Hospitals are the perfect mark for this kind of extortion because they provide critical care and rely on up-to-date information from patient records. Without quick access to drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.
“If you have patients, you are going to panic way quicker than if you are selling sheet metal,” says Stu Sjouwerman, CEO of the security firm KnowBe4. Hospitals are a good target for another reason as well: they “have not trained their employees on security awareness … and hospitals don’t focus on cybersecurity in general,” he says. Instead, their primary concern is HIPAA compliance, ensuring that employees meet the federal requirements for protecting patient privacy.
.. “You don’t have to lock an entire network,” Sjouwerman says. “You just need to find where are the critical files in a network—what servers are serving up the millions of files that most workers use…. And you only need to lock maybe two or three file servers to essentially block the whole network.”
.. “All-employee access groups are the exact type of data under attack by Ransomware,” says Adam Laub, a senior vice president at STEALTHbits. “It’s like getting a key to your hotel room and discovering that it actually gives you access to many other rooms as well. All a would-be intruder needs to do is try it in each door…. If access rights to file shares were better controlled via groups with only the proper users, the ability for ransomware to rapidly spread far and wide would be drastically reduced.”