Wyckoff Heights Medical Center, a 350-bed teaching hospital in Brooklyn, New York, was hit by Ryuk ransomware October 28, 2020. In fact, there has been an alarming uptick in ransomware attacks against healthcare covered entities (CEs) over the past few months. Furthermore, researchers link Ryuk ransomware to several recent healthcare attacks. In a recent joint advisory alert, federal agencies warned of “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers” through such malware tools as Dyre, Ryuk, Trickbot, and BazarLoader.
What happened?
In October, ransomware infiltrated Wyckoff's computer system. We do not know much about the cyberattack except that Ryuk somehow infiltrated the hospital’s network. Wyckoff has yet to release an official statement. The hospital shut down portions of its network to stop the spread of the ransomware. Unfortunately, it had already encrypted several connected devices. While details remain unknown, patient care seems unaffected. Moreover, it does not appear as if any protected health information (PHI) was exfiltrated. RELATED: Is a Name PHI? The breach has not yet been added to the HHS Office for Civil Rights’ Breach Portal.
What is ransomware?
Ransomware is malware (or malicious software) that denies access to a system until a victim pays a ransom. Such malware is normally delivered through phishing emails that attempt to deliver malware by either mass-mailing spam or via a targeted, spear-phishing campaign. RELATED: Phishing Attacks Wreak Havoc on Healthcare Providers Recent Ryuk attacks have begun as targeted phishing campaigns that install BazarLoader/KegTap malware that then deploy Cobalt Strike. After that, the threat actors have remote access to an infected computer and a network. The hackers then decrypt data and send a ransom demand. Unfortunately, researchers point out that the Ryuk decryptor corrupts certain files, which means not all data (if any) is recoverable. RELATED: To Pay or to Not Pay for Stolen DataGovernment officials do not recommend that CEs pay a ransom for several reasons. There is no confirmation that Wyckoff received or paid a ransom demand.
A rise in healthcare cyberattacks
Recent research states that healthcare was the most targeted industry in the U.S. (and globally) in October. There was a 71% increase in ransomware attacks as compared to September. RELATED: Global Surges in Ransomware Attacks in Q3 2020 Moreover, Ryuk is responsible for 75% of the October ransomware attacks. This is unfortunate and alarming given the current COVID-19 crisis and its exploitation by cyberattackers. RELATED: A Tired, Stressed Staff Raises Cybersecurity Risks And some attacks can be further disastrous as the negative effects of a ransomware attack are not restricted to data loss or monetary damages. For example, an attack may hinder a hospital’s ability to deliver timely medical services. Patient care may be halted and a patient may even indirectly die. Thankfully this does not appear to be the case with Wyckoff, but regrettably, not all CEs survive ransomware attacks.
How Paubox can help prevent cyberattacks
According to the October joint advisory alert, it is necessary for CEs to “review or establish patching plans, security policies, user agreements, and business continuity plans to ensure they address current threats posted by malicious cyber actors.” CEs should utilize a combination of employee awareness training, password security, and email security (i.e., HIPAA compliant email) to ensure employees and email communication remain protected. RELATED: How to Make Your Email HIPAA CompliantPaubox Email Suite Plus enables employees to send HIPAA compliant email while also blocking any possible incoming phishing emails. Our inbound security solutions safeguard against human error. Given the increase in ransomware attacks over the past few months, it is necessary to ensure safeguards are in place before an attack cripples a CE. Protect yourself and your employees today so that you can continue to provide solid patient care.
Kapua Iao
