How to Prevent Ransomware Attacks at Hospitals

Implement regular backups to stay safe

Ransomware has been an Internet menace for more than a decade; recently a new trend has emerged — the targeting of hospitals and other healthcare facilities.

Ransomware works by locking down computers to prevent users from accessing data until a ransom is paid, usually in the form of Bitcoin. Hospitals are the perfect target for this kind of extortion because they provide critical care and rely on up-to-date information from patient records. Without quick access to critical information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk a life-threatening situation.

Prevention Efforts

Paying the ransom doesn’t guarantee an organization will get their data back. In fact, this only emboldens criminals to target more organizations, making the problem exponentially worse. Ransomware has gotten so insidious that the FBI issued a Flash Warning this past spring, urging organizations to adopt a two-pronged strategy to combat the threat: prevention (focused on fortifying cyber defenses) and business continuity.

Strengthening cyber defenses is a huge component. Another reason that hospitals are a prime target is that many have not trained their employees on cyber security awareness. Ransomware often preys on these psychological vulnerabilities; for example, a victim will see an email addressed to them, open it and click on an attachment that appears legitimate, but contains malicious code. Training is essential to educate healthcare employees on ransomware, and their roles in protecting their organization’s data.

Backup Strategies

While prevention (leveraging cyber tools and education) is critical, backup strategies are just as important. According to the FBI, business continuity approaches must back up data and verify the integrity of those backups regularly, as well as secure these backups, making sure they aren’t connected to the computers and networks backing them up. This disconnection is key, as new forms of ransomware grow more sophisticated at circumventing traditional data protection measures. The ransomware known as “Locky” searches for and erases Volume Shadow Copy files, a feature in Windows systems that backs up copies of files automatically, even as people work on them.

A solid backup strategy can make a huge difference. Earlier this year, attackers took computers belonging to the Hollywood Presbyterian Medical Center in Los Angeles hostage using the Locky ransomware. Computers were offline for more than a week until officials caved to the extortionists’ and paid the equivalent of $17,000 in Bitcoin.

In contrast, shortly afterwards, Methodist Hospital in Henderson, Kentucky was struck by Locky as well, preventing them from accessing patient files. The facility declared a “state of emergency” on a Friday but by Monday was reporting that its systems were “up and running.” Methodist officials, however, said they did not pay the ransomware; administrators in this case were able to restore the hospital’s data from backups. This enabled them to shorten the duration of the emergency, and avoid paying a hefty ransom.

Cloud Misconceptions

Aligning to the FBI’s recommendations, the holy grail of backup means getting data out of the building, to a remote, secure location. Cloud-based backup offers an attractive, cost-effective, reliable, scalable and secure option, but to date, many healthcare organizations have not taken full advantage due to several misconceptions.

Fear of an Onerous Initial Data Seed

  • Healthcare organizations’’ data volumes are huge – and growing. According to IDC, at the projected growth rate, healthcare data stores will swell to 2,314 exabytes by 2020. When organizations face the unfortunate combination of large initial backup files and limited bandwidth capacity, moving data securely offsite via the Internet becomes a potentially expensive, time-consuming initiative, which may give them cold feet. Some healthcare organizations have held off on backing up data for so long, that the prospect of initial data transfer to the cloud can be especially daunting. Fortunately, advances like Amazon Snowball can now help SMBs overcome the challenges of the initial data transfer, making data transfer speeds up to 300 percent faster.


  • Healthcare IT teams are already strained, dealing with many mission-critical priorities including HIPAA; EHRs, population health and data analytics; data security and patient engagement. With all of these responsibilities, daily backup can be viewed as a time-consuming, productivity-draining task. As the size of data increases, IT workers may find themselves spending an inordinate amount of time on hardware maintenance, upgrades and backup – time that could be better spent on many other pressing challenges. Healthcare IT teams need backup processes that are automated, frequent and require minimal human intervention. Cloud-based backup can deliver this.

Vendor Lock-In

  • The fear of vendor lock-in is often cited as a major impediment to cloud service adoption, regardless of the industry. The complexities of cloud service migration mean that many customers stay with a provider that doesn’t meet their needs, just to avoid the cumbersome process of disengaging. Healthcare IT teams may view cloud-based data backup as a proprietary trap that they want to avoid, especially as other popular healthcare cloud usage cases evolve, like SaaS-based apps and hosting of clinical apps and data. Rightfully so, healthcare organizations may want to keep their cloud options open. In reality, cloud backup tools are fostering greater openness and support for a variety of clouds, in order to acknowledge the reality of constantly changing priorities and meet prospective customers’ desire for flexibility.


  • Information security and data protection is healthcare IT teams’ top priority. This isn’t surprising, as the ramifications of a healthcare enterprise data breach can be enormous. To address this, cloud backup providers are now supporting user-side encryption, ensuring files are completely unreadable in the event they are accessed by unauthorized parties. Client-side encryption can help build confidence and allay fears.

The newest research from Kaspersky Labs shows that crypto-ransomware – which encrypts data on users’ systems – has grown five-fold in the past year alone. Sometimes the only way to get the encrypted data back is to pay the criminals, and healthcare organizations may be apt to panic and fork over the ransom, due the mission-critical nature of their data. That brings a lot of money into the underground ecosystem that has grown up around this malware, and as a result new forms of ransomware continue to crop up at an alarming pace.

Healthcare organizations must protect themselves not just by implementing the proper cyber defenses and employee education, but also implementing regular backups. Increasingly, cloud-based backup can be valuable weapon in this arsenal. As long as the ransomware business model seems to be profitable and safe for criminals, these evil-doers will continue their work. Strategies like cloud-based backup can be instrumental in changing this.

About The Author