How Can Hospitals Prevent Ransomware Attacks?

More than 200 healthcare facilities have fallen victim to ransomware attacks in the last three years

By Mackenna Moralez, Assistant Editor


Cybercrimes are on the rise, and no industry is safe – especially healthcare.

Last month, two Indiana hospitals fell victim to ransomware attacks, forcing them to resort to manual methods as their online systems were compromised. These attacks are not uncommon. Hospitals and other healthcare facilities are among favorites for cyber criminals, as more than 200 locations have been targeted in the last three years, and that number is only expected to increase exponentially in the coming years, according to The Wall Street Journal.

“Healthcare facilities are a high valued target in that they offer threat actors the potential of capturing patient information to resell on the dark web,” says Fred Gordy, director of cybersecurity with Intelligent Buildings. “There is also a new threat in the form of ‘Killware.’ According to Gartner, ‘Killware’ is designed to actually harm, or worse, kill humans, In the thousands of assessments, we have performed, we find building control systems to be attached to the web insecurely and easily accessible. These systems control everything from operatory suites, oxygen systems, blood storage, and patient rooms making them an easy target for Killware.”

Sure, there are still scams that are easy to identify, such as, “Click here to receive your $500 gift card,” but many are started to look like they are coming from a manufacturer, service provider or coworker. Because of this, many companies have begun implementing a double-verification system in order to limit the number of malware outbreaks.

“In 2020, there was a 600 percent increase of operational technology ransomware attacks across all business sectors including healthcare,” Gordy says. “Historically, the building system front end has been used as an engineer’s workstation. When a rogue link is clicked, it seizes the front end, and communication to the system is lost. Typically, the system is not being backed up, or if it is, the backups are out of date, making recovery difficult at best. By moving the front-end/application host into either a data center or moving it off the engineer’s desk into a locked closet so that it is no longer used as a workstation, almost 100 percent of the events we have seen could have been avoided.”

Patient information should never be connected to networks that store and transmit information, Gordy says. The International Society of Automation (ISA) standard, Zones and Conduit, should be used on any building control/operational technology network. When hospitals and other healthcare facilities do not use the standard or have a cybersecurity plan in place, the risks can include disruption of service, compromise of the patient network by network traversal, and potentially harm and loss of life.

Mackenna Moralez is the assistant editor of Healthcare Facilities Today.



November 12, 2021


Topic Area: Information Technology


Recent Posts

The Future of Healthcare Facility Construction Projects

Brian Cowperthwaite highlights the invisible work that impacts everyone who walks through a healthcare facility.


Ground Broken on Jupiter Medical Center's Second Hospital

The 53,000-square-foot hospital will include 29 inpatient beds, four operating rooms, 24-hour emergency services, a diagnostic laboratory and imaging services.


Singing River Health System Ensnared by Data Breach

Through an investigation, on February 10, 2026, SRHS learned that the unauthorized party had accessed certain SRHS files that contained patient information.


Partnering on Personnel: Strategies for Success

Environmental services in healthcare have special staffing circumstances. They must meet stringent compliance standards and maintain accreditations.


Kaiser Permanente Opens First Two Medical Offices in Northern Nevada

These are part of its joint venture with Renown Health.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.