Ransomware attacks on the healthcare industry skyrocketed in 2020, having almost doubled compared to 2019. These attacks can take down IT systems, prevent patients from accessing their medical records and even put patient’s lives at risk. In the United States alone, estimates put the number of Personal Health Information (PHI) records of patients affected by ransomware at over 18M and the average ransom demand per attack around $170,000. A study by Comparitech puts the total cost of ransomware to US healthcare organizations at nearly $21B.
What Are Ransomware Attacks?
Ransomware is a type of malware where cybercriminals capture a victim’s data and either (1) cut off access to that data by encrypting it and demand a payment to give it back or (2) steal data and threaten to release it to the public unless they pay. It is ALWAYS about extortion.
Ransomware attacks usually occur over longer periods of time, usually as part of an organized and concerted effort. They are not a one-time interaction, but rather a long term, multi-touch, multi-actor campaign that is abusing normal human, system and app behavior. Health related ransomware attacks can be conducted against healthcare organizations and individual patients.
Ransomware Attacks on Healthcare Organizations
Healthcare records are a lot more valuable to cybercriminals than other personally identifiable information (PII). According to a recent Trustware report, on the dark web, they are worth up to $250 per record vs $5.40 for a credit card number. It is no surprise then, that ransomware attacks on healthcare organizations are skyrocketing.
Mobile apps are the weak links in ransomware attacks on healthcare organizations. In a previous blog, we made a point that most healthcare apps lack security and discussed the top threats to mHealth apps. In order for a mobile app to connect to a mobile backend, that apps contain very valuable network information such as SSL certificates, API information, server addresses, usernames and passwords. When this network data is not adequately protected, it is relatively easy for a bad actor to harvest all this data and abuse it to gain unauthorized access to a hospital or healthcare organization’s backend servers. Once in, these fraudsters can install malware to be used in a ransomware attack. And ransomware criminal organizations such as Avaddon, Conti and REvil are regularly targeting healthcare organizations.
Ransomware Attacks on Individual Patients
Direct ransomware attacks on patients are a much less publicized problem, largely in part because breaches are only published by the US Dept of Health and Human Services (HHS) if they affect over 500 people and therefore attacks on individual patients are rarely publicly disclosed.
But the impact of ransomware can be really devastating to patients. Healthcare apps store our most private information, which is why it is governed by data protection and privacy regulations such as HIPAA in the USA, GDPR in the EU, Data Protection Act in the UK, and PIPEDA in Canada.
In my discussions with Appdome customers around the world, among the biggest threats they see are mobile phishing attacks, which abuse both human and app vulnerabilities.
For example, I recently got a text from my dentist to confirm an upcoming visit. To me this looked like a textbook phishing attempt. The link was not a secure link (flag #1); the URL had no reference to my dentist (flag #2) and the message was relatively generic (flag #3). I did not click on the link, but I can see how other people may click on it.
But what could happen if this text message was a malicious phishing attempt? Once a patient clicks the link, it might present the patient with a fake login window allowing the fraudster to capture the username and password for the patient. Or clicking the link might install a malicious app masquerading as a scheduling or check-in app for example. After the app is installed, the patient may be prompted to grant access to calendar, contacts, location information and more. An unsuspecting patient might think that this is a reasonable request for that kind of app and grant the app the permissions the fraudster needs to install malware on the device. Once the malware has been installed, it can scan for healthcare apps already installed on the patient’s device and launch an attack on the unsecured mHealth app. Once the fraudster is successful with their attack, they can launch the ransomware attack on the patient.
This is just one of the many scenarios that would give a fraudster access to patient PHI records and lead to a ransomware attack.
How to Prevent Ransomware Attacks via Mobile Health Apps
Health organizations can preempt ransomware attacks originating from their mHealth apps by securing their mobile apps with Appdome. Specifically, they can add the following protections in 30 seconds or less without code or coding:
- ONEShield™ by Appdome hardens the healthcare app and protects it from attempts to debug, tamper with, or reverse engineer.
- TOTALData™ Encryption is the most important module on the Appdome platform to help comply with HIPAA, GDPR, Data Protection Act and PIPEDA. With TOTALData Encryption, app makers can protect and secure all patient records with AES-256 data-at-rest, strings, resources, in-app preferences, strings.xml values, and java class dex files encryption.
- TOTALCode Obfuscation obfuscates the binary code, native and non-native libraries, and the app’s flow control and logic.
- Secure Communications protects all mHealth app data-in-transit against MitM attacks and ensures the validity of all endpoints and any intermediate systems in between mobile healthcare apps and their backend with secure certificate pinning, mobile client certificates, and more.
- OS Integrity protects the healthcare app from operating in unsafe environments, such as on Jailbroken/Rooted devices.
- Appdome Biometrics adds FaceID, Touch ID and complex passcodes to healthcare apps and helps prevents unauthorized access.
- Mobile Fraud Prevention protects mHealth apps against automated attacks that interact with the mobile app in a fraudulent way or that use the app in a fraudulent way.
- Mobile Malware Prevention provides local, on-device protection against attacks that are meant to harm the application or/and its users.
- Mobile Piracy Prevention protects the app from becoming a trojan and prevents fraudsters from creating fakes and mods and from resigning and redistributing the app.