serious public health and safety issue that won’t soon go away. The drivers of this trend are outlined in TrapX Security’s recent “Medjack” report, “Anatomy of Attack: Medical Device Hijack.”

The report highlights a sharp increase in health care data that is being targeted and compromised for nefarious purposes. Critical health care systems, including picture archive communications systems (PACS), blood gas analyzers and X-ray systems, are being infected with malware capable of holding patient health care data hostage.

Medical records a treasure trove of info

The uptick of such attacks against health care organizations makes sense from an economic perspective. Medical records have 10 to 20 times the value of credit card data due to the fact that a person’s entire identity can be reconstructed from the information. Credit cards, on the other hand, can be easily canceled and replaced.

In the case of the Ottawa hospital, malware encrypted four computers in the network rendering them inaccessible. It’s likely this malware was embedded via spear phishing. Spear phishing is a targeted cyber attack, usually via email, against an institution and is designed to support the theft of data or diversion of funds. In a spear phishing attack, hackers send a well-crafted email to targeted employees designed to trick the recipient into clicking on a malicious link or downloading a malicious attachment.

Kentucky Methodist Hospital’s computers apparently were hit by the so-called “Locky” malware, which arrived as an attachment in a spam email and then attempted to spread across the network. Methodist Hospital placed a scrolling red alert on its homepage stating, “Methodist Hospital is currently working in an Internal State of Emergency due to a Computer Virus that has limited our use of electronic Web-based services.”

Cyber thieves hold data hostage

The hackers who locked up the MedStar network actually offered the hospital chain a bulk discount to release all disrupted machines. The Baltimore Sun reported that the criminals asked for three bitcoins, worth about $1,250, for the digital key to unlock a single infected computer, or 45 bitcoins, about $18,500, for keys to all of them.

TrapX research shows that attacks are becoming increasingly common. Attackers gain access to the network via an employee’s compromised system, allowing the attacker to then move about the network undetected, often for months at a time, while they search for valuable confidential data, or install malicious software.

Ransomware, which freezes hospital data, generally provides a quick but small return for attackers. Theft of hospital patient data provides a potentially much larger return and can happen quietly over a period of months.

We expect the pace at which these attacks are discovered to accelerate over the coming months as more hospital networks fall prey to attackers already within their networks today.

Fighting back with technology

Deception technology involves the use of decoys and lures to expose, divert and confuse cyber adversaries at various phases of their attack. Enticing fake IT assets or decoys are interspersed among real IT assets. Data lures, including false login credentials, are placed within real IT assets.

This powerful combination reduces time to breach detection, authoritatively identifies attackers within networks, and enables security operations center teams to aggressively defend the enterprise. It can be used by health care organizations to identify and block these types of attacks in real-time before any damage can be done.

TrapX technology enables organizations to deploy traps to attract and deceive attackers while they are moving within a network and, ultimately, prevents them from disrupting network operations or exfiltrating sensitive data.

More stories on health care security:
As hackers target health care data, sector must get proactive
Health care sector finds cure for digital attacks elusive
Cloud use increases data security risk for health care organizations