First it was Hollywood Presbyterian Medical Center that made headlines when ransomware disabled the hospital’s computer network. Now another California healthcare organization has become a victim. Los Angeles County Department of Health Services is the latest large healthcare organization to experience the pain of ransomware. According to the Los Angeles Times:
Los Angeles County Department of Health Services computers have been targeted in a “ransomware” cyberattack, officials said Friday.
The attack on the Los Angeles County health department was on a smaller scale. Spokesman Michael Wilson said the agency had identified remnants of a ransomware thread on five work computers Wednesday, but that operations had not been affected.
Luckily the ransomware is only on 5 computers and has not spread throughout the whole network. It seems as though the LA County Department of Health Services will not pay the ransom.
Wilson said the county has not paid a ransom and will not do so. The attack was the first of its kind targeting the health services department, he said.
Coincidence or Target?
Ransomware is usually not targeted at specific organizations. In the past ransomware, like SPAM or phishing scams are sent to thousands or millions of email addresses hoping that someone will click on an attachment and unleash the ransomware code. Or a user will get ransomware by visiting a website that has been compromised.
Ransomware is a serious threat and seems to be targeting healthcare organizations among others:
“Since the New Year, the healthcare industry has experienced an uptick in ransomware incidents…. The county is no different but has been successful in analyzing and mitigating this threat,” he said.
Are we starting to see a more targeted occurrence of ransomware? As healthcare organizations move from paper-based healthcare records to electronic healthcare records, the need to access computer systems becomes more critical. It can be argued that access to electronic healthcare records is a matter of life or death. You would think that if access to this data is that critical, then wouldn’t healthcare organizations be more willing to pay a ransom to get access to the data? And this was the exact thinking of Hollywood Presbyterian Medical Center which paid a $17,000 ransom to gain access to their systems and data.
If the tide is turning and criminals are setting their sights on healthcare organizations, the smaller organizations such as physician or dental offices are even more at risk. These smaller organizations lack professional IT support, in some cases, and do not have up to date data backups or disaster recovery procedures. These organizations would be very willing to pay a ransom to get access to data that would be lost for good if they do not pay the requested ransom.
It is getting more dangerous out there! Be safe.