Cybercriminals are getting better at holding networks for ransom in exchange for cash — and hospitals have become the biggest and perhaps juiciest target.
On Monday, the Maryland-based MedStar Health acknowledged that a malware had infected its systems and spread throughout its network of 10 hospitals. The malware, according to the Baltimore Sun, is known as ransomware, which encrypts data on a system and offers victims the key to unlock it in exchange for money.
In MedStar's case, that fee is about $18,500 to get back its systems, and payment hasn't yet been made, The Sun reports.
But it's just one more high-profile case among many in recent memory.
A Kentucky hospital said it was operating in an "internal state of emergency" about a week ago, after it was infected by similar malicious software (Ars Technica reports it paid at least $17,000 to get its system back). And in February, hackers crippled a Hollywood, California hospital's systems and demanded $3.6 million in Bitcoin (It ended up paying $17,000).
A 2015 survey by KPMG found 81% of healthcare organizations admitting their systems were compromised in the previous two years. Then there was a report just this February that found severe vulnerabilities in medical devices and other areas that could quite literally result in the death of a patient.
But ransomware seems to be on the rise, and the bad guys are getting a whole lot better at it.
Pay up — or else
Most of the time, hackers use the unsophisticated method of "phishing" to break into a system. Behind a faked email from a company's CEO, for example, the attacker says, "open this PDF and let me know what you think." The duped used does so, and boom, the computer is infected.
But new research from Cisco Systems shows a number of hospitals are being hit by more sophisticated methods designed specifically for hacking the healthcare industry.
A number of hospitals share data and access to devices on their networks through an interface called JBOSS, and according to Cisco, attackers have been exploiting vulnerabilities in that interface through a tool called JexBoss. Instead of phishing campaigns, they find open holes and break in — then encrypt systems using a malware called SamSam.
It's a similar result as phishing, in that the systems are still held for ransom — and Cisco notes that the price seems to be going up.
But the change in method shows the hospital hack is bringing out more advanced cybercriminals, which will keep it up "until a more profitable technique is discovered," Cisco writes.
"It’s like a hostage situation most of the time. We do not negotiate with terrorists, we do not give into threats. It’s kind of like the same thing with ransomware," Liviu Arsene, a senior E-threat Analyst at the security company BitDefender, previously told Tech Insider.
