Such attacks serve as a cautionary tale for managed services providers, for whom security breaches and related downtime can result in lost customers and damaged brands.

Aldrin Brown, Editor-in-Chief

April 4, 2016

3 Min Read
Wave of Cyberattacks on Hospitals Offers IT Security Lessons for MSPs
A dashboard from Digital Guardian's managed security service platform.

At least 14 U.S. hospitals have become victims of cyberattacks during the past six weeks, with some paying thousands of dollars in ransoms to regain access to locked data files and crippled networks.

The MedStar Health chain has been particularly hard hit in the latest wave of ransomware breaches, and operations have still not returned to normal after an attack last week targeted networks linked to several of the company’s Maryland- and Washington, D.C.-area hospitals.

The growing number and sophistication of cyberattacks poses serous implications for managed services providers (MSPs), for whom a serious security breach and lengthy system downtime could lead to a costly loss of customers and reputational damage to a meticulously cultivated brand.

Cyber-criminals’ recent focus on hospitals offers important clues about the thinking of professional hackers, and hints at other types of organizations and networks that could be similarly vulnerable, said Patrick Upatham, director of threat research at Digital Guardian, a provider of IT security solutions, including managed security services.

“What it comes down to is that there’s definitely no safe business,” he said. “Even with cutting edge tools, some of the variants are not detectible.”

Deployment of ransomware or other types of malware are an increasing fact of life in a world of rapidly increasing interconnectivity.

Infiltrating a network can be very cheap, and a successful breach can be lucrative.

An attacker need only send out a batch of emails containing a malicious file to employees of an organization, and wait for just one of them to click the item and unleash the malware into the network.

Despite digitizing patient health records as mandated by the Affordable Care Act, some hospitals still use older operating systems and legacy IT technology, Upatham explained.

Smaller hospitals can have understaffed IT departments, and cost-pressures to minimize network downtime can foster a culture that often forgoes recommended upgrades or patching.

“The machines must stay up,” Upatham said. “They’re kind of pushed into the (mindset of) make it run and just leave it alone. Once it’s up and running, if it’s not broken, don’t try to fix it.”

Once inside, the malware is directed by the attacker through a command-and-control server, and spread throughout the network until the victim organization realizes the intrusion and shuts down their systems to halt the infection.

Often, by the time the attack is discovered, it’s already too late.

Under one common scenario, Upatham said, someone in the hospital’s administration goes to their computer and finds an obnoxiously bright-colored pop-up or background message on their monitor.

The message contains an advisory that the files have been encrypted, a countdown timer indicating how much time before the files are permanently irrecoverable, a ransom demand in untraceable electronic currency – often Bitcoin, and contact information for a support desk-type system to help the victim comply.

“Most of these (victims) have no idea what a Bitcoin is,” Upatham said.

“(The hackers) will give you an address and a support phone number,” he said. “They will actually walk you through and help you figure out how to pay.”

Modern cybersecurity solutions can certainly improve a network’s defenses to attack, Upatham said.

But nothing is foolproof.

Organizations should provide regular training about the social engineering tactics employed by hackers to fool employees into clicking on dangerous emailed files, Upatham said.

Businesses and other groups should also segregate as much of their systems as possible, to minimize the risk to other parts of the network if malware is launched on one machine, he said.

Upatham offered an analogy from health care.

“It’s the same principles as with biological viruses,” he said. “You have certain hygiene practices so you don’t introduce certain viruses or bacteria.”


Please send tips and news to [email protected].

Read more about:


About the Author(s)

Aldrin Brown

Editor-in-Chief, Penton

Veteran journalist Aldrin Brown comes to Penton Technology from Empire Digital Strategies, a business-to-business consulting firm that he founded that provides e-commerce, content and social media solutions to businesses, nonprofits and other organizations seeking to create or grow their digital presence.

Previously, Brown served as the Desert Bureau Chief for City News Service in Southern California and Regional Editor for Patch, AOL's network of local news sites. At Patch, he managed a staff of journalists and more than 30 hyper-local and business news and information websites throughout California. In addition to his work in technology and business, Brown was the city editor for The Sun, a daily newspaper based in San Bernardino, CA; the college sports editor at The Tennessean, Nashville, TN; and an investigative reporter at the Orange County Register, Santa Ana, CA.


Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like