A surge in ransomware campaigns is expected to hit the medical sector in 2016, according to a recent report published by forecasters at Forrester Research.
The paper ‘Predictions 2016: Cybersecuirty Swings To Prevention’ suggests that the primary hacking trend of the coming year will be “ransomware for a medical device or wearable,” arguing that cybercriminals would only have to make small modifications to current malware to create a feasible attack.
Pacemakers and other vital health devices would become prime targets, with attackers toying with their stability and potentially threatening the victim with their own life should the ransom demands not be met.
Traditional ransomware attacks take control of a computer system and encrypt sensitive data demanding payment for its release – typically in the cryptocurrency Bitcoin. Strains of ransomware have hit Windows users, as well as Android and Mac OS users. However, a new focus on medical devices now seems likely.
“It’s definitely feasible from a technical standpoint,” said Billy Rios, a medical device security researcher. “Given the urgency associated with these devices, I could see it as something that could happen next year.”
Joshua Corman, founder of global information security organisation, I am the Calvary, added that the Forrester prediction is “bold”, but hopes “it doesn’t happen as they say it will, because that would shatter our confidence in these lifesaving medical devices.”
In this context, some have opined that the Sony hacks, and Ashley Madison scandal did not really cause any harm. “We’ve had an era of low-consequence failure, and that era is now over. The consequences now are life and limb and flesh and blood, and I’m not sure we’re ready for that,” added Corman.
Due to the high value of healthcare information on the black market, the medical industry is one of the most vulnerable to attacks. Ransomware too is a big opportunity for hackers, with the FBI reporting in June over a thousand complaints linked to the CryptoWall ransomware in the U.S. alone, with victims citing “losses totalling over $18 million.”