What Healthcare Professionals Need to Know about Bitcoin - Bitpipe

Download PDF
0 downloads 163 Views 740KB Size Report
Comment
Just as parties in an exchange operate under alia, bitcoin was created ... from a ransomware attack as well as have an o
What Healthcare Professionals Need to Know about Bitcoin The words “paying the ransom” conjure up fantastic images of meeting in a dark alley with a briefcase full of money. In the case of ransomware attacks, paying the ransom doesn’t involve any alleys, but it can involve a currency that sounds just as imaginary: bitcoin. Ransomware attacks became a top concern in 2016 and IDC FutureScape: Worldwide Healthcare IT 2017 Predictions1 predicts ransomware attacks against healthcare organizations will double by 2018. Healthcare systems that make the tough choice to pay the ransom must pay cybercriminals in digital currency sent through the internet, known as bitcoin. Reuters reported2 that criminals typically set modest ransoms to increase the odds that the victim will pay. Since healthcare systems are facing a deadline when attacked by ransomware, it’s important to understand how to get the currency quickly in case your healthcare system does not have a backup of your data and decides to take the risk of paying the ransom.

1 commvau.lt/2iCgaO4

2 commvau.lt/2gfMiWe

WHAT EXACTLY IS BITCOIN? The concept behind bitcoin is simple – a digital coin you send through the internet. Becker’s Health IT & CIO Review3 defined bitcoin as “an electronic currency that exists but can’t be touched, that operates above banks with no central authority and is issued by collective action.” This means that buyers and sellers transfer funds directly to each other with no middleman such as a payment service or bank. Most important, no one knows the identity of the buyer or the seller, and this information is untraceable. Just as parties in an exchange operate under alia, bitcoin was created under the alias Satashi Nakamoto4 in 2009. Bitcoin is unique in that it is truly global, with a single currency and value regardless of global location. There is no limit to transactions, either in amount or frequency. To make it even more appealing, there are also no surcharges for use. While common uses are for illegal activities, such as ransom, drugs and murder for hire, a number of legitimate businesses5 including Microsoft accept bitcoin as payment, and there is even a bitcoin-only Red Bull vending machine6 in Prague.

WHERE DO YOU EVEN GET BITCOIN? While the last choice that a healthcare system wants to make is paying the ransom – and doing so is not advised by the FBI – there are cases where it is likely the right decision because loss of files compromises patient care. In those instances, time is of the essence, so the quicker your healthcare system can acquire the bitcoin, the sooner your providers can care for their patients. The example of a university Chief Security Officer that The Wall Street Journal7 reported as purchasing bitcoin mining machines and stockpiling bitcoin in case of a ransomware emergency may be a bit overzealous. But it is smart to understand the process of finding bitcoin and possibly even set up a wallet in advance.

HERE ARE THE STEPS TO ACQUIRE BITCOIN 1 Determine the current US dollar value of the bitcoin request. The virtual currency fluctuates significantly, and it’s important to know exactly how much you are paying for both decision-making and fundstransfer purposes. Use a converter to determine the amount, such as CoinDesk’s Bitcoin Calculator.8 2 Set up a bitcoin wallet. A number of companies offer bitcoin wallets to store bitcoins that you collect through selling items or purchasing off the exchange. Use the information at Bitcoin.org to compare processing fees and security when selecting a wallet. Most wallet vendors and account services have mobile apps to use for transactions.

2

3 commvau.lt/2fXhauT 6 commvau.lt/2fXbAJ4

4 commvau.lt/2fsZWJO 5 commvau.lt/2gomoR6 7 commvau.lt/2gyzZYW 8 commvau.lt/2iLfVAr

4 Ways to Protect and Recover from Ransomware Attacks Ransomware has become an easy source of revenue for cyber criminals, and the number of ransomware incidents targeting healthcare is on the rise.

commvau.lt/2ahJzvf

3 Buy bitcoin from an exchange. Multiple exchanges9 sell bitcoin, with some exchanges offering fixed prices and others selling the currency in an auction-style setup. Most exchanges typically accept payment via credit card, while others will take a bank or wire transfer.

INCREASED AVAILABILITY OF BITCOINS SPURS INCREASE IN RANSOMWARE ATTACKS It used to be that cybercriminals concentrated on stealing data and selling the information to other criminals. But the trend has shifted toward encrypting files and demanding bitcoin in exchange for the encryption code. It’s most likely not a coincidence that ransomware attacks increased at the same time that bitcoin become more accessible. The Wall Street Journal article “In the Bitcoin Era, Ransomware Attacks Surge,”7 reported that stability and increasing use of bitcoin has been a factor in the increase of attacks – since criminals are now less likely to get caught. Hospitals have become a popular target because of the large amounts of information in their EHRs as well as the importance that the information has to patient care. A cybercriminal’s goal is typically to make money without being caught. It’s not surprising that attackers are demanding payment in bitcoin since it ensures that authorities cannot trace their identity through a money trail as in the case of traditional currency. To make it even harder, criminals use bitcoin to launder money by transferring the funds through multiple wallets. Some even use a mixing service, which is where funds from many different wallets are transferred into a single large wallet and then parceled out, reported ZDNet.10 The fact that a unique secret key is needed for each transaction to both send and receive bitcoin may be another reason criminals are using the currency. Healthcare systems should do everything in their power to protect their networks and data from a ransomware attack as well as have an off-line backup to quickly restore data. However, since cybercrime and technology can be unpredictable despite best efforts, it is important to do preliminary research on bitcoin as well as select a wallet and an exchange should you ever need it. This way, if your healthcare system decides that paying the ransom is worth the risk of being targeted again or not getting the files back, you can move quickly.

9 commvau.lt/2fXgMMR

10 commvau.lt/2gzPeND

Only Commvault provides a single platform for keeping all your healthcare enterprise data — clinical and business data alike — fully protected and accessible. Learn more at commvault.com/healthcare. © 2017 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, Commvault Systems, Commvault OnePass, CommServe, CommCell, IntelliSnap, Commvault Edge, and Edge Drive, are trademarks or registered trademarks of Commvault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.

COMMVAULT.COM | 888.746.3849 | [email protected] © 2017 COMMVAULT SYSTEMS, INC. ALL RIGHTS RESERVED.