Hospitals and health systems must stay on the lookout for Ryuk ransomware, which is one of the newest and biggest cyber threats emerging in the industry, according to the American Medical Association.
The ransomware targets large cybersystems and encrypts their data so it becomes inaccessible to the organization until it pays a ransom. Ryuk, which was used in the Sept. 27 cyberattack against Universal Health Services, created an opportunity for insider attacks by individuals who have identified ways to exploit weaknesses in an institution's technology.
"We're seeing a lot of insider threats, unfortunately, where folks may recognize that their systems aren't patched as strongly as they should be or completely as they should be, and they're able to just insert this software right into some unsecured systems," said AMA Assistant Director of Federal Affairs Laura Hoffman. "One of the biggest examples we've actually seen recently is with the UHS health care system where computers were infected, and many practices had to shut down. Hospital systems were without their EHR for some time."
To reduce these insider threats, Ms. Hoffman recommends IT staff check that software is up to date and ensure software patches for all technology are completed regularly, including personal computer operating systems and internet browsers that link to bigger data systems.