The Ransomware Remedy for Healthcare Organizations: SSL Traffic Inspection

Ransomware has been around for nearly a decade and is fast becoming the attack of choice by cyber criminals to target healthcare organizations. A recent survey by Healthcare IT News and HIMSS Analytics, revealed that about 50% of healthcare organizations said they have no way of identifying these types of attacks.1 It’s disturbing that their customer data could be at risk right now, and they may not even be aware of it. In our view, healthcare organizations are at risk of ransomware attacks primarily because of SSL encrypted traffic

Why Healthcare Organizations Are Being Hit
Let's take a look at why healthcare is an attractive target for ransomware attacks:

  • Unlike other businesses, healthcare organizations aren’t equipped to deal with sophisticated attacks.
  • Patient data is crucial in life-and-death situations, so healthcare organizations don’t have the luxury of holding out on paying the ransom.
  • Because of Health Insurance Portability and Accountability Act (HIPAA) patient privacy regulations, certain communications require SSL encryption.

Leveraging a Good Thing to Do Harm
Healthcare security professionals embrace SSL encryption and agree that it’s necessary. But hackers are using it to their advantage by locking down valuable patient data and then demanding a ransom for the decryption key. Once ransomware gets into your system or network via malware embedded in email attachments or drive-by downloads, it hides behind various obfuscation techniques to evade network security defenses.

The Antidote: SSL Inspection
SSL inspection is an essential for defending against ransomware. Here’s why:

  • Intrusion detection systems (IDS)/intrusion prevention systems (IPS), network monitoring, and other traditional defenses can’t inspect encrypted traffic. It’s estimated that over 50% of current Web traffic is encrypted, but most healthcare organizations can’t inspect it—only advanced SSL decryption technology can do that.
  • When ransomware is installed, it operates as a command and control server that reaches out to the attackers in order to get the encryption keys. This communication is hidden in encrypted SSL traffic to avoid detection. SSL decryption exposes it so that the security infrastructure can stop ransomware before it downloads the encryption key, preemptively stopping the attack.

An Ounce of Prevention
We hope we’ve raised awareness about how you can prevent ransomware attacks through SSL traffic inspection. Thunder SSL Insight (SSLi) from A10 Networks removes the blind spots created by encrypted traffic and helps halt ransomware attacks before they hold your healthcare data hostage and put your patients and your organization at risk.

Learn more about our advanced SSL inspection solution by visiting www.a10networks.com/ssli

1 http://www.healthcareitnews.com/news/more-half-hospitals-hit-ransomware-last-12-months

Add new comment