Healthcare Technology Featured Article

January 06, 2017

Ransomware Leads the Way: Predicted Rise in Health Data Theft in 2017


The writing is on the wall.  A report by credit firm Experian predicts 2017 will even be worse than 2016 for the healthcare industry as more attackers recognize the value in rich medical record data.  Personal health information is 50 times more valuable on the black market than financial information.  Stolen patient health records can fetch as much as $60 per record.   

Cybersecurity Ventures predicts global annual cybercrime costs will grow to $6 trillion annually by 2021, which includes damage and destruction of data, stolen money, lost productivity and theft of intellectual property, personal and financial data, embezzlement and fraud.

However, the real surge in healthcare data crime is expected in ransomware in which a data thief holds a patient’s records for ransom.  According to a recent U.S. Government report, there have been approximately 4,000 ransomware attacks per day in 2016– a dramatic increase over the 1,000 attacks per day reported in 2015. 

The report estimates the average ransom will be $300,000 per day, a whopping increase from today’s payment of about 2 Bitcoins or $670 daily. Ransomware is on track to net organized cybercrime more than $1 billion in 2016 according to a Gartner presentation at the 2016 Gartner Security & Risk Summit

But wait, there’s more. There is growing talk that 2017 will also be the year of the first ransomworm which will help spread various flavors of ransomware even faster, like crypto-ransomware that encrypts files and holds them captive until a ransom is paid.

Since the release of the ransomeware Cryptolocker Trojan family a few years ago, ransomware attacks have skyrocketed. The attacks typically involve thieves exploiting network vulnerabilities which allow malware to automatically spread over networks. Unfortunately, hospital system electronic health records (EHR) are likely to be cyber attackers' prime targets since access to EHRs has become more mobile with tablets and smartphones. 

While traditional security filters like firewalls and reputation lists are good practice, they are no longer enough.  Hackers increasingly bypass perimeter security, enabling cyber thieves to pose as authorized users with access to hospital networks for unlimited periods of time.

It’s the Data, Stupid!

Safeguarding of the EHR data is primary, protecting the network or the perimeter is secondary.  Why?   If your data is protected, the roads leading to it become less strategic. Why have post incident responses when you can deploy a pre-incident response?  It is the old stop chasing the rats and protect the cheese argument.  

A data centric approach can also mitigate the argument of whether threats are caused more by rogue insiders or malicious outsiders. It simply will not matter. The real solution for medical facilities in 2017 is to concentrate IT security efforts on protecting the data by deploying an AI strategy using forensic technology.  IDC forecasts global spending on cognitive systems will reach nearly $31.3 billion in 2019.  

However, organizational threats manifest themselves through changing and complex signals that are difficult to detect with traditional signature-based and rule-based monitoring solutions. These threats include external attacks that evade perimeter defenses and internal attacks by malicious insiders or negligent employees.

Along with insufficient threat detection, traditional tools can contribute to “alert fatigue” by excessively warning about activities that may not be indicative of a real security incident. This requires skilled security analysts to identify and investigate these alerts when there is already a shortage of these skilled professionals.  Hospital CISOs and CIOs already operate under tight budgets without needing to hire additional cybersecurity guards. 

Healthcare security pros need to pick up where those traditional security tools end and realize that it’s the data that is ultimately at risk. The safeguarding of the EHR data is as important, if not more imperative, than just protecting the network or the perimeter.

Some cybersecurity sleuths deploy a variety of traps, including identifying an offensive file with a threat intelligence platform using signature-based detection and blacklists that scans a computer for known offenders. This identifies whether those types of files exist in the system which are driven by human decisions.

However, millions of patient and other medical data files need to be uploaded to cloud-based threat-intelligent platforms, scanning a computer for all of them would slow the machine down to a crawl or make it inoperable. But the threats develop so fast that those techniques don’t keep up with the bad guys and also; why wait until you are hacked?

Forensics and Machine Learning—The Dynamic Duo

Smart healthcare CSOs and CISOs are moving from post-incident to pre-incident threat intelligence.  They are looking at artificial intelligence innovations that use machine learning algorithms to drive superior forensics results.

In the past, humans had to look at large sets of data to try to distinguish the good characteristics from the bad ones. With machine learning, the computer is trained to find those differences, but much faster with multidimensional signatures that detect problems and examine patterns to identify anomalies that trigger a mitigation response.

Let Your Defense Shield Self Drive

Machine learning can be set up to perform in a human supervised or unsupervised environment.  In a supervised learning setting, humans tell the machines which behaviors are appropriate or inappropriate and the machines figure out the commonalities to develop multi-dimensional signatures. With unsupervised learning, machines develop the algorithms without having the data labeled, so they analyze the clusters to figure out what’s normal and what’s an anomaly.

The best approach is to implement an unsupervised, machine learning protective shield that delivers a defense layer across EHR platforms and other hospital IT systems, with the ability to cast a rapidly scalable safety net across an organization’s information ecosystem and identify rogue users instantly.

By applying machine learning techniques across a diverse set of data sources, systems become increasingly intelligent by absorbing more and more relevant data. These systems can then help optimize the efficiency of hospital security personnel, enabling organizations to more effectively identify threats.  With multiple machine learning modules to scrutinize security data, organizations can identify and connect otherwise unnoticeable, subtle security signals.  

Healthcare security analysts of all experience levels can also be empowered with machine learning through pre-analyzed context for investigations, making it easier for them to discover threats.  This enables hospital CISOs to proactively combat sophisticated EHR attacks by accelerating detection efforts, reducing the time for investigation and response.

The Digital Eye in the Cloud Sees All

One of the more popular AI strategies is an ambient cognitive cyber surveillance shield which an eye in the cloud casting a security net that digitally finger prints user access behavior, identifying rogue users virtually instantly.  This technology creates a virtual, formidable defense layer powered by cognitive surveillance that is simple to deploy, easy to use, and operates automatically in the background. It can vastly improve an organization’s defense against cybersecurity threats, data breaches and privacy violations.

Deploying an enterprise cybersecurity system such as this understands, recognizes and recalls normal user habits, patterns and behavior as it uses applications in day-to-day work. Through a baseline, such a platform is able to predict and detect anomalous user activity in real-time, thereby mitigating risk rapidly. Hospital and other healthcare facilities can readily deploy this type of advanced, self-learning protective shield which can rapidly scale across EHR systems, distributed or centralized, cloud or on-premise.

Deploys this type of comprehensive cybersecurity system in 2017, and leave your data theft worries back in 2016.

Santosh Varughese, president and co-founder, Cognetyx, delivering the world’s first 'Ambient Cognitive Cyber Surveillance' to protect information assets against cyber security threats, data breaches, and privacy violations.




Edited by Stefania Viscusi
By Special Guest
Santosh Varughese, President, Co-founder, Cognetyx ,





FREE eNewsletter

Click here to receive your targeted Healthcare Technology Community eNewsletter.
[Subscribe Now]

UMA is a revolutionary marketplace that connects patients and doctors -- without the hassle of insurance. UMA connects patients to doctors conveniently and efficiently. Learn More >>