U.S. Government Issues Guidance Document on Ransomware

August 08, 2016

In response to the rising number of online health records being made available on the black market, the US Department of Health and Human Services for Civil Rights has released a guidance document outlining the risks and preventive measures needed to combat the threat of ransomware.

Texas Children’s Hospital Opens Houston’s First ‘Zika Clinic’ For Expectant Mothers

Ransomware is a type of malicious software that denies authorized users access to information by encrypting data with a key. To regain control of the locked files, organizations are extorted into paying hackers ransoms. These malware attacks begin when a user clicks a malicious link or opens an attachment on spam, phishing messages, websites, and email attachments.

As millions of online health records are affected by ransomware attacks, the US health sector has become one of the segments most affected by its harmful outcomes.

According to Axel Wirth, Symantec technical architect, “Published reports suggests that the current value is $20 to $60 per patient record on the black market, which can be used for extortion, identify theft, medical insurance theft,” he continues. “It contains your bank information, social security number, health insurance credentials, even your address, physical descriptors, or next of kin. Health data is much more comprehensive than what other industries hold about their customers and can be used for many more purposes.”

To help fight these cyber-attacks, the HHS document provides healthcare organizations with instructions on implementing security measures that prevent the introduction of malware. The guidance document also outlines policies and procedures that assist entities with responding to and recovering from a ransomware attack.

In addition, the HHS has also required institutions to receive appropriate security training on topics such as detecting and reporting instances of malicious software to help keep their staff prepared.

Cases related to this digital threat have been drastically increasing in complexity and in numbers over the years with an average of more than 4,000 attacks each day in 2016, a 300% increase from the year before. 50% of hospitals said they experienced ransomware attacks and 20% experienced more than 7 attacks in the past 6 months. According to a report from security firm Protenus and dataBreaches.net, 11 million patient records have been breached so far. Ransomware attackers often charge up to $17,000 to return access, and that cost doesn’t include the impact of downtime it causes on the hospital.

In an effort to aid in the prevention of these cyber attacks, healthcare delivery organizations are urging healthcare technology providers to improve security on their products. The Association for the Advancement of Medical Instrumentation (AAMI) released a new Technical Information report called TIR 57 that provides medical device manufacturers with a framework to address cybersecurity threats during product development. Other firms that work with technology and are not necessarily into healthcare might also find TIR 57 helpful in addressing cyber vulnerabilities.

About the Author

Laura Collier

Laura Collier

Laura Collier has a Bachelor’s Degree in Communications and a Master’s Degree in Business Administration from the University of North Florida. She is the Marketing Manager at AIV, Inc.

AIV Catalog

Request Your Printed or Electronic Copy Today!
We Respect Your Privacy

Be Part of Our
Biomed Community

Healthcare technology management professionals are a vital link in hospital operations, and we proudly support the national, state, and local associations with ongoing support and resources.

Get Biomed Resources

Why buy from AIV

AIV strives to provide you cost effective options to service equipment. We offer flexible solutions to best suit your needs.