(U//FOUO) DHS Field Analysis Report: Growing Trend of Ransomware Attacks Targeting Hospitals

The following report was obtained from the website of a regional hospital association.

Growing Trend of Ransomware Attacks Targeting Hospitals and Healthcare Facilities

Page Count: 5 pages
Date: July 21, 2016
Restriction: For Official Use Only
Originating Organization: Department of Homeland Security, Office of Intelligence and Analysis, Oregon Terrorist Information and Threat Analysis Network, Kentucky Intelligence Fusion Center
File Type: pdf
File Size: 700,582 bytes
File Hash (SHA-256): 7C06327003FC391E7C97CE2B86E7E07EAF9B04768EB4C793D3409A81F61192C0

Download File

(U) Key Judgments: An uptick in ransomware attacks directed against the healthcare community in the first four months of 2016 underscores the potential vulnerability of all hospital and healthcare provider computer systems.

(U//FOUO) TITAN, KIFC, and I&A have not identified any specific impending or future threats to hospitals or healthcare providers in Oregon or Kentucky.

(U//FOUO) Recent incidents in the United States, Canada, and New Zealand, however, indicate that hospitals and healthcare providers could become victims. There have been six reported ransomware attacks on healthcare organizations in the United States, affecting at least 16 hospitals during the first four months of 2016.

(U) End-user training and education about cybersecurity, threats such as ransomware, and systems vulnerabilities could mitigate such attacks in the future.

(U//FOUO) The healthcare sector has been a desirable target for hackers due to the sensitive nature of patient information contained in their systems. The stakes are very high in the healthcare industry because any disruption in operations and care can have significant repercussions for patients. As such, this industry offers an ideal victim for ransomware, and these attacks are likely to continue—disrupting employee access to important documents and patient data and hampering the ability to provide critical services—creating a public safety concern.

(U//FOUO) Locky will likely decline in the coming months as a new ransomware strain known as SamSam begins to emerge. According to researchers, SamSam, which exploits server vulnerabilities to spread across and infect enterprise networks, may be a precursor to a new generation of ransomware known as “cryptoworms.” Cryptoworms are predicted to penetrate networks through previously known vulnerabilities, blending modern network intrusion tactics based off SamSam with past computer worms that targeted unpatched server vulnerabilities, such as the Conficker and SQL Slammer worms. Organizations that operate on typically less-secure networks should remain especially diligent in prevention efforts.


Share this: