What is Ransomware ?
Ransomware is a form of malicious software that locks up the files on your computer, encrypts them, and demands that you pay to get your files back. Wanna Decryptor, or WannaCry, is a form of ransomware that affects Microsoft’s Windows operating system. When a system is infected, a pop up window appears, prompting you to pay to recover all your files within three days, with a countdown timer on the left of the window. It adds that if you fail to pay within that time, the fee will be doubled, and if you don’t pay within seven days, you will lose the files forever. Payment is accepted only with Bitcoin.
How does it spread?
According to the US Computer Emergency Readiness Team (USCRT), under the Department of Homeland Security, ransomware spreads easily when it encounters un patched or outdated software. Experts say that WannaCry is spread by an internet worm — software that spreads copies of itself by hacking into other computers on a network, rather than the usual case of prompting unsuspecting users to open attachments. It is believe that the cyber attack was carried out with the help of tools stolen from the National Security Agency (NSA) of the United States.
Some forms of malware can lock the computer entirely, or set off a series of pop-ups that are nearly impossible to close, thereby hindering your work.
Impact of Ransomware virus on Global hospitals
Globally the malware has claimed 200,000 victims across 150 countries so far. Asia seemed to fare worse than Europe on Monday 8 may 2017, mostly because it had started the weekend before the attack reached its full scale on Friday. China has reported 40,000 organisations as affected, which could be an underestimation given the prevalence of pirated software in its industry, according to the New York Times.
Russia, among the worst affected, has denied any role in perpetrating the attack and President Vladimir Putin blamed the United States’ intelligence agencies for creating the malware.
The National Health Service of the U.K., which was crippled by the attack, has been limping back to normalcy with most of its affected hospitals secured.
Some victims paid the $300-in-Bitcoins ransom demanded by the cyber-criminals to unlock their computers, which was due to double to $600 on Monday for computers hit by Friday’s first wave, according to Reuters. Many victims told cyber security experts that the hackers offered good service, with helpful advice on how to pay.
But the hackers appear to have made only about $50,000 so far, according to Elliptic Labs which tracks Bitcoin transactions.
Impact of Ransomware virus on Indian hospitals
Impact of ransomware virus is nearly zero to Indian hospitals as 80 percent of the healthcare delivery system is delivered by unorganized healthcare providers who are still not using healthcare technology for billing or storing data (EMR, inventory, drugs data etc) . Secondly only 20 percent of the organised players have there data on severs which is stored on various servers not on cloud . with comparison to UK where one common platform (structured platform) is used through which major hospitals store their data and whole system of healthcare delivery is taped by IT .
Major hospital chains , TPA’s and pharma companies are under thread which work on paperless or have common server used for data sharing are at a Major risk .
Why Hospitals Are the Perfect Targets for Ransomware
RANSOMWARE HAS BEEN an Internet scourge for more than a decade, but only recently has it made mainstream media headlines. That’s primarily due to a new trend in ransomware attacks: the targeting of hospitals and other healthcare facilities.
The malware works by locking your computer to prevent you from accessing data until you pay a ransom, usually demanded in Bitcoin. Hospitals are the perfect mark for this kind of extortion because they provide critical care and rely on up-to-date information from patient records. Without quick access to drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.
The another main reason for cyber criminals targeting medical institutions is because hospitals have at their disposal vast amounts of patients’ data (medical histories, drug prescriptions, allergies, etc.) that they rely heavily on in order to provide them with the necessary care they need. And because patients’ lives are at stake when that data is being held hostage, cyber criminals have almost a 100% guarantee that they will receive their ransom money . It’s shocking to think that ransomware criminals would exploit the situation by placing medical care givers in such a state of desperation that they have no choice but to pay the ransom.
How Hospitals Can Protect Themselves ?
- To protect hospital data from Ransomware hospital should configuring mail servers to block zip or other files that are likely to be malicious.
- Most importantly, organisations should restrict permissions to areas of the network. Instead of having thousands of people accessing files on a single server, they recommend breaking into smaller groups so that if a server gets infected, it won’t spread ransomware to everyone.
- It also forces attackers to work harder to locate and lock down more servers.
- The best way to protect your computer is to create regular backups of your files.
- The malware only affects files that exist in the computer. If you have created a thorough backup and your machine is infected with ransomware, you can reset your machine to begin on a clean slate, reinstall the software and restore your files from the backup.
- According to Microsoft’s Malware Protection Center, other precautions include regularly updating your anti-virus program; enabling pop-up blockers; updating all software periodically; ensure the smart screen (in Internet Explorer) is turned on, which helps identify reported phishing and malware websites.
- Avoid opening attachments that may appear suspicious.
What to do When ransomware strikes a hospital?
The first reaction is often panic. basic steps to be follow :
- Immediately shut down most of its network operations to prevent the malware from spreading. This meant health-care professionals could not access email or easily schedule patient visits or surgeries. The hospital reverted to paper records for communication and scheduling.
- Disconnect infected systems from a network and disable Wi-Fi and Bluetooth to prevent the malware from spreading.
- Victims are also told to remove any USB sticks or external hard drives connected to an infected computer to prevent those from being locked as well.
- Victim has two options: pay the ransom or restore data from backups. If formal backups don’t exist, it may be possible to restore data using Shadow Copy files and other methods. The best action, of course, is for hospitals to take steps to prevent attacks and maintain what he calls weapons-grade backups.
- Backed up data should be stored offline. When an infection is detected, take backup systems offline as well and scan backups to ensure they are free of malware.
Healthcare industry being a fastest growing and moving fast for digitization should be prepared for various security systems for there data which is still missing in present Indian healthcare scenario.
Ransomware is just one of the case study which India healthcare system can learn from UK and other countries that before you go for digitization level of security is the almost part.