Ransomware Attacks and Unmanaged Medical Devices

Ransomware is one of the greatest threats to healthcare organizations everywhere. It’s clear that not having a comprehensive plan to protect against ransomware attacks is a significant risk. We covered IoT Ransomware earlier on the blog, including some of the most common causes.

In this post, we take a look at the consequences of these ransomware attacks on healthcare organizations, particularly when considering unmanaged medical devices. Of course, actively improving your security practices can make a huge difference in ensuring medical device security and overall effective IoT security.

What are Ransomware Attacks?

Malware is any software that maliciously attacks computing and IoT devices. Ransomware is a specific form of malware that encrypts the victim’s victim’s files. Ransomware attacks are when criminals infect machines with malware and then demand payment for a password that can unlock the files. The ransom demanded can range from a few thousand dollars on up. Today’s attackers are highly sophisticated. They often research your organization and tailor the ransom to what they perceive is your ability to pay (e.g., annual revenue, funding, etc.).

Sometimes attackers face problems during their ransomware attacks when they cannot extract money from an organization that refuses to pay. In this case, many attackers will then decrypt the data themselves and auction it off to the highest bidder on underground forums. This process is another headache for organizations as their patient records, or other sensitive data, are being sold on the black market for nefarious purposes.

Consequences of Targeted Ransomware Attacks

Ransomware attacks regularly end businesses. Unfortunately, this type of shutdown also includes medical facilities such as Wood Ranch Medical  in Simi Valley, California. Criminals hit their facility in the summer of 2019. Rather than pay the ransom, they decided to close down a few months later, in December 2019. Note that this is not an isolated incident, as attackers target many healthcare facilities daily. In fact, ransomware attacks targeted at healthcare providers are on the rise.

Hospitals and other healthcare facilities make prime targets for ransomware attacks. If a hospital’s hospital’s systems go off-line, the problems extend well beyond losing files or breaching compliance; it’s it’s literally life-or-death in many cases. The bad actors know this and use it as leverage when choosing their targets. The machines behind a healthcare operation need to be highly available, and lack of medical device availability becomes an enormous patient safety issue.

The various machines and devices in a hospital or other medical setting are generally costly. To upgrade these machines would require money that these organizations often do not have. The fact that these devices need to be FDA certified adds to the cost. Many hospitals and medical centers elect instead to make do with what they have. That means old devices are running outdated operating systems, many that have reached the end of life. These operating systems no longer receive patches and updates, making them even more vulnerable to emerging cyber attacks. Unmanaged devices, and old or outdated equipment, present a large attack surface that isn’t isn’t going away anytime soon.

How Ransomware Attacks Infect Unmanaged Devices

The average healthcare organization has numerous areas vulnerable to ransomware attacks. Some of the most vulnerable ones in a healthcare setting include:

• Microsoft Remote Desktop. Employees use Remote Desktop protocol to log into their corporate machines virtually. If a business wants to allow remote desktop access, they should require employees to use a secured VPN.
• Phishing. Email phishing attacks are another common source of ransomware attacks. A phishing email is when the email sender pretends to be someone it isn’tisn’t. Usually, a person clicks a link in a phishing email, which kickstarts the infection process.
• Outdated Systems & Lack of Patching Support. Widely known software vulnerabilities are prime targets for attack. Healthcare providers often run antiquated systems with known vulnerabilities. Software misconfiguration is another problem endemic to organizations that lack proper IT support. It’s widely known that you can’t secure what you don’t know, making unmanaged IoT especially vulnerable to ransomware attacks.

The Fallout from Ransomware Attacks

Healthcare providers suffer from numerous negative consequences from targeted ransomware attacks. Even if the provider doesn’t have to shut down, they’ll likely have to curtail operations (and seeing’t have to shut down, they’ll likely have to curtail operations (and see patients) until the problem is under control. Computer systems will have to be updated, and specialists consulted to determine if there are any usable data backups to avoid paying the ransom. According to conservative estimates , the total financial damage from ransomware attacks topped over $1 billion, with the actual damage likely much higher.

Healthcare organizations that suffer ransomware attacks not only deal with the immediate loss of revenue, but there is also damage to their reputation. Many potential patients will forgo making appointments with a small business when they feel their personal data isn’t isn’t safe.

Effective IoT Security to Prevent Ransomware Attacks

Healthcare organizations must remain vigilant against possible ransomware attacks. An ounce of prevention could go a long way to thwart attacks before causing significant damage.

A first step in protecting your organization from ransomware attacks is knowing what devices are on your network. By taking inventory and taking sensible precautions, you can minimize security risks.

If you’re you’re looking for fast, easy, affordable IoT security, request your FREE IoTSecure IoT-mini today.

With IoTSecure, you can protect your IoT assets automatically. The IoTSecure IoT-mini runs on any network port – with no network TAP, no SPAN ports, no software agents to install, and no tuning required. It’s It’s the simplest, most complete, and most affordable IoT security available. And for a limited time, you can request your IoT-mini for FREE!

Once approved and you receive your device, it’s it’s easy to get started:

1. Connect the IoTSecure IoT-mini to any network port. It takes <2 minutes!
2. Within a day, you’ll you’ll get an automated report of all connected devices on your network, as well as IoT vulnerabilities (including OWASP IoT Top 10) and available patches.

You can test the results at home, with a virtual network, or directly on your corporate network with zero impact on performance, availability, or bandwidth.

To start profiling IoT devices on your network, request your IoTSecure IoT-mini today.