Ransomware Attacks in the Healthcare Sector

Philip Robinson by   03.09.2018   Ransomware

A recent study by IT Security giant Sophos, The State of Endpoint Security Today, has revealed some very interesting facts about the devastating effects that ransomware has on organizations around the globe; and, in particular, on companies in the healthcare industry.

Some of the key findings included the fact that more than half of the organizations that were surveyed had been affected by a ransomware attack, and on average they had been hit by at least two attacks.

The cost of these prevalent attacks? On average, over $130,000 per targeted organization.

Whilst ransomware attacks are somewhat indiscriminate and affect all sectors, by far the most affected sector year after year seems to be healthcare. Considering the criticality of the data that is stored by organizations in this industry, this is a worrying trend that needs to be addressed.

The Healthcare Catch-22

There is something of a conundrum when it comes to addressing the ransomware problem in the healthcare industry. This industry is undoubtedly the most likely to experience an attack, with over 70% of healthcare companies that were surveyed admitting to being hit by a ransomware attack in the last 12 months. However, rather bafflingly, they are amongst the biggest spenders of anti-ransomware software and tools, with 53% of companies affirming that anti-ransomware technology is important and they already have it.

So, why is there still such a massive problem in the industry? Could health organizations be investing in the wrong kind of ransomware prevention technology? Quite possibly.

How to Prevent Ransomware

There’s no magic bullet when it comes to ransomware prevention, as attacks improve in sophistication every year. However, there are some hard and fast techniques that we always recommend to deal with ransomware where it originates; at the end user.

Take Regular Backups of Important Files/Folders

This one is pretty self-explanatory; if your files and folders get encrypted and you can’t access them, having a recent, off-site backup available ensures that you remain safe. This is good advice not just for ransomware, but also for other forms of attacks or incidents that could cripple your systems.

Stop Ignoring Those Pesky Updates

I know it’s a pain, and no one wants to sit around waiting for their computer or laptop to update and restart. But those updates are there for a reason! Quite often, recent software updates include new patches and bug fixes that render many of the malware strains unable to infect you.

Education, Education and more Education

Ransomware targets those end users that unwittingly click on a link in an email or in a document and allow the strain access into the system. Educating your users on what ransomware looks like, how to handle a suspicious email and the potential damage you could cause by clicking on that link, will always be the most effective method to tackle ransomware at the end-user level.

How to Detect and Prevent Ransomware Spread with LepideAuditor

As I mentioned previously, the healthcare sector is amongst the biggest when it comes to spending on anti-ransomware software. But it may not be looking at the right kind of prevention technology.

LepideAuditor, a sophisticated auditing and monitoring solution, allows IT teams to keep a constant watch on changes occurring to your critical IT systems. How does LepideAuditor help you detect and prevent ransomware? It’s all about spotting suspicious changes before they completely cripple your servers. Once you’ve employed the above techniques to attempt to block ransomware from ever entering your environment, you can use LepideAuditor as your last resort.

Many ransomware attacks, including the now infamous WannaCry attack in 2017, work their way through files, encrypting them as they go by altering the extension name. LepideAuditor enables you to detect when such anomalous activity is occurring through a combination of real-time and threshold-based alerts. If numerous changes are made over a short period of time, this could be indicative of a suspicious activity. LepideAuditor allows you to set these threshold parameters so that you can decide what is anomalous for your organization.

So, now you’ve spotted the anomalous activity, what next? LepideAuditor has an extremely clever script execution feature, that enables you to take immediate action upon detecting such an event. The solution supports all scripting languages and enables you to automate anything you would want to do upon the detection of ransomware. For example, you may want to disable a user account, stop a specific process or even shut down the affected server. LepideAuditor runs this script immediately and automatically when your threshold conditions are met.

If you want more information on LepideAuditor, or want to start your free trial, click here.


Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2018 Lepide Software Private Limited. All Trademarks Acknowledged.