The recent “Petya” ransomware attack is just the latest reminder of dangers inherent in our increasingly digital lives. The attack, which started in Ukraine, quickly swept across the globe, even affecting American businesses.
Ransomware is a unique type of malicious software that gathers permission for a network before locking out the administrators. In order for the administrators to regain access to their information, they must then pay a ransom to the hackers.
Several American hospitals were also victim to the “Petya” attack. Among them were two hospitals in West Virginia, which have been forced to replace 1,200 hard drives in the attack’s wake. The loss of information has brought things to a crawl at the hospitals.
Still, things are not as bad as they could have been, Rose Morgan, the Vice President of patient care services at The Princeton Community Hospital in Mercer County, one of the affected hospitals, said to WV MetroNews.
“All of our computer data seem to be intact,” she said. “There’s no evidence that any personal data or information was transferred from our system, however we are unable to access our electronic medical record.”
While cyber attacks have a devastating effect on business across the world, forcing 60% of small businesses to close their doors within six months of a cyber attack, members of the medical community face much higher stakes.
That is because their databases contain not only identification information but also medical history, which is significantly more valuable. According to a Forbes report, your medical health records are worth thousands of times more than credit card information or your social security.
The report even went as far as to postulate that the information could be used to blackmail you. In fact, there have already been reports of blackmail and scams involving illegally obtained medical records.
In China, hundreds of HIV-positive people have already experienced first hand the damage that can come from someone having unauthorized access to their medical information. In 2016, a Beijing HIV/AIDS support network was targeted by someone who hacked into the Chinese Center for Disease Control and Prevention.
Using the information they obtained, they called HIV patients claiming to be a government official offering them a new drug subsidy — if they paid an online service fee. The scam netted the hacker a minimum of $18,000.
When asked why so many people fell for the scam, Bai Hua, director of the support network, said to the New York Times, “The swindlers clearly have detailed information about H.I.V. carriers, including their names, ages, addresses, I.D., places of employment, even information about their relatives.”
But it is not only those with a life-threatening illness that might find themselves targeted. Anyone who has an illness or undergoes a medical procedure that is stigmatized might be at risk.
Patients of plastic surgery and injections like Botox, the most popular of such procedures among women over 35, have already been targeted for extortion by hackers. This past June, in Lithuania, hackers hacked a cosmetic surgery clinic and download hundreds of thousands of photos of the clients.
They then threatened to release the photos unless patients paid a ransom. All totaled, near a quarter million photos were released when the clinic and patients refused to pay.
Even those with seemingly innocuous illnesses might find themselves targeted, like the 7.8 million Americans who live with hyperhidrosis, a condition that causes chronic sweating. While hyperhidrosis might not seem like an obvious candidate, with 90% of those suffering from the illness saying that it affects their emotional state and their confidence, hackers might see them as vulnerable to extortion.
But cybersecurity is a tricky field, made more difficult by the fact that 2.5 quintillion bytes of data are generated daily, according to IBM. In fact, the rate at which data is being created is so accelerated that 90% of electronic data was created in the past two years alone.
According to statements made by Dr. Christian Dameff to the Daily Wildcat, the only way forward is with the help of the government: “We need to raise awareness without being alarmist, and get the attention of policymakers.”