Last week, a hospital was hit with ransomware that sent them back to the virtual dark ages. Their IT was debilitated, vital patient data was inaccessible, and they were forced to pay off the hackers to regain control of the systems the hospital uses to keep people alive.
Thankfully, no patients died, and the Federal government is investigating the incident, but the damage is already done. The hackers know that their system works, so they're going to do it again, and again, and again. They design the process to seem unstoppable. They want their victims to feel helpless, like paying the ransom is the only way. This is a nightmare for hospitals and even more so for their patients.
When stories like this make headlines, it is easy for people who haven't been affected to throw up their hands and say, "what a tragedy, but what can we do?"
We Have To Do Something
To quote Edmund Burke, (or John Stuart Mill, depending who you ask): "All that is necessary for the triumph of evil is that good men do nothing".
To that we say "Not today, evildoers!"
We might not be able to stop this every time, but we can stop it sometimes, and we have to do something.
Even before the news of last weeks hospital ransomware attack, our field engineers were working with ExtraHop users to develop a solution to detect ransomware attacks. These triggers and dashboards give users the ability to know when ransomware begins to encrypt files over the network. Normally, IT teams would not find out about this until they hear from users. With this early detection, teams can take action fast to stop the attack.
Spoiler Alert: We Stopped One!
One of our users, a healthcare organization, had just been targeted by an attacker that had already successfully bypassed the security and firewall products in place. The ransomware infection was propagating through the network, trying to get to network shares where valuable files were stored. Once our ransomware solution was deployed on this customer's ExtraHop appliance, their IT team was immediately able to see this activity, which client devices were infected, and was able to identify the external hosts from which the malware was downloaded. The team was able to block malicious connections to more sensitive network shares before valuable files were affected.
The rapid action and smooth cooperation between our engineers and the healthcare organization's IT team stopped the hackers.
Ransomware attacks will inevitably get more advanced and widespread as hackers become more sophisticated. It is critical that we continue to advance the ways we prevent them. Gone are the days of protecting the perimeter and feeling safe. Visibility is the key to being able to stop these intrusions. That means having access to timely information and a means to act on it.
Industry insiders, technology, and security companies need to come together and ensure we're all safe. The stakes are high and your healthcare data is valuable and a compromise is irreversible. Your financial data, personal records, even your life could be at risk if the wrong system gets compromised.
Let's work so there are no more headlines about hospitals paying ransoms to get their data back in 2016. It's a tall order, but worth the effort, and we're not the only ones fighting this fight.
If you're an ExtraHop user who is interested in the unique visibility into Ransomware that we can provide, please contact your sales representative.
Find out how our ransomware solution works.
If you'd like a chance to see ExtraHop's ability to see into data theft attempts as they happen, try our interactive online demo.
Editor's note: This post was edited to clarify that we deployed a solution at a customer site.
This is a companion discussion topic for the original entry at https://www.extrahop.com/community/blog/2016/healthcare-ransomware/