A ransomware campaign dubbed SamSam — which targeted major healthcare businesses earlier this year — is continuing to wreak havoc on the industry, according to a report from cybersecurity software firm Symantec.
Ransomware describes a type of malicious software that encrypts a victim's computer files. However, unlike typical malware, cyberattackers offer to decrypt these files in exchange for a payment, or "ransom." SamSam operates by deploying targeted attacks, breaking into an organization's computer network and encrypting data across multiple systems before issuing a single ransom demand, sometimes running as high as tens of thousands of dollars.
In response to an uptick in SamSam attacks against healthcare organizations in early 2018, HHS released a report outlining mitigation, contingency and business continuity strategies for those hit by the campaign.
One of SamSam's most prominent 2018 victims was EHR vendor Allscripts, which reported that its data centers in Raleigh and Charlotte, N.C., were hit by the ransomware variant in January. As a result of the attack, nearly 1,500 of its clients were without an EHR for hours or even days. One week after the attack, some were still unable to access electronic patient data.
"If successful, these attacks can have a devastating impact on victim organizations, seriously disrupting their operations, destroying business critical information and leading to massive clean-up costs," Symantec said.
Symantec has identified SamSam attacks against nearly 70 separate organizations to date, targeting a range of sectors in the U.S. The ransomware campaign most frequently targeted healthcare organizations (24 percent), followed by those in banking and finance (7 percent).
"Why healthcare was a particular focus remains unknown," the report reads. "The attackers may believe that healthcare organizations are easier to infect. Or they may believe that these organizations are more likely to pay the ransom."
To read Symantec's report, click here.