In February 2016, the Hollywood Presbyterian Medical Center realized something was terribly wrong. Their systems had become the victim of ransomware, and as a result, hospital communications were effectively shut down.

Despite alerting law enforcement and engaging the help of cybersecurity experts, Hollywood Presbyterian eventually agreed to pay the ransom; 40 Bitcoins - the equivalent of $17,000.00. Since the rise of untraceable and anonymous Bitcoin transfers, high-profile targets are on the rise. And since that $17,000 payout, other hackers have started to take notice.

Hospitals and Ransomware: Is There a Solution?

According to NBC News, hackers quickly targeted other California hospitals. Desert Valley Hospital, Chino Valley Medical Center, and Alvarado Hospital Medical Center all suffered ransomware attacks in a single month.

In 2015 alone, over 100 million health records were stolen. Long story short, ransomware attacks aren't going away anytime soon.

Why Hospitals?

In the big picture, $17,000.00 may not appear to be a large sum to pay to keep a hospital functioning. But as hackers become more and more daring (or greedy) that figure may rise. In at least one instance, even after being paid off, hackers refused to comply and instead demanded even more money.

When we move from holding information for ransom to holding people's well-being for ransom, something has to change.

Hospitals are an easy target for most hackers because attacks on their systems were never as prevalent as they are now. Cybersecurity has been relegated to satisfying HIPAA regulations, but now it must move beyond that.

Undertrained Staff

In most cases, viruses access the hospital network through human error. Some report that the Henderson, Kentucky hospital became infected through a simple spam email. Social engineering continues to be one of the most-used tools in the hacker's arsenal. Training employees on best practices should be a requirement, but as attacks become more targeted, easily identifying malicious attempts to infect the network can become more difficult.

A False Sense of Security

With budget issues and a quickly evolving technology landscape, hospitals may never be at the cutting edge of cybersecurity. However, relying on outdated or inferior security policies can be an issue. Additional servers and a multi-site infrastructure may be beneficial for natural disasters, however, most of these redundant systems are still on the same network, using the same protocols. And this means the virus can travel to every one of them, encrypt the files, and remain locked down.

Why are hackers starting to target hospitals?

Because the security landscape is lacking, employee training on cyber security is lagging, systems are constrained by tight budgets, and the data they can hijack is critical enough they can demand large sums of money.

Ways to Stop Ransomware Attacks

Best Password Practices

WiFi and e-mail passwords should not be easily guessed. They should also be updated regularly as employees come and go - and not every employee that goes is happy to go. Making this first level of security just slightly more difficult to hack can make a huge difference. 

Training & Education

For the most part, taking the time to educate each and every employee to be mindful of cybersecurity vulnerabilities is a great place to start. Continuing education is also important as technology is changing so fast.

Consistently Updating Firmware and Software

Another common vulnerability is open backdoors created by outdated firmware or software. Keeping all systems, apps, network peripherals and connected machines updated to the latest versions will provide an added level of security.

Change Monitoring Software

As the name suggests, this software monitors files and systems on your network for changes. Some of the older offerings in this software category stop there. Yet, when dealing with an attack in progress, or trying to stop malware or ransomware once identified is another matter entirely. Newer software is now called Change Control. For example, when a change is detected, CimTrak captures it at the exact moment it occurs and provides a detailed audit trail of the incident, including:

  • Where the change was made
  • When the change took place
  • Who made the change
  • How the change was made
  • What was changed

File Integrity Monitoring 

Years ago, poll-based file integrity monitoring solutions were an IT professional’s only choice. Even today, many open-source and even some commercially available solutions still use a poll-based methodology, which means that a file is checked at certain time intervals, and is the least efficient way to monitor files for changes.

In contrast, the new generation of continuous file integrity monitoring technologies such as CimTrak can detect changes on most operating systems in real-time all while running quietly in the background. 

Real-Time FIM

Operating at the kernel level, real-time file integrity monitoring intercepts file changes from the operating system itself. This allows detection of only the watched files that are changed by the operating system and allows changes to be captured at the moment they occur. This intelligent change detection methodology uses minimal system resources so that CPU cycles and disk I/O remain low. This advanced methodology also provides greater accuracy and other forensic information that is not possible through polling. Real-time change detection provides a distinct advantage over poll-based solutions. 

Every second matters when it comes to change detection. By detecting changes instantly, IT security personnel can be quickly alerted to changes that are malicious, can cripple critical business functions, or lead to a data breach. Integrity checking products use various hash algorithms, along with other file parameters, as a basis for proof that a file has, or has not been altered. However, file integrity monitoring products differ drastically in speed, performance impact, and capabilities in how they accomplish these steps.

CimTrak is the only file integrity monitoring solution that offers an integrated change ticketing system to allow users to plan and reconcile changes. 

Protecting Your IT Environment From Ransomware Attacks

Ransomware is not going away any time soon, and budgets aren't going to miraculously increase overnight. Making smart investments in your IT infrastructure, and installing common-sense protocols for employees to follow is the first step toward creating a more secure environment.

With the help of CimTrak, you can combat ransomware and cryptolockers, gaining real-time insight into exactly what has changed throughout your entire network. From databases to network devices, Cimcor enables IT teams to achieve full oversight and mitigate risks. To learn how CimTrak can help with HIPAA compliance, download our HIPAA solution brief today.


Jacqueline von Ogden
Post by Jacqueline von Ogden
August 4, 2016
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".

About Cimcor

Cimcor’s File Integrity Monitoring solution, CimTrak, helps enterprise IT and security teams secure critical assets and simplify compliance. Easily identify, prohibit, and remediate unknown or unauthorized changes in real-time