Report: Cyber Criminals Targeting Healthcare Industry with Off-The-Shelf Ransomware | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Cyber Criminals Targeting Healthcare Industry with Off-The-Shelf Ransomware

April 10, 2017
by Heather Landi
| Reprints
Click To View Gallery

Amateur cybercriminals may be shifting towards targeting the healthcare sector using an off-the-shelf ransomware, according to security researchers at Forcepoint Security Labs.

Forcepoint is an Austin, Texas-based cybersecurity software company and Roland Dela Paz, a senior security researcher at the company, detailed in a blog post that Forcepoint Security Labs has identified a ransomware-as-a-service (RaaS) platform, called Philadelphia, used in a cyber attack on a healthcare organization.

“In that attack, a shortened URL, which we believe was sent through a spear-phishing email, was used as a lure to infect a hospital from Oregon and Southwest Washington. Once a user clicks on the link, the site redirects to a personal storage site to download a malicious DOCX file,” Dela Paz wrote.

He noted that the document contained the targeted healthcare organization’s logo and a signature of a medical practitioner from that organization. Three document icons pertaining to patient information also were present in the file and, when the user double-clicks, a malicious Javascript is triggered which downloads and executes a variant of the Philadelphia ransomware.

“Believed to be a new version of the Stampado ransomware, Philadelphia is an unsophisticated ransomware kit sold for a few hundred dollars to anyone who can afford it. Recently, a video advertisement of Philadelphia surfaced on Youtube,” he wrote.

Dela Paz further wrote in the blog post, “A few things in the malware captured our interest. Aside from the tailored bait against a specific healthcare organization, the encrypted JavaScript above contained a string “hospitalspam” in its directory path. Likewise, the ransomware C2 also contained “hospital/spam” in its path. Such wordings would imply that this is not an isolated case; but that the actor behind the campaign is specifically targeting hospitals using spam (spear phishing emails) as a distribution method.”

He also noted that ransomware-as-a-service platforms such as Philadelphia continue to attract would-be cybercriminals to take part in the ransomware business. And, while this example represents only one healthcare organization that was targeted, the researcher noted that it could signify the beginning of a trend with smaller ransomware operators, using RaaS platforms, aiming for the healthcare sector, “ultimately leading to even bigger and diversified ransomware attacks” against the sector, he wrote.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Adam Boehler Tapped by Azar to Serve as Senior Value-Based Care Advisor

Adam Boehler, currently director of CMMI, has also been named the senior advisor for value-based transformation and innovation, HHS Secretary Alex Azar announced.

Vivli Launches Clinical Research Data-Sharing Platform

On July 19 a new global data-sharing and analytics platform called Vivli was unveiled. The nonprofit group’s mission is to promote, coordinate and facilitate scientific sharing and reuse of clinical research data.

Survey: More Effective IT Needed to Improve Patient Safety

In a Health Catalyst survey, physicians, nurses and healthcare executives said ineffective information technology, and the lack of real-time warnings for possible harm events, are key obstacles to achieving their organizations' patient safety goals.

Physicians Still Reluctant to Embrace Virtual Tech, Survey Finds

While consumers and physicians agree that virtual healthcare holds great promise for transforming care delivery, physicians still remain reluctant to embrace the technologies, according to a new Deloitte Center for Health Solutions survey.

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.

Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Cryptonite.