Skip to main content

Reducing the Damage of Double Extortion Healthcare Ransomware Attacks


Healthcare Ransomware

COVID-19 has spread infection among more than just people. Organizations, including hospitals, have experienced escalating infections of a different variety as the chaos surrounding the coronavirus pandemic has been an ideal environment for a rise in phishing attacks and new malware tactics.

Given the new or expanded networks that had to be built very rapidly so that some workers could work from home, businesses are currently more vulnerable. For example, remote working often utilizes Remote Desktop Protocol, which tends to increase the likelihood of ransomware attacks. Workers are, understandably, looking for easy access to file servers or their work computer; however, using this protocol over a public network substantially increases vulnerabilities.

New Double Extortion Ransomware Attacks

Ransomware operators have adopted to the new environment by increasingly utilizing a “double extortion” tactic. These attacks first emerged in late 2019 and escalated in early 2020. This ransomware attack further corners its victims by not only demanding a ransom to recuperate encrypted files but also to avoid the release of stolen sensitive data. To further pressure victims, ransomware criminals have created pages on the deep web where they post samples of stolen data letting victims know the types of data staged for release if payment is not received.

Healthcare Ransomware Attacks Increasing

As if the healthcare industry is not under enough pressure, ransomware attacks are exploiting the increased use of VPNs used to facilitate social distancing efforts for hospital staff that can work from home. Hospitals are increasingly the targets of these “double extortion” attacks.

Attackers scan for weaknesses and enter the network to deploy their ransomware payload. The goal is to hold the victim’s computer ransom and to collect sensitive, health-related data that the attackers then threaten to release. In response, hospitals are being encouraged to create backups of all data and provide policies on ransomware and malware attacks to educate staff.

Reducing Frequency of and Damage from Ransomware Attacks

While working to preventing ransomware attacks, it is also essential to ensure your network and staff are prepared if an attack does occur. The following are some tips:

  • Always keep and maintain current backups of files to perform a restoration of any impacted files
    • These files should be stored on a device not on the network, such as external drives
  • Develop policies and conduct training to lessen the success of phishing emails
  • Purchase and maintain anti-virus and firewall protection software
  • Ensure software patches are up to date
  • Use trusted VPN connections to avoid vulnerabilities on public networks

Policies and procedures must be created so that employees may assist in reducing cyberattacks and avoid falling victim to phishing attacks. Recommended practices for employees include:

  • Regular training sessions
  • Test employees with phishing assessments
  • Provide safe procedures for navigating sites

What should you do if you are infected by ransomware?

First, paying the ransom is never recommended as it only funds the hackers and does not guarantee the return of your files nor that any stolen data will not be released. Next, if possible, impacted files should be restored using backups. Finally, it is crucial to isolate the infected device by disconnecting it from everything. Any devices that were connected to the infected device that may potentially or partially be infected will also need to be isolated.

These are overwhelming times that are severely straining the IT and security resources of many organizations. If you need help, SilverSky is here for you. Don’t hesitate to reach out to us at 1-800-234-2175 or