A “pay up or else” threat was recently leveled against a healthcare company, something every business hopes won’t ever happen to them. Hackers claim they have sensitive customer health data belonging to customers of Medibank, Australia’s largest healthcare insurer. Healthcare providers worldwide should pay close attention to this ransomware threat since we know it’s only a matter of time before we see similar attacks here in the U.S.
Healthcare as a Ransomware Target
The healthcare sector continues to be one of the largest targets for ransomware attacks due to the highly sensitive nature of the data they hold. Sophos’ “State of Ransomware in Healthcare” report finds 66% of healthcare organizations say they were hit by ransomware in 2021, nearly double the reported 34% in 2020.
It’s a tragic scenario for any healthcare company when the lives of their customers hang in the balance. That’s also what makes this industry a huge target for ransomware attacks and the likelihood that ransoms get paid, and quickly.
In this attack, hackers are extorting Medibank with their own customer data to get the ransom paid. It’s a departure from typical ransomware attacks that encrypt a company’s data and then demand a ransom payment to get the data decrypted and back in use.
Medibank, a publicly traded company, went so far as halting trading of their shares on the Australian Stock Exchange for the second time since being threatened, fearful of a shareholder sell-off. Medibank first stopped trading after finding “unusual activity” in their network the company says is “consistent with the precursor to a ransomware event…” Medibank notes “The trading halt will continue until further notice.”
Chilling Threats from Attackers
Attackers have threatened to sell 200 gigs of sensitive customer data including credit card numbers and health records. A Sydney newspaper claims they have a copy of the ransom note, reporting the attackers would email 1,000 of Medibank’s “most prominent” customers with their hijacked data. Hackers reportedly pushed another threat, saying "Also we've found people with very interesting diagnoses. And we'll email them their information…"
With the medical sector well aware of being a huge target for ransomware attacks, some continue doing business with their fingers crossed, hoping they’re not the next victim. Responsible companies embrace the unpleasant truth and take actions to prevent ransomware attacks. One such action includes educating staff about how easily attacks happen, what to look for, and how to react. Ongoing cyber awareness training, specifically with respect to phishing threats, is a small investment for a potentially large return on that investment. Since staffers are often the first line of defense against cyberattacks, a cyber-smart staff is a vital part of protecting healthcare companies and their customer’s data.