Ransomware Attacks in Healthcare Facilities



Ransomware Attacks in Healthcare Facilities

Ransomware is a malware form premeditated to block one from accessing his/her data in a computer system until the victim pays a ransom (Fruhlinger, 2020). Basically, the files of a victim are encrypted, and till the target makes a ransom disbursement to an attacker/hacker, then the access will not be restored. The attackers provide instructions to the victim(s) on how the fee should be paid to get the decryption key, and payments are made through cryptocurrencies (Fruhlinger, 2020). Businesses that have no disaster recovery or cybersecurity emergence response plans are forced to pay the ransom.

Among the many industries hit by cyber-threats and data breaches includes the healthcare industry. Once ransomware has hit a healthcare facility, most processes become inoperable while others are decelerated (Bradberry, 2016). Pathological processes are slowed, and a lot of funds are soaked up. The reason health centers become vulnerable to the ransomware attack is because of the availability of many systems and devices. Machines within a health facility can be infected in a number of ways. Some of these ways include phishing spam add-ons that appear on mails, clicks made by users on malicious links, masquerading files that are not trustable, and viewing ads inclosing malware.

Attackers design fake emails containing a link to an infected website; for example, documents containing macros appear legitimate. Once a click is made on the document, a download is made, and the entire machine is infected (Snell, 2016). In less than twenty minutes, encrypted data belonging to patients is derived from network files and hard drives (Spence et al., 2018). In hospitals, there has been the implementation of medical devices connected and regular use of mobile phones, which makes the facility vulnerable because of probable access sockets for unsanctioned persons. A healthcare facility’s web server becomes exploited, and the entire system is accessible.

Most of the patients’ info accumulated and derived from the systems is sold on the dark web. Sales depend on the type of stolen data because the information is sold for different fistfuls of cash. Information, network-provided service, and application become unfeasible once a ransomware attack occurs (Biddle, 2017). It’s thus hard for doctors and health practitioners to attend to and treat patients because they will not be able to access vital patient data. Lives are endangered and treatments, plus operations become halt. When key systems are crippled and held hostage, crucial, and critical data belonging to patients is hard to access until a fee (ransom) is paid. Not only do these attacks cause severe delays but they also lead to cancelation of appointments (Bradberry, 2016). Hospital finances are also greatly affected, and patients’ trust is lowered.

The Cyber Threat Alliance in a report made in 2015 indicated that Crypto Wall 3, a ransomware variant consumed up to $325million (Spence et al., 2018). Hollywood Presbyterian Medical Center was a victim of Ransom attack in February 2016 where employees within the organization were not able to access the hospital network until a $17000 was paid (Snell, 2016). A ransomware attack was witnessed at Washington D.C and MedStar, where all emails were shut, including the EHR systems to keep the virus away from spreading. A fee was paid by New Jersey’s Hackensack Meridian Health, where the attack affected up to 17 hospitals (Eddy, 2020). According to Bischoff (2020), California and Texas states have had the biggest hits of the ransomware attacks since 2016.


Bradberry. K. (July 15, 2016). The truth about Ransomware’s Impact to the Healthcare Industry. Becker’s Hospital review. Retrieved from https://www.beckershospitalreview.com/white-papers/the-truth-about-ransomware-s-impact-to-the-healthcare-industry.html

Bischoff. P. (February 11, 2020). 172 ransomware attacks on US healthcare organizations since 2016 (costing over $157 million). Comparitech. [Blog]. Retrieved from https://www.comparitech.com/blog/information-security/ransomware-attacks-hospitals-data/

Biddle. S (August 24, 2017). What Does a Ransomware Attack in Healthcare Really Cost? Fortinet. Retrieved from https://www.fortinet.com/blog/industry-trends/what-does-a-ransomware-attack-in-healthcare-really-cost598cac40e212e

Eddy. N (December 16, 2019). Ransomware attacks in 2019 forced some health systems to pay up. Healthcare IT News. Retrieved from https://www.healthcareitnews.com/news/ransomware-attacks-2019-forced-some-health-systems-pay

Fruhlinger. J (June 19, 2020). Ransomware explained: How it works and how to remove it. CSO. Retrieved from https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html

Snell. E (June 03, 2016). How Ransomware Affects Hospital Data Security. Health IT Security. Retrieved from https://healthitsecurity.com/features/how-ransomware-affects-hospital-data-security

Spence. N, Bhardwaj. N, Paul. D. P., & Coustasse. A. (2018). Ransomware in Healthcare Facilities: A Harbinger of the Future? Perspectives In Healthcare Information Management. Retrieved from https://perspectives.ahima.org/ransomwareinhealthcarefacilities/