Ransomware Now Most Profitable Malware Type, Weaker Security Makes Healthcare a Target, Research Says | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Ransomware Now Most Profitable Malware Type, Weaker Security Makes Healthcare a Target, Research Says

July 27, 2016
by Heather Landi
| Reprints
Click To View Gallery

Cisco recently released its 2016 Midyear Cybersecurity Report and, according to its latest threat intelligence and trend analyses, while ransomware is not a new threat, it has evolved to become “the most profitable malware type in history.”

Ransomware is a massive revenue generator with strong staying power due to the fact that adversaries are typically paid in Bitcoin, which provides the hackers anonymity, the Cisco researchers stated. In addition, the majority of known ransomware cannot be easily decrypted, leaving victims with little option but to pay the asking price, according to the Cisco report.

“We expect the next wave of ransomware to be even more pervasive and resilient. Organizations and end users should prepare now by backing up their critical data and confirming that those backups will not be susceptible to compromise,” the Cisco researchers wrote in the report.

Cisco researchers also observed organizations lacking self-awareness about their appeal to attackers. “Industries such as healthcare have become more attractive to bad actors in recent years because they offer the combination of valuable data with traditionally weaker security,” the Cisco researchers wrote.

In particular, the researchers examined attackers’ use of JBoss back doors earlier this year to launch ransomware campaigns against organizations in the healthcare industry. This serves as a strong reminder that adversaries, when given time to operate, will find new ways to compromise networks and users—including exploiting old vulnerabilities that should have been patched long ago, the Cisco researchers stated.

The healthcare industry has faced several ransomware attacks this year. In its analysis of Cisco customers in the healthcare vertical that were hit by ransomware attacks, the Cisco researchers identified a number of enterprise vulnerabilities that had made infections more likely for these organizations. Those vulnerabilities include shared passwords and “overprivileged” accounts; insufficient security logging that would allow the detection of compromised passwords; web applications with OWASP top 10 vulnerabilities and unpatched operating systems and application.

Cisco researchers also found that all the PCs in a hospital often run the same vulnerable versions of software like Windows XP, Adobe Flash player, or Java. “Of note, most recent ransomware infections of healthcare workstations that we investigated could be traced to clinical staff web browsing from a workstation that was missing Flash player patches. Lack of a formal process to ensure the timely installation of security patches was also a common theme across our healthcare customers,” the Cisco study authors wrote.

“In addition, most medical providers targeted by ransomware did not have incident response plans in place, which greatly undermined their efforts to respond effectively to attacks. Also, few healthcare organizations have dedicated security teams. Maintenance of IT assets is typically handled by one or more IT generalists who lack security expertise,” the Cisco study authors stated.

Cisco researchers recommend that businesses with similar security challenges take the following actions, at minimum, to improve their overall security posture, such as conducting basic hardening of systems to resist malware and hacking attacks and assessing the IT landscape in the organization by asking questions such as, “What and how many devices are on the network? Where are those devices located?”

And researchers recommend organizations educate users about threats and best practices, develop an incident response plan and monitor the network actively for evidence of compromise.

Cisco researchers also concluded that organizations’ security teams need to reduce the unconstrained time that adversaries have to operate.

“Today’s attacks currently outpace defenders’ ability to respond. As long as attackers are permitted unconstrained time to operate, and innovate, their success is all but ensured. But if an organization can limit adversaries’ time and opportunity to lay the foundation for and carry out an attack, they are forced to make decisions under pressure that place them at higher risk of becoming known—and taken down,” the Cisco researchers stated.

“As has always been the case, organizations and end users play an important role in helping to reduce the time that threat actors have to operate. For enterprises, there has perhaps never been a better time—or more urgent need—to improve security practices. Upgrading aging infrastructure and systems and patching known vulnerabilities will undermine the ability of cybercriminals to use those assets to carry out their campaigns,” the researchers wrote.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Survey: By 2019, 60% of Medicare Revenues will be Tied to Risk

Medical groups and health systems that are members of AMGA (the American Medical Group Association) expect that nearly 60 percent of their revenues from Medicare will be from risk-based products by 2019, according to the results from a recent survey.

83% of Physicians Have Experienced a Cyber Attack, Survey Finds

Eighty-three percent of physicians in a recent survey said that they have experienced some sort of cyber attack, such as phishing and viruses.

Community Data Sharing: Eight Recommendations From San Diego

A learning guide focuses on San Diego’s experience in building a community health information exchange and the realities of embarking on a broad community collaboration to achieve better data sharing.

HealthlinkNY’s Galanis to Step Down as CEO

Christina Galanis, who has served as president and CEO of HealthlinkNY for the past 13 years, will leave her position at the end of the year.

Email-Related Cyber Attacks a Top Concern for Providers

U.S. healthcare providers overwhelmingly rank email as the top source of a potential data breach, according to new research from email and data security company Mimecast and conducted by HIMSS Analytics.

Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.