The Ransomware Remedy for Healthcare Organizations: SSL Traffic Inspection

Paul Nicholson
May 2, 2016

SSLi Healthcare

Ransomware has been around for nearly a decade and is fast becoming the attack of choice by cyber criminals to target healthcare organizations. A recent survey by Healthcare IT News and HIMSS Analytics, revealed that about 50% of healthcare organizations said they have no way of identifying these types of attacks.1 It’s disturbing that their customer data could be at risk right now, and they may not even be aware of it. In our view, healthcare organizations are at risk of ransomware attacks primarily because of SSL encrypted traffic

Why Healthcare Organizations Are Being Hit

Let’s take a look at why healthcare is an attractive target for ransomware attacks:

  • Unlike other businesses, healthcare organizations aren’t equipped to deal with sophisticated attacks.
  • Patient data is crucial in life-and-death situations, so healthcare organizations don’t have the luxury of holding out on paying the ransom.
  • Because of Health Insurance Portability and Accountability Act (HIPAA) patient privacy regulations, certain communications require SSL encryption.

Leveraging a Good Thing to Do Harm

Healthcare security professionals embrace SSL encryption and agree that it’s necessary. But hackers are using it to their advantage by locking down valuable patient data and then demanding a ransom for the decryption key. Once ransomware gets into your system or network via malware embedded in email attachments or drive-by downloads, it hides behind various obfuscation techniques to evade network security defenses.

The Antidote: SSL Inspection

SSL inspection is an essential for defending against ransomware. Here’s why:

  • Intrusion detection systems (IDS)/intrusion prevention systems (IPS), network monitoring, and other traditional defenses can’t inspect encrypted traffic. It’s estimated that over 50% of current Web traffic is encrypted, but most healthcare organizations can’t inspect it—only advanced SSL decryption technology can do that.
  • When ransomware is installed, it operates as a command and control server that reaches out to the attackers in order to get the encryption keys. This communication is hidden in encrypted SSL traffic to avoid detection. SSL decryption exposes it so that the security infrastructure can stop ransomware before it downloads the encryption key, preemptively stopping the attack.

An Ounce of Prevention

We hope we’ve raised awareness about how you can prevent ransomware attacks through SSL traffic inspection. Thunder SSL Insight (SSLi) from A10 Networks removes the blind spots created by encrypted traffic and helps halt ransomware attacks before they hold your healthcare data hostage and put your patients and your organization at risk.

Learn more about our advanced SSL inspection solution by visiting www.a10networks.com/ssli

1 https://www.healthcareitnews.com/news/more-half-hospitals-hit-ransomware-last-12-months


Paul Nicholson
May 2, 2016

About Paul Nicholson

Paul Nicholson brings 24 years of experience working with Internet and security companies in the U.S. and U.K. In his current position, Nicholson is responsible for global product marketing and strategy at San Jose, Calif.-based application networking and security leader A10 Networks. Prior to A10 Networks, Nicholson held various technical and management positions at Intel, Pandesic (the Internet company from Intel and SAP), Secure Computing, and various security start-ups. READ MORE

Seeing is believing.
Schedule a live demo today.

Get a Product Demo