Another spree of Ransomware attacks recently victimized three more hospitals: Kentucky Methodist Hospital in Kentucky, and Chino Valley Medical Center and Desert Valley Hospital, both in California. In the California hospitals’ case, the attack penetrated defenses by means of phishing through emails and managed to infect several hospital computers before the victims shut down computers to prevent a further spread of the attack. The Kentucky hospital was not so fortunate, as the attack was carried out by copying the original files, then encrypting those files with viruses. The originals were then deleted, which forced employees to open the infected files if they were to gain access to necessary information. The situation was declared an “internal state of emergency” by cyber expert Brian Krebs. No hospital is believed to have paid the ransom.
Unfortunately, these sorts of attacks on hospitals are relatively common. Hollywood Presbyterian Medical Centre fell victim to Ransomware earlier this year and “resolved” the problem by paying the $17,000 that hackers demanded. The attack was later revealed to be of Turkish origin, carried out in response to U.S. support of Kurdish forces in Iraq. Hospitals in particular serve as ideal targets for Ransomware hackers because the hospital staff simply cannot ignore that access to necessary data is prohibited, and in some cases lives are at stake. This makes the hospital more likely to give in, thus effectively stealing money from the victim.