Compared to other industries, the health care sector could be anywhere from 10-15 years behind in terms of cybersecurity, according to Scott Erven, associate director at consulting firm Protiviti. Erven, a veteran in the security field, warns that machines such as cardiology systems, infusion systems and MRI machines could be vulnerable to an outside attack and most made before 2008 contain a specific flaw in the system that is easily exploitable. This exploit allows the hacker to access a hospital’s network through these machines, meaning the attacker can come into possession of both sensitive and personal information stored within a company’s databases. Ransomware attacks are a particular problem because many companies are not properly equipped or prepared to deal with such attacks. Some potential reasons why the health care industry is so vulnerable to ransomware attacks include:
- Most health care businesses are not “tech-savvy” enough to know how to appropriately address the problem
- Many health care facilities cannot afford to be locked out of their databases, meaning that these organizations often pay the fine because they cannot function without access to their information
- Hackers believe that businesses within the health care industry can afford to pay their ransom, and so are more efficient targets
The recent attack on Hollywood Presbyterian Medical Center serves as a reminder of the dangers of Ransomware attacks, and that lockouts in places like hospitals could even lead to death. FireEye Consultant Jens Monrad believes that deaths “can become a realistic scenario because we do see that more and more critical infrastructure is being directly connected to the Internet due to availability, limited on-site resources, etc.” As usual, to help prevent Ransomware attacks be sure to stay up to date on all cyber security measures and to avoid visiting any suspicious websites or opening suspicious attachments.