Healthcare Ransomware

Posted on May 8, 2017 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Health Data Management has a nice article up with insights on healthcare ransomware from GreyCastle Security’s CEO, Reg Harnish. Reg made a great case for why healthcare is seeing so much ransomware:

He contends that healthcare isn’t any more vulnerable to ransomware than other industries. But Harnish observes that—given the value of patient data and medical records—providers are the focus of cyber criminals who are targeting them with file-encrypting malware.

“You take their data away, and it literally threatens lives, patient safety and patient care, so they are much more likely to pay a ransom,” he adds.

I think healthcare organizations do respond differently to ransomware than other organizations and that makes them more vulnerable to an attack since many healthcare organizations feel it’s their obligation to maintain patient safety and that the ransom is worth the money so they can do no harm to patients.

Reg also addressed whether paying the ransom in a ransomware incident was a good idea (it’s not):

On the question of whether or not organizations should give in to the demands of cyber criminals using ransomware, Harnish says that GreyCastle never recommends paying a ransom. “There’s no guarantee that the ransom will work,” he warns. “If you pay the ransom, you may not get decryption keys. And even if you do get decryption keys, they may not be the right ones.”

Further, Harnish cautions that those organizations that pay a ransom then get put on a list of victims who have complied with ransomware demands. As a result, he says they are much more likely to be targeted again as a “paying” customer. “None of our clients have ever paid a ransom,” he adds.

I agree that in 98% of cases, paying the ransomware is a bad idea. Plus, every healthcare organization that pays the ransomware makes it worse for other healthcare organizations. Instead, the key is to have a great backup and disaster recovery strategy if and when ransomware occurs in your organization.

As Reg also points out, ransomware most often comes into your organization through your users. So, it’s worth the investment to educate your end users on possible hacking/ransomware attempts. Education isn’t perfect, but it can help decrease your chances of a ransomware incident.