New ransomware virus targets healthcare organizations
- Cybersecurity experts have identified a new ransomware strain that is targeting healthcare organizations, FierceHealthcare reports.
- The virus, dubbed Defray, spreads via a Microsoft Word attachment in emails sent to potential victims. The messages are customized to appear to come from a trusted source.
- Cybersecurity firm Proofpoint, which discovered the ransomware, said in a blog post last week the new virus differs from the “spray-and-pray” tactics of other recent ransomware attacks.
In one example of the personalized approach, an attachment titled Patient Report used the logo of a hospital in the United Kingdom and claimed to be from the hospital’s director of information management and technology. The ransomware demands $5,000 in bitcoin to release encrypted files.
The healthcare industry has seen a rash of cyber and ransomware attacks over the past couple of years, and while organizations are investing more in cybersecurity, its not coming soon enough for many.
In May, a massive global attack froze computers at more than 40 UK hospitals, forcing them to suspend routine services and accept only emergency cases. In all, 199,000 instances of the malware were detected in 104 countries. The ransomware, known as WannaCry, breaches computers via phishing emails and seeks payment in bitcoin to recover data.
A different ransomware virus, a strain of Petya, spread across Europe and hit U.S. targets in June. Among its victims were Nuance, Merck and Heritage Valley Health System. Again, file recovery hinged on a specified payment in bitcoin.
Healthcare organizations have been ramping up their cybersecurity efforts in response to these and other attacks. In a recent HIMSS survey of IT leaders, 71% said their organization budgets for cybersecurity, and 60% of those said that 3% or more of their overall budget is marked for cybersecurity.
In June, An HHS task force urged the government to be more proactive in helping healthcare organizations prevent cyberattacks, calling the state of cybersecurity “critical.” Despite industry efforts to safeguard information, many organizations lack the infrastructure to identify and track threats or the capacity to sift through data and act on results, the Health Care Industry Cybersecurity Task Force said.
Many hospitals also lack funding to support an in-house cybersecurity team, making it harder to monitor for vulnerabilities, the report said. But that may be changing. Among IT leaders surveyed by HIMSS, eight in 10 reported having a dedicated cybersecurity staff and six in 10 had a senior level security officer.