An internet television program that explores the intersection of medicine and the law.

The Surprising Ways a Hospital can be Infected with Ransomware

By Tom Andre, VP of Information Services at Cooperative of American Physicians (CAP) to Risk Management

Description

What You Need to Know: Hospital Ransomware Attacks

Our guest on Healthcare Matters is Tom Andre, VP of Information Services at Cooperative of American Physicians (CAP). In part 4 of our What You Need to Know: Hospital Ransomware Attacks, we ask Mr. Andre to list the surprising ways hospitals and medical facilities can be infected with ransomware. This information is important in the wake of the numerous hospital attacks occurring all around the country, including the attack on Hollywood Presbyterian Medical Center.

This is only one of the many questions we asked Mr. Andre about cyber security and how healthcare facilities can protect themselves. Check out all of them here:

  1. Explaining the Recent Ransomware Attacks on Hospitals
  2. Top Two Risks a Hospital Faces in a Malware Attack
  3. How Common are Ransomware Attacks on Hospitals?
  4. The Surprising Ways a Hospital can be Infected with Ransomware
  5. Risk Management Tips for Hospitals to Avoid Ransomware Attacks
  6. Should Hospitals Negotiate with Hackers if Hit with Ransomware?
  7. Protecting Patient Data During Hospital Ransomware Attacks
  8. Full Interview with Tom Andre: What You Need to Know: Hospital Ransomware Attacks

Transcript

Mike Matray: What are the most common ways that these malware attacks get into a hospital system?

Tom Andre: This particular type of malware usually comes in through a phishing attack. Phishing is sending an email that looks like it’s from someone else, someone legitimate. Or even maybe doesn’t really appear to be legitimate, but people have a tendency to be trusting and they click on things.

So if you click on a link that goes to an infected website, it will cause an installation of some malware. If you open a Word document and you run macros in a Word document, that can infect your computer. In some cases, there have been websites that have had their own links infected.

There’s a common website production tool called WordPress that, a few weeks ago, it was noted that some of those WordPress sites were compromised and someone had injected bad links into them. Those are pretty common ways. There’s another type of social engineering attack, which is pretty costly for some organizations.

It has nothing to do with malware, but it’s called the CEO fraud. That also comes in through a social engineering technique, where someone is sending an email that looks like it’s coming from the CEO of the organization. They’ll send it to the accounting/finance folks and say, “Can you approve a wire transfer?”

There’s no links in it, but if they don’t have good internal controls, they may actually process the wire transfer. And there was a company in San Jose that got taken for about $46 million in that way. So, there’s some big money in that.

Another form of the CEO fraud is to send an email to the HR people. It looks like it’s from the CEO. They’ve done some reconnaissance to figure out who the HR people are and said, “Please send me a list of all of your W-2 information for all of our employees.” You know, salaries and social security number. And if you take a look at the LA Times this morning, the company that many of us who have teenagers know about, Snap Chat, Snap Chat got taken in the same way.

So, you really need to have your staff and employees really aware of the types of attacks that could come in in this way, and take a couple of seconds to evaluate everything before they respond or click.