Ransomware Now Most Profitable Malware Type, Weaker Security Makes Healthcare a Target, Research Says | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Ransomware Now Most Profitable Malware Type, Weaker Security Makes Healthcare a Target, Research Says

July 27, 2016
by Heather Landi
| Reprints
Click To View Gallery

Cisco recently released its 2016 Midyear Cybersecurity Report and, according to its latest threat intelligence and trend analyses, while ransomware is not a new threat, it has evolved to become “the most profitable malware type in history.”

Ransomware is a massive revenue generator with strong staying power due to the fact that adversaries are typically paid in Bitcoin, which provides the hackers anonymity, the Cisco researchers stated. In addition, the majority of known ransomware cannot be easily decrypted, leaving victims with little option but to pay the asking price, according to the Cisco report.

“We expect the next wave of ransomware to be even more pervasive and resilient. Organizations and end users should prepare now by backing up their critical data and confirming that those backups will not be susceptible to compromise,” the Cisco researchers wrote in the report.

Cisco researchers also observed organizations lacking self-awareness about their appeal to attackers. “Industries such as healthcare have become more attractive to bad actors in recent years because they offer the combination of valuable data with traditionally weaker security,” the Cisco researchers wrote.

In particular, the researchers examined attackers’ use of JBoss back doors earlier this year to launch ransomware campaigns against organizations in the healthcare industry. This serves as a strong reminder that adversaries, when given time to operate, will find new ways to compromise networks and users—including exploiting old vulnerabilities that should have been patched long ago, the Cisco researchers stated.

The healthcare industry has faced several ransomware attacks this year. In its analysis of Cisco customers in the healthcare vertical that were hit by ransomware attacks, the Cisco researchers identified a number of enterprise vulnerabilities that had made infections more likely for these organizations. Those vulnerabilities include shared passwords and “overprivileged” accounts; insufficient security logging that would allow the detection of compromised passwords; web applications with OWASP top 10 vulnerabilities and unpatched operating systems and application.

Cisco researchers also found that all the PCs in a hospital often run the same vulnerable versions of software like Windows XP, Adobe Flash player, or Java. “Of note, most recent ransomware infections of healthcare workstations that we investigated could be traced to clinical staff web browsing from a workstation that was missing Flash player patches. Lack of a formal process to ensure the timely installation of security patches was also a common theme across our healthcare customers,” the Cisco study authors wrote.

“In addition, most medical providers targeted by ransomware did not have incident response plans in place, which greatly undermined their efforts to respond effectively to attacks. Also, few healthcare organizations have dedicated security teams. Maintenance of IT assets is typically handled by one or more IT generalists who lack security expertise,” the Cisco study authors stated.

Cisco researchers recommend that businesses with similar security challenges take the following actions, at minimum, to improve their overall security posture, such as conducting basic hardening of systems to resist malware and hacking attacks and assessing the IT landscape in the organization by asking questions such as, “What and how many devices are on the network? Where are those devices located?”

And researchers recommend organizations educate users about threats and best practices, develop an incident response plan and monitor the network actively for evidence of compromise.

Cisco researchers also concluded that organizations’ security teams need to reduce the unconstrained time that adversaries have to operate.

“Today’s attacks currently outpace defenders’ ability to respond. As long as attackers are permitted unconstrained time to operate, and innovate, their success is all but ensured. But if an organization can limit adversaries’ time and opportunity to lay the foundation for and carry out an attack, they are forced to make decisions under pressure that place them at higher risk of becoming known—and taken down,” the Cisco researchers stated.

“As has always been the case, organizations and end users play an important role in helping to reduce the time that threat actors have to operate. For enterprises, there has perhaps never been a better time—or more urgent need—to improve security practices. Upgrading aging infrastructure and systems and patching known vulnerabilities will undermine the ability of cybercriminals to use those assets to carry out their campaigns,” the researchers wrote.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.

Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

Study: Use of EHRs Does Not Reduce Administrative Costs

A recent study by Duke University and Harvard Business School researchers found that costs for processing a single bill ranged from $20 for a primary care visit to $215 for an inpatient surgical procedure, or up to 25 percent of revenue.

Kibbe to Step Down as CEO of DirectTrust

David Kibbe, M.D., M.B.A., announced he would step down as president and CEO of DirectTrust at the end of the year.