Report: Cyber Criminals Targeting Healthcare Industry with Off-The-Shelf Ransomware | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Cyber Criminals Targeting Healthcare Industry with Off-The-Shelf Ransomware

April 10, 2017
by Heather Landi
| Reprints
Click To View Gallery

Amateur cybercriminals may be shifting towards targeting the healthcare sector using an off-the-shelf ransomware, according to security researchers at Forcepoint Security Labs.

Forcepoint is an Austin, Texas-based cybersecurity software company and Roland Dela Paz, a senior security researcher at the company, detailed in a blog post that Forcepoint Security Labs has identified a ransomware-as-a-service (RaaS) platform, called Philadelphia, used in a cyber attack on a healthcare organization.

“In that attack, a shortened URL, which we believe was sent through a spear-phishing email, was used as a lure to infect a hospital from Oregon and Southwest Washington. Once a user clicks on the link, the site redirects to a personal storage site to download a malicious DOCX file,” Dela Paz wrote.

He noted that the document contained the targeted healthcare organization’s logo and a signature of a medical practitioner from that organization. Three document icons pertaining to patient information also were present in the file and, when the user double-clicks, a malicious Javascript is triggered which downloads and executes a variant of the Philadelphia ransomware.

“Believed to be a new version of the Stampado ransomware, Philadelphia is an unsophisticated ransomware kit sold for a few hundred dollars to anyone who can afford it. Recently, a video advertisement of Philadelphia surfaced on Youtube,” he wrote.

Dela Paz further wrote in the blog post, “A few things in the malware captured our interest. Aside from the tailored bait against a specific healthcare organization, the encrypted JavaScript above contained a string “hospitalspam” in its directory path. Likewise, the ransomware C2 also contained “hospital/spam” in its path. Such wordings would imply that this is not an isolated case; but that the actor behind the campaign is specifically targeting hospitals using spam (spear phishing emails) as a distribution method.”

He also noted that ransomware-as-a-service platforms such as Philadelphia continue to attract would-be cybercriminals to take part in the ransomware business. And, while this example represents only one healthcare organization that was targeted, the researcher noted that it could signify the beginning of a trend with smaller ransomware operators, using RaaS platforms, aiming for the healthcare sector, “ultimately leading to even bigger and diversified ransomware attacks” against the sector, he wrote.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



NIH Releases First Dataset from Adolescent Brain Development Study

The National Institutes of Health (NIH) announced the release of the first dataset from the Adolescent Brain Cognitive Development (ABCD) study, which will enable scientists to conduct research on the many factors that influence brain, cognitive, social, and emotional development.

Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.

Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

Study: Use of EHRs Does Not Reduce Administrative Costs

A recent study by Duke University and Harvard Business School researchers found that costs for processing a single bill ranged from $20 for a primary care visit to $215 for an inpatient surgical procedure, or up to 25 percent of revenue.