Ransomware Now Most Profitable Malware Type, Weaker Security Makes Healthcare a Target, Research Says | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Ransomware Now Most Profitable Malware Type, Weaker Security Makes Healthcare a Target, Research Says

July 27, 2016
by Heather Landi
| Reprints
Click To View Gallery

Cisco recently released its 2016 Midyear Cybersecurity Report and, according to its latest threat intelligence and trend analyses, while ransomware is not a new threat, it has evolved to become “the most profitable malware type in history.”

Ransomware is a massive revenue generator with strong staying power due to the fact that adversaries are typically paid in Bitcoin, which provides the hackers anonymity, the Cisco researchers stated. In addition, the majority of known ransomware cannot be easily decrypted, leaving victims with little option but to pay the asking price, according to the Cisco report.

“We expect the next wave of ransomware to be even more pervasive and resilient. Organizations and end users should prepare now by backing up their critical data and confirming that those backups will not be susceptible to compromise,” the Cisco researchers wrote in the report.

Cisco researchers also observed organizations lacking self-awareness about their appeal to attackers. “Industries such as healthcare have become more attractive to bad actors in recent years because they offer the combination of valuable data with traditionally weaker security,” the Cisco researchers wrote.

In particular, the researchers examined attackers’ use of JBoss back doors earlier this year to launch ransomware campaigns against organizations in the healthcare industry. This serves as a strong reminder that adversaries, when given time to operate, will find new ways to compromise networks and users—including exploiting old vulnerabilities that should have been patched long ago, the Cisco researchers stated.

The healthcare industry has faced several ransomware attacks this year. In its analysis of Cisco customers in the healthcare vertical that were hit by ransomware attacks, the Cisco researchers identified a number of enterprise vulnerabilities that had made infections more likely for these organizations. Those vulnerabilities include shared passwords and “overprivileged” accounts; insufficient security logging that would allow the detection of compromised passwords; web applications with OWASP top 10 vulnerabilities and unpatched operating systems and application.

Cisco researchers also found that all the PCs in a hospital often run the same vulnerable versions of software like Windows XP, Adobe Flash player, or Java. “Of note, most recent ransomware infections of healthcare workstations that we investigated could be traced to clinical staff web browsing from a workstation that was missing Flash player patches. Lack of a formal process to ensure the timely installation of security patches was also a common theme across our healthcare customers,” the Cisco study authors wrote.

“In addition, most medical providers targeted by ransomware did not have incident response plans in place, which greatly undermined their efforts to respond effectively to attacks. Also, few healthcare organizations have dedicated security teams. Maintenance of IT assets is typically handled by one or more IT generalists who lack security expertise,” the Cisco study authors stated.

Cisco researchers recommend that businesses with similar security challenges take the following actions, at minimum, to improve their overall security posture, such as conducting basic hardening of systems to resist malware and hacking attacks and assessing the IT landscape in the organization by asking questions such as, “What and how many devices are on the network? Where are those devices located?”

And researchers recommend organizations educate users about threats and best practices, develop an incident response plan and monitor the network actively for evidence of compromise.

Cisco researchers also concluded that organizations’ security teams need to reduce the unconstrained time that adversaries have to operate.

“Today’s attacks currently outpace defenders’ ability to respond. As long as attackers are permitted unconstrained time to operate, and innovate, their success is all but ensured. But if an organization can limit adversaries’ time and opportunity to lay the foundation for and carry out an attack, they are forced to make decisions under pressure that place them at higher risk of becoming known—and taken down,” the Cisco researchers stated.

“As has always been the case, organizations and end users play an important role in helping to reduce the time that threat actors have to operate. For enterprises, there has perhaps never been a better time—or more urgent need—to improve security practices. Upgrading aging infrastructure and systems and patching known vulnerabilities will undermine the ability of cybercriminals to use those assets to carry out their campaigns,” the researchers wrote.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Adam Boehler Tapped by Azar to Serve as Senior Value-Based Care Advisor

Adam Boehler, currently director of CMMI, has also been named the senior advisor for value-based transformation and innovation, HHS Secretary Alex Azar announced.

Vivli Launches Clinical Research Data-Sharing Platform

On July 19 a new global data-sharing and analytics platform called Vivli was unveiled. The nonprofit group’s mission is to promote, coordinate and facilitate scientific sharing and reuse of clinical research data.

Survey: More Effective IT Needed to Improve Patient Safety

In a Health Catalyst survey, physicians, nurses and healthcare executives said ineffective information technology, and the lack of real-time warnings for possible harm events, are key obstacles to achieving their organizations' patient safety goals.

Physicians Still Reluctant to Embrace Virtual Tech, Survey Finds

While consumers and physicians agree that virtual healthcare holds great promise for transforming care delivery, physicians still remain reluctant to embrace the technologies, according to a new Deloitte Center for Health Solutions survey.

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.

Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Cryptonite.