Today's Practice: Changing the Business of Medicine National Edition Q1 2017 | Page 43

A SILENT & EMERGING THREAT :
A SILENT & EMERGING THREAT :

Ransomware

By Trevor Weyland
In the first quarter of 2016 , we saw a large increase in ransomware attacks across the United States . According to the Federal Bureau of Investigation , victims of ransomware paid $ 209 million in ransom in the first three months of this year alone — more than 10 times the amount paid in all of 2015 .
Ransomware is a type of malicious software that infects a computer and then holds the data hostage by encrypting the files until victims pay to have them unlocked . Ransomware isn ’ t new — criminals have long sought to extort payment from victims . It is often spread in one of three ways — through phishing emails that include malicious attachments , through a user visiting a website from which malware is downloaded without the user ’ s knowledge , and through social media applications .
The consequences of ransomware include ( temporary ) loss of access to data , disruption of normal business activities and loss of revenue , as well as the costs of restoring data / files , paying the ransom and damage to reputation .
Ransomware in Healthcare
In February 2016 , Hollywood Presbyterian Medical Center in Los Angeles reported paying the bitcoin equivalent of $ 17,000 to cyber criminals after patient and doctor records were locked , forcing the hospital to work with paper records and divert some patients to other hospitals .
“ The malware locks systems by encrypting files and demanding ransom to obtain the decryption key . The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key ,” Stefanek said . “ In the best interest of restoring normal operations , we did this .”
— Allen Stefanek , Chief Executive Officer Hollywood Presbyterian Medical Center [ Los Angeles Times , February 16 , 2016 ]
In March of this year , Methodist Hospital in Henderson , Kentucky , was attacked by ransomware that limited the hospital ’ s use of its electronic web-based services . The hospital was able to activate its backup systems and continued to operate , without paying a ransom .
Also in March , MedStar Health , in Columbia , Maryland , shut down its computer networks to stop the spread of malware . There were reports that the malware was actually ransomware and that the demand was the equivalent of $ 19,000 in bitcoins .
Additionally , the Los Angeles County Health Department recently reported to the Los Angeles district attorney and county chief information officer that they found traces of ransomware on five of its computers .
TODAY ’ S PRACTICE : CHANGING THE BUSINESS OF MEDICINE 42