Department of Homeland Security Issues Ransomware Warning to Hospitals

In response to a series of ransomware attacks that crippled healthcare systems across the country, the Department of Homeland Security (DHS), the U.S. Computer Emergency Readiness Team (US-CERT), and the Canadian Cyber Incident Response Centre (CCIRC) released a warning on specific types of ransomware used in recent attacks. The warning is directed at all organizations that use networked computer systems, but specifically mentions healthcare facilities and hospitals.

Locky and Samas are the two types of ransomware named as being behind the recent spate of attacks.

Ransomware, a type of malware that encrypts files with a key that’s withheld for ransom, emerged as a significant threat to healthcare systems this year. Hollywood Presbyterian in Los Angeles was among the first to report a ransomware attack, followed soon after by incidents at other facilities in California, Kentucky, and Canada. MedStar in Baltimore is the most recent organization to weather a ransomware attack. Ransomware typically takes a hospital’s entire network offline and locks providers out of electronic health records and email. Ransomware can be difficult for an organization to recover from and some files may be permanently lost.

Networks infected by ransomware are also likely infected by other types of malware, the warning says. Malware linked to ransomware infections may copy and transmit financial information including bank account numbers or credit card numbers.

Healthcare organizations are advised to take steps to prevent ransomware attacks. US-CERT recommends that users:

  • Back up data on separate servers
  • Have a recovery plan for restoring data from backup servers
  • Ensure all software and devices are operating on the latest version
  • Disable macros from email attachments
  • Use application whitelisting to create a restricted list of applications and software that are permitted to run and update

Organizations are discouraged from paying the ransom. Payment of ransom does not obligate a hacker to release the encryption key and does not guarantee that any files will be released. Organizations are advised to contact the FBI’s Internet Crime Complaint Center if they discover ransomware or other evidence of hacking on their network.