The Rise of Bitcoin and Ransomware Attacks in Healthcare
Now more than ever, medical practices must be aware of the rise of Bitcoin and ransomware attacks in healthcare, and the cybersecurity measures to keep their Protected Health Information (PHI/ePHI) and networked systems safe. However, the confluence of two emerging technologies has dramatically changed the cybersecurity landscape for medical offices:
- Sophisticated ransomware attacks
- Widespread adoption of blockchain-based cryptocurrency Bitcoin for digital transactions
The rise of these two elements have facilitated a surge in attacks on organizations globally. In fact, the threat of ransomware attacks has triggered a widespread alarm across every industry, prompting governmental intervention. President Biden recently signed an Executive Order to drastically improve the cybersecurity and protect federal government networks in the United States.
This Executive Order is a response to several recent cybersecurity incidents – including SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident. Included in this Executive Order is urging those in the private sector – including healthcare – to take significant measures to bolster their cybersecurity to avoid a potentially devastating ransomware attack.
With these elements in mind, we’ll explore a number of factors that affect medical practices by broadening an understanding of Bitcoin’s rise to prominence, how medical facilities can protect themselves against attacks, and more.
Eye-Opening Bitcoin and Ransomware Statistics
Before delving into why Bitcoin and ransomware are targeting the healthcare industry, it’s important to look at some current statistics that point to emerging trends for the future of cybersecurity and healthcare:
- According to a study by Palo Alto Networks, ransomware attacks have yielded an astonishing 171% increase in ransoms paid between 2019 and 2020. The study found that the average cost of a successful ransomware attack now exceeds $312,000 per incident. Furthemore, the most substantial ransom doubled between 2015 and 2020, rising from $15 million to an exorbitant $30 million.
- Universal Health Services (UHS) reports that the newest form of ransomware, called Ryuk, targeted 400 hospitals in the US and the UK. To understand the scope of these attacks, this affects nearly 3.5 million patients and 90,000 healthcare employees.
- Ransomware attacks go beyond financial implications. In one incident that occurred in 2020, a German hospital, Duesseldorf University Hospital, became infected with ransomware, which resulted in the first reported death following a ransomware attack.
- Cybercriminals can strike at any time – long after they’ve initially gained access to a healthcare network. A Baltimore, Maryland-based healthcare system, LifeBridge Health suffered a potential data breach of 500,000 patients in 2018. However, after investigations were conducted, the initial breach occurred in September of 2016, showing that attackers are willing to wait for the best opportunity to attempt to attack in the future. Worse, these companies were unable to detect this penetration until an attack occurred.
Why Bitcoin is Used in Ransomware Attacks for Healthcare Providers
Now that you understand the severity of ransomware attacks in healthcare, there are a number of reasons why Bitcoin is used in conjunction with ransomware.
Widespread Public Adoption of Bitcoin
Cryptocurrency has finally reached wide-scale public awareness. Once fairly obscure, cryptocurrency is now one of the most talked-about trends in our modern technological landscape. Leading the way is the most prominent cryptocurrency Bitcoin, which is disruptive technology, enabling peer-to-peer transactions without any current governmental oversight.
There are plenty of cryptocurrencies, but Bitcoin is one the highest-valued digital currencies (followed by Ethereum, Monero, and many others). This renown enables hackers to demand sums completely online without having to go through wire transfers or physical money transfers – which would alert international law enforcement organizations such as Interpol.
Essentially, the rise of ransomware attacks in healthcare is due to the nexus of ransomware’s capabilities exceeding the current cybersecurity measures of most medical practices.
Ransomware typically blocks access of patient data (PHI/ePHI) for users, but it can be used for other nefarious purposes. This includes accessing payment information, denying access to administrators, and more. Considering that most healthcare facilities are using a blend of older technologies that may not have current software updates and newer tech like remote patient monitoring (RPM) devices, most medical practice networks are rife with vulnerabilities.
Adding to this, a significant majority of healthcare systems are bogged down due to the COVID-19 pandemic. It’s not uncommon for many medical practices to be working with reduced budgets or having to rely on new methodologies that may be 100% secure or even HIPAA compliant just to remain operational.
Before Bitcoin’s widespread adoption, there was no easy way to monetize digital criminality besides using risky platforms like PayPal and other digital money transfer services. With Bitcoin, this has changed dramatically, triggering the rise of cybercrime.
Enter your info to start your free consultation today!
The blockchain’s sophisticated methods for encryption that secures Bitcoin (and other cryptocurrencies) against exploitation also enables untraceable transactions. This means that it is nearly impossible for authorities to follow the money and bring criminals to justice.
Given a long enough time frame, cybercriminals can launder their ill-gotten Bitcoin to other assets and transactions, obfuscating the original ill-gotten funds and disappearing completely. Even though there are some countermeasures in place to track large transactions, smaller transactions don’t typically set off alarms for most financial institutions.
Value of Bitcoin is Expected to Rise
The value of Bitcoin is tied to ransomware rates. And for those who’ve been following the price of Bitcoin, the upward trend indicates that more criminals will use ransomware as their way to target healthcare providers for great profits.
Ransoms based in Bitcoin are variable with the volatility of the Bitcoin market. This means that businesses may be more incentivized to meet ransomware demands before they’re on the hook for even larger costs in the near future.
Further complicating the value of Bitcoin is known as “the halvening”. While understanding this concept may be a bit out of reach for those who aren’t familiar with cryptocurrency, the simple answer is that the supply of Bitcoin will be cut in half, creating a surge in demand while limiting its supply. As with the two previous halvenings that occurred in 2012 and 2016, another one is overdue – and is expected to further skyrocket the price of Bitcoin.
Leverage for Ransom
While the financial motives for cybercriminals using ransomware are obvious, there are other implications that provide more leverage to acquire a ransom.
Cybercriminals know that healthcare providers face serious consequences for breaches to their networks and patient data. These include:
- Extensive fines from Health and Human Services Office for Civil Rights, ranging from $100 – $50,000 per violation, and maximum annual penalties reaching $1.5 million.
- Separate from HIPAA, local-mandated laws (such California’s CCPA) may require medical practices to address these cybersecurity issues before resuming business or face fines, shutdown, and other negative outcomes.
- Loss of trust in patients, where lawsuits and reduced business are possibilities.
- Loss of trust in staff, where employees may not want to have their own data and networks compromised by hackers.
- Loss of trust in vendors. If a breach affects Business Associates (BAs) as defined by HIPAA, these entities may also be forced to undergo expensive documentation and risk assessments to determine if their systems are affected.
With these outcomes in mind, many healthcare providers weigh the negative drawbacks and often provide ransoms to avoid further damaging their business and reputation.
Anticipating the Future with OfficeSafe
Now that you’re aware of the severity of what’s at stake for healthcare providers that must contend with ransomware, the truth is that partnering with an experienced cybersecurity company can protect your business from ransomware and other cyberattacks. And the first choice for medical practices in need of robust security that meets today’s global network needs is PCIHIPAA.
Trusted by thousands of medical practices nationwide, PCIHIPAA’s OfficeSafe platform offers comprehensive tools and services to help your dental practice stay up-to-date with evolving ransomware methods. Further, OfficeSafe simplifies other networking and compliance necessities, such as HIPAA policy changes, risk assessment tools, plenty of online training modules, and more.
By relying on OfficeSafe, organizations create an impenetrable infrastructure of security, safety, and compliance that reliably protects their practice and patients’ information. Learn more about how OfficeSafe is the perfect weapon against ransomware attacks and schedule your free risk assessment today!