What Makes Hospitals so Attractive to Hackers?

As hospitals attacked, U.S. indicts foreign hackers for targeting banks, dam in N.Y.

Aliah D. Wright By Aliah D. Wright March 29, 2016


Just as the U.S. announced the indictment of seven Iranians accused of hacking Wells Fargo, JP Morgan Chase, Bank of America, and several other banks and entities nationwide, U.S. hospitals were in the midst of dealing with the aftermath of malware attacks.

On March 24, according to news reports, the Justice Department indicted seven hackers who reportedly work for Iran’s Islamic Revolutionary Guard Corps. Not only were the hackers behind the cyberattacks of dozens of American banks that began in 2011, but they were also responsible for attacks on AT&T and the New York Stock Exchange.

In announcing the indictments March 24, U.S. Attorney Loretta Lynch said hackers also tried to take control of a small dam in Rye, N.Y.

“If you’re a computer hacker sitting overseas in whatever country you’ve chosen to hide in, this indictment sends a powerful message that the full force of the federal government will come after you,” Lynch said during a news conference.

None of the individuals charged are located in the United States.

Hospitals Hit with Ransomware

Meanwhile, on March 28, the Associated Press reported that the FBI was investigating an attack that crippled the computer systems at Washington’s Georgetown University Hospital. That hospital is operated by MedStar Health, which operates 10 hospitals in the Baltimore and Washington metropolitan areas. It was unclear whether the virus is ransomware or whether patient data was comprised, the wire service reported. 

Kentucky Methodist Hospital in Henderson, Ky., declared a state of emergency March 18 after a ransomware attack encrypted its data, according to news reports. Ransomware is a virus that encrypts and locks files. It is virtually impossible to decipher the encryption, so the FBI has advised affected businesses that haven’t backed up their files to pay the ransom. Once the ransom is paid, hackers send a key to unlock the documents. In the Kentucky case, hackers demanded $1,600. As the hospital debated paying the ransom, it shut down all of its desktop computers and eventually activated a backup system.

The FBI is investigating that attack as well as two others.

Chino Valley Medical Center and Desert Valley Hospital, both in California, also were hit with ransomware attacks last week. The hospitals in Kentucky and California are all running normally.

Fred Ortega, spokesman of Prime Healthcare Services, which owns both the California hospitals, declined to comment on the ransom amounts and other details, citing the ongoing investigation. He told news outlets the attacks caused “significant disruptions of our IT systems. However, most of the systems and the critical infrastructure has been brought back online.”

These cases mirror one last month at Hollywood Presbyterian Medical Center in Los Angeles. In that case, hackers infected the hospital’s systems with malware and demanded $17,000 to restore access to e-mail and electronic health records. That hospital paid the ransom.

What Should HR Do?

Experts tell SHRM Online that all HR and IT personnel must take steps to ensure their organizations’ safety and to safeguard against vulnerabilities—and this can be especially important for hospitals.
Trend Micro, a Los Angeles-based global security software company, reports that “more than 26 percent of all data breaches occur in health care, making it the No. 1 targeted industry in the U.S.”

Trend Micro is calling 2016 “the year of the ransomware.” And experts tell SHRM Online that ransom demands will increase.

“Extortion attacks, whether using crypto-ransomware, DDOS [distributed denial of service] or other tools have proven effective and profitable for the actors behind them,” Jon Clay, senior global marketing manager at Trend Micro, told SHRM Online. “We’re seeing more attacks occur due to the success of past attacks.”

And although experts advise backing up files, hackers are targeting those backup files, too.
Security awareness training firm KnowBe4 cautioned companies to heed new FBI and Microsoft alerts, warning of hybrid targeted ransomware attacks that attempt to encrypt an organization’s entire network. This means they’re attempting to wipe out all backups, infect all key machines with ransomware and then demand payment, KnowBe4 has explained.

This latest method uses a little-known strain of ransomware called Samas, first discovered in 2014. According to research by Microsoft, the majority of infections thus far have been detected in North America, with a few instances in Europe, according to KnowBe4.

“It is not clear yet if the current attack starts with phishing e-mails, which infect a single workstation with ransomware and then installs a Trojan that allows the hackers into the network, or if the network gets penetrated first and subsequently gets infected with ransomware,” KnowBe4’s CEO Stu Sjouwerman said. “It looks like targeted ransomware attacks have indeed arrived and will be around awhile.”

KnowBe4 offered these tips for companies on prevention and mitigation:

  • Keep all software applications up to date and patched.
  • Use strong passwords.
  • Disable the loading of macros, which automate frequently used tasks, in Office programs through Group Policy settings.
  • Implement strong backup and recovery policies.

HR must be especially vigilant as ransomware continues to sweep through U.S. companies, making companies and their employees vulnerable to theft. In a post on the social networking site Reddit earlier this week, someone wrote: “It's happened again: My HR rep fell victim to a phishing scam and sent all 50 employees’ tax info to some fraudster yesterday. Company has yet to notify everyone officially. What should I do?”

Said Sjouwerman, “HR and accounting should themselves be very wary of opening any attachment they did not ask for. Only view attachments using Google Chrome’s ‘view’ option, which … does not actually open the document. The same thing is true for all employees. HR should work hand-in-hand with IT to deploy effective security awareness training which includes frequent simulated phishing attacks.”

Aliah D. Wright is an online editor/manager for SHRM.


Job Finder

Find an HR Job Near You
Search Jobs


Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 10,000 companies

Search & Connect

HR Daily Newsletter

News, trends and analysis, as well as breaking news alerts, to help HR professionals do their jobs better each business day.