Is Killware the New Wave of Healthcare Ransom Attacks?

Quick Hits: 

• Killware is a type of cyberattack in which cybercriminals target healthcare organizations for financial profits. 
• Healthcare organizations must prioritize cybersecurity to safeguard patients and their data from threat actors. 
• Recent killware attacks are shifting the cybersecurity landscape as companies realize hackers may aim to do more than demand ransoms. 
• A 2019 ransomware attack is reported as one of the first incidents that led to a baby’s death. 

What Is Killware? 

Killware is a recent type of cyberattack in which hackers threaten to harm or kill people if a ransom is not paid. This is different from traditional ransomware, where hackers threaten to steal or expose users’ sensitive data until a ransom is successfully transferred to them. Like ransomware, hackers use killware for financial gain.  

Healthcare organizations are a primary target for these attacks because system downtime can interfere with critical patients receiving vital treatment necessary to survive. While the attacks are still limited, the consequences have proven devastating for patients and their loved ones. 

In the News 

In 2019, a ransomware attack targeted the Springhill Medical Center in Alabama, which shut down the center’s computer systems and medical equipment for 8 days. During this attack, a mother went into labor, and because the systems were down, the staff could not use the equipment that monitors fetal heartbeats. The team couldn’t recognize that the umbilical cord was wrapped around the baby’s neck, which led to the baby being diagnosed with severe brain damage and dying nine months later. Indeed, healthcare and medical device manufacturers must prioritize preventing these killware attacks so cases like this never happen again. 

It’s been recently found that there are security vulnerabilities in infusion and insulin pumps. If identified, hackers can tamper with these medical devices to remotely alter medication dosages. This can create a severe risk to patients’ safety and wellbeing. While there are no official reports, the potential risks are a catalyst for healthcare companies to improve cybersecurity efforts. 

In 2021, hackers targeted the Oldsmar, Florida, water treatment facility to increase the sodium hydroxide (lye) levels in the public water supply to over 100 times the normal levels, which would make it dangerous to drink. The cybercriminal gained unauthorized remote access to the facility’s software platform, TeamViewer, which was dormant for months. An operator identified the attack, which prevented anyone from being harmed. This attack reveals that critical infrastructure systems are susceptible to cyber attacks as they are typically operated and maintained via remote access software.  

 Protect Your Organization Against Killware 

Over 550 organizations reported healthcare data breaches to the United States Department of Health and Human Services (HHS) in 2021. These breaches impacted 40 million people. While organizations are improving their cybersecurity defenses, cybercriminals are becoming more creative and aware of vulnerabilities in systems, software, and applications. 

It’s unlikely that hackers using killware will adopt drastically different techniques or replace other cyberattacks, such as ransomware or malware. Optiv Security’s Chief Information Security Officer (CISO) Brian Wrozek drives this point home by stating that “I don’t see them really adapting their techniques or what they’re trying to attack as much as trying to raise the anxiety level of the victims to convince them to pay and pay more.”  

What Can Businesses Do to Address These New Cyber Threats? 

Even though it’s virtually impossible to prevent all cyberattacks, organizations can still take measures to help defend against killware attacks. The security best practices are similar to those used to prevent other attacks. However, if killware attacks are successful, there are more damaging consequences, such as physical harm or death to people.

• Follow Security Best Practices – one of the most effective solutions to protect an organization is implementing security best practices. These practices include multi-factor authentication, network segmentation, security and application updates, patching, and using strong, unique passwords, password managers, antivirus software, and encrypting/tokenizing sensitive data.  
• Be Aware of Phishing – this is an easy way for threat actors to access sensitive information and private software by sending emails or text messages containing malicious attachments or links. If an employee takes the bait and clicks on the link or attachment, this can give hackers unauthorized access to an organization’s systems. 
• Establish Application Security – all medical device manufacturers should prioritize building layered security into the devices rather than after the devices are impacted by an attack. 
• Use Threat Modeling – IT teams should think about devices, systems, and applications from a hacker’s point of view. This perspective can help discover security vulnerabilities and how to secure these weak entry points. 
• Establish an Incident Response (IR) plan – If a killware attack hits a business, the last thing they want to do is be unprepared for how to respond. It’s recommended that healthcare organizations take the time to create, document, and practice their IR plans post-attack. Additionally, this can help companies reduce the severity of any damages because they will already know how to respond and recover from a cyberattack quickly.  
  
  

The digital landscape is everchanging with new software, applications, devices, and systems being developed and implemented in healthcare organizations. While killware attacks are still limited in quantity, they pack a dangerous blow when it directly affects patients’ lives. Cybercriminals will continue to find new and different approaches to get victims to pay hefty ransoms. Organizations must take a proactive approach to increase their cybersecurity efforts and monitor for potential threats – their patients’ safety and well-being depend on it.