Skip to main content Skip to search
Start Your Free Trial
Blog

The Ransomware Remedy for Healthcare Organizations: SSL Traffic Inspection

A10 Blog / Cyber Security / The Ransomware Remedy for Healthcare Organizations: SSL Traffic Inspection
Paul Nicholson
Paul Nicholson
|
May 2, 2016

Ransomware has been around for nearly a decade and is fast becoming the attack of choice by cyber criminals to target healthcare organizations. A recent survey by Healthcare IT News and HIMSS Analytics, revealed that about 50% of healthcare organizations said they have no way of identifying these types of attacks.1 It’s disturbing that their customer data could be at risk right now, and they may not even be aware of it. In our view, healthcare organizations are at risk of ransomware attacks primarily because of SSL encrypted traffic

Why Healthcare Organizations Are Being Hit

Let’s take a look at why healthcare is an attractive target for ransomware attacks:

  • Unlike other businesses, healthcare organizations aren’t equipped to deal with sophisticated attacks.
  • Patient data is crucial in life-and-death situations, so healthcare organizations don’t have the luxury of holding out on paying the ransom.
  • Because of Health Insurance Portability and Accountability Act (HIPAA) patient privacy regulations, certain communications require SSL encryption.

Leveraging a Good Thing to Do Harm

Healthcare security professionals embrace SSL encryption and agree that it’s necessary. But hackers are using it to their advantage by locking down valuable patient data and then demanding a ransom for the decryption key. Once ransomware gets into your system or network via malware embedded in email attachments or drive-by downloads, it hides behind various obfuscation techniques to evade network security defenses.

The Antidote: SSL Inspection

SSL inspection is an essential for defending against ransomware. Here’s why:

  • Intrusion detection systems (IDS)/intrusion prevention systems (IPS), network monitoring, and other traditional defenses can’t inspect encrypted traffic. It’s estimated that over 50% of current Web traffic is encrypted, but most healthcare organizations can’t inspect it—only advanced SSL decryption technology can do that.
  • When ransomware is installed, it operates as a command and control server that reaches out to the attackers in order to get the encryption keys. This communication is hidden in encrypted SSL traffic to avoid detection. SSL decryption exposes it so that the security infrastructure can stop ransomware before it downloads the encryption key, preemptively stopping the attack.

An Ounce of Prevention

We hope we’ve raised awareness about how you can prevent ransomware attacks through SSL traffic inspection. Thunder SSL Insight (SSLi) from A10 Networks removes the blind spots created by encrypted traffic and helps halt ransomware attacks before they hold your healthcare data hostage and put your patients and your organization at risk.

Learn more about our advanced SSL inspection solution by visiting www.a10networks.com/ssli

1 https://www.healthcareitnews.com/news/more-half-hospitals-hit-ransomware-last-12-months

Share this post:

Share on LinkedIn
Categories:
Cyber Security
Previous Post
Next Post
Paul Nicholson
Paul Nicholson
|
May 2, 2016

Paul Nicholson brings 24 years of experience working with Internet and security companies in the U.S. and U.K. In his current position, Nicholson is responsible for global product… Read More

Seeing is believing.
Schedule a live demo today.

Get a Product Demo

Related Resources

  1. Encrypted Traffic Inspection Lags as Malware Rises
  2. Ransomware, Phishing, Zero Trust, and the New Normal of Cyber Security
  3. Death by Ransomware: Poor Healthcare Cybersecurity