Ransomware, a word with almost three decades of history, even older than emails or the Internet as we know it today, has become the protagonist in many headlines and news stories of this year and a nightmare for many IT managers around the world who saw how this type of attack shut down their networks and hijacked critical information.

We have to go back to 1989 to find the origin of these attacks when a biologist named Joseph L.Popp sent 20,000 diskettes to researchers in 90 different countries with what seemed to be a survey to advance one step further in fighting AIDs. When the scientists loaded the diskettes, the computers became infected and the files encrypted. To recover the documents, $189 had to be paid to a post office box in Panama. Although the encryption was easy to break, many documents were lost.

But what would happen if in a world as digitalized as today there was a massive attack against the healthcare sector?

 

If a Ransomware attack can plunge the largest companies into chaos in a matter of a few minutes, the consequences could be fatal in the case of any institution in the Healthcare sector.

This year, the attacks have resulted in last-minute appointment cancellations but that is nothing compared to what could happen. The outdated software that don´t receive security updates along with the lack of awareness and the fact that hardware devices such as MRI machines, ventilators and microscopes are usually old and vulnerable, can cause severe difficulties with fatal consequences. Cybercriminals, aware of what is at stake, feel certain weakness for this type sector.

To name a few, some of the consequences of a Ransomware attack might be: loss of medical records (pathologies, diseases, allergies, risks or medication received), failure of heart rate monitors, divulgation of confidential information without patient’s consent, security breaches to warehouses with access to blood reserves or medical instruments, damage or malfunction of technical equipment needed to perform tests, inactive surgical robots, etc.

Can these attacks be avoided?

 

Attacks cannot be avoided but the consequences can be. Some measures like the establishment of regular inspections and audits, the segmentation of networks or a greater awareness can help minimize the impact but browsers would remain an open door for all types of threats on the Internet.

The only way to really avoid any risk and protect your company proactively is with the isolation provided by ICTech. Its approach is based on distrusting detection methodologies and assumes that all web content is, a priori, malicious, so that it isolates everything, preventing any threat from reaching its goal and offering 100% guaranteed protection, regardless of the links that they click on or the uncategorized websites they visit.