Analysis of a Recent Information Security Breach
Electronic records and enterprise information, in general, are prone to security breaches. Reports of information security breaches are made almost in all places and by both institutions and individuals. Of particular concern are the alarming rates of medical information security breaches. For instance, the monthly average of attacks on medical records is estimated to be above 780,000 in the US alone (Greene, 2016).
This essay analyzes an information security breach at Hollywood Presbyterian Medical Center (based in Los Angeles), which took place in February of 2016.
The media overall description of the information security breach
The media described the Hollywood Presbyterian Medical Centre information breach as one of the most severe cases. The hospital staff detected a malware outbreak that resulted in the hospital management declaring an “internal emergency”. The outbreak was reported to have begun on February 5, 2016. However, reports claimed that the hospital did not give information on how the attack occurred.
The hospital computer files, including patient records, were reported to be completely inaccessible. The system malfunction was reported to have lasted for more than one week. During the breakdown, employees were compelled to carry out most of their activities by hand. A considerable number of patients were transferred to other hospitals since some of the hospital facilities like the radiation and oncology departments had suspended their services.
The attackers’ demands were outrageous, as they wanted to be given 9,000 bitcoins (an untraceable mode of online payment), whose value is more than $3.5 million. The hospital’s CEO, Allen Stefanek, was quoted saying that the quickest and most efficient way that the hospital would get the key to unlocking the encryption was through paying the attackers. The hospital management, however, refuted the claims that the demands amounted to 9,000 bitcoins, rather issuing reports that it only paid approximately $17,000 or 40 bitcoins to the attackers to unlock the encrypted information (Schwartz, 2016).
The nature of the malware that resulted in the security breach
The information security breach at the center resulted from a ransomware (malware) attack. Ransomware has developed over time posing more threats to information security. Currently, the malware has upgraded to “Version 4.0”. Ransomware scrambles files in a computer and holds the information “hostage” until the attackers are paid a “ransom” to release them. The malware uses encryptions to deter computer users from accessing their files. A victim of such an attack only views a message informing them who has encrypted the information. In the message, attackers make their demands (payment in bitcoins) to the victim for the release of the key to unlocking the encrypted information.
The vulnerability that was exploited to lead to the breach
Although the hospital did not give clear information on how the attack occurred, it is evident that the hospital information system was vulnerable to external attacks. Reports were made linking the malware to possible phishing. Phishing is a technique used by attackers to drive the malware into the system of an unsuspecting user. There are possibilities that an employee might have clicked a malware link on an email or have opened a file containing the malware.
Another possible way that could have exposed the hospital to the breach is the use of credentials. In most cases, attackers pose as legit IT staff and send emails to unsuspecting users. The emails require the employees to fill in their credentials creating loopholes for the attackers to connect to the system of an enterprise by moving to file servers and domain controllers.
It is also evident that the hospital lacked a proper backup system of files and patient records. Otherwise, it would have been easy to restore normalcy once the information was encrypted.
The hospital architecture affected by the malware attack
The malware attack affected all the hospital’s computers. All the patients’ records and computer files were locked up and access was denied. The breakdown went on for more than one week leading to a temporary closure of the radiation and oncology department. Most of the work could only be done by hand.
Responses that the hospital could take to strengthen the architecture to prevent future similar attacks
The Hollywood Presbyterian Medical Center software and all operating systems should always be covered and strengthened. Malware delivery depends on loopholes, especially when computers and other electronic information storage gadgets are not properly protected (Ducklin, 2016).
As such, hospital architecture should employ effective on-access antiviruses that are regularly updated. Research has revealed that properly used antivirus can block and prevent ransomware attacks (McGee, 2016). Oftentimes, ransomware is delivered using an existing and active malware in unprotected gadgets and computers.
All data handlers and employees, in general, should be advised to avoid all unsolicited or unexpected attachments since ransomware is oftentimes packaged into files and emails.
Cyber threats are increasingly becoming more and more sophisticated and, therefore, the hospital should constantly carry security risk assessments, which experts have recommended for optimal preparedness (McGee, 2016).
Lastly, it is recommended that Hollywood Presbyterian Medical Center should make regular backups of their databases, keeping some recent backup offline to enhance information retrieval in case of similar attacks in the future.
References
Ducklin, P. (2016). Ransomware evolution: Another brick in the CryptoWall. Naked Security. Web.
Greene, S. (2016). Electronic Medical Record Forensics Expert: Why Electronic Medical Records are Attractive to Hackers. Evidence Solutions. Web.
McGee, M. K. (2016). Cyber Mistakes Smaller Healthcare Entities Must Avoid. Data Breach Today. Web.
Schwartz, M. J. (2016). Ransomware Hits Hospitals. Healthcare Info Security. Web.