From the
PRESIDENT
Robert A. Zaring, MD, MMM
GLMS President | [email protected]
PROTECT YOUR OFFICE From Ransomware
T
he season finale of the television
show “Grey’s Anatomy” depicted
the show’s main hospital in chaos.
Physicians were unable to access
vital patient information from the
Electronic Health Record (EHR), they were
getting false readings from equipment and
could not even open certain doors. Amid
all this chaos, the hospital administration
faced a difficult decision: Do we pay the
multimillion dollar ransom in bitcoin to get
our hospital back or not? Although there
were exaggerations made in the show, much
of what happened fictionally could and has
happened to hospitals across the world that
have been attacked by cybercriminals with
ransomware.
Ransomware is software that encrypts
or removes computer files and does so until
a ransom payment is made. The show was
very timely, because health care has been a
growing target for ransomware attacks by
cybercriminals. In 2016, 72 percent of all
health care malware attacks were ransom-
ware. Health care trails only the financial
sector as the most targeted industry by ran-
somware. A report by the antivirus maker
Symantec revealed a 36 percent increase in
ransomware attacks from 2015 to 2016, with
some projections of up to 4,000 attacks a day
in the United States. These increased attacks
eventually lead to the massive ransomware
attack on health care on May 12, 2017. The
ransomware was known as WannaCry and
to date has hit more than 230,000 comput-
ers involving 100,000 organizations in 150
countries. Europe was hurt much more
than the United States as the virus started
in Europe and many in the United States
had time to apply the patch. One of the
hardest countries hit was the UK. The UK’s
National Health Service even had to decline
outpatient visits on May 12, 2017 due to the
ransomware attack. WannaCry had some
unique qualities that differentiated itself
from previous ransomware attacks.
Typically, ransomware gains entrance
to your computer through phishing ef-
forts by cybercriminals. The cybercrimi-
nals send out emails hoping that someone
clicks on the email and downloads the virus,
but WannaCry was different. WannaCry
gained entrance through a vulnerability in
Microsoft Windows, specifically the serv-
er message block which helps nodes on a
network communicate. Microsoft sent out
a patch for the vulnerability on March 14,
2017, but many had not installed that patch.
The origins of the malware are interesting
and sound something like a spy novel. It is
known that the NSA had discovered this
vulnerability and developed code known
as EternalBlue to exploit the vulnerability.
Unfortunately, a hacking group known as
the Shadow Brokers hacked the NSA and
stole the code and publicly released it on
April 8, 2017. It appears the code was then
used by the Lazarus Group, a group of cy-
bercriminals with ties to North Korea, to
create and start the WannaCry attacks. In-
terestingly, another ransomware known as
NotPetya arising from Russia hit weeks after
WannaCry and used the same EternalBlue
code to gain entrance.
In the Grey’s Anatomy finale, doctors
could not only not access patient infor-
mation, but also had almost all equipment
malfunctioning. This would likely not be
the case in a real attack. Machines can be
affected but given variances in software.
This would likely only be a few machines or
monitors. The most common scenario is not
being able to access patients’ files which is
dangerous enough. This danger to patients
hints as to why hospitals have become such
wonderful targets for ransomware and cy-
bercriminals. To begin, most of the infor-
mation systems in a hospital are mission
critical, and delays can mean death. Further-
more, systems are often dated. Due to their
critical nature and usage, downtimes are
discouraged thus limiting times for adding
updates and patches. Cybercriminals know
there will likely be a vulnerability present,
and they know those in health care would
rather pay the ransom than endanger a pa-
tient. Therefore, the cybercriminal tries to
make paying the ransom as reasonable a
choice as possible which is why the ran-
soms typically range from $700 to $1,300
or in WannaCry’s case $300. However, in
February of 2016, Hollywood Presbyteri-
an Medical Center paid $17,000 worth of
bitcoin to get their systems back after an
attack. Therefore, the ransoms do vary in
amount, but cybercriminals prefer sums
they know are tempting, and 65 percent of
the time victims do pay which accounted
for 1 billion dollars in 2016. But before you
think it is an easy choice, you must remem-
ber that only 65 to 70 percent of the time do
cybercriminals release the attacked system
after receiving payment.
The financial pain for a health care insti-
(continued at bottom of page 7)
FEBRUARY 2018
5