There is a Powerful Argument to be Made for Ransomware as The Top Threat of 2016 – Protenus

Protenus’ Robert Lord talks about the unique challenges of providing healthcare-specific cybersecurity/privacy solutions.

Connected Medical Devices

We are currently facing a crises in a wide array of issues concerning cybersecurity, including network security, insider threat and ransomware – but IoT is shaping up to be a huge threat that is not just on the horizon, but has already arrived. While we have not yet seen too many of the direct threat attacks using IoT, it has been proven time and again that such exploits are fairly easy to execute, and could have disastrous results. Like any critical medical intervention that relies more on technology, we need to be extremely careful about how we deploy connected medical devices.

It may be that the advantages of having connected devices outweigh the risks, but the key thing is for us to put into thought and analysis is an understanding of what we are getting into with connecting medical devices to a larger network, and what could potentially happen as a consequence. You can’t stop everything, but you can’t deploy solutions without thinking about all options available, protecting everyone as best you can, and making sure that people get access to the critical care they need.

Healthcare Sector is Such an Attractive Target for Hackers

Health data is incredibly valuable. When you look at the data contained in these records, they include financial information, social security number and other sensitive information.  This data can be used for frauds like medical identity theft, insurance fraud, medication fraud and medical blackmail. You can open new bank accounts, get new insurance – it’s extraordinarily valuable data. That’s why healthcare is the most attacked sector, with 115 million US citizens’ records getting breached in 2015. A third of the US population has had their records breached.

The other aspect is that the healthcare sector is massively underfunded when it comes to security. Historically, healthcare has been more focused on its mission of building and deploying technology to help improve the care of patients, and that has been the best use of its money. As we transition to electronic records and transfer all of this information from paper records to an easily queried database housed in a single location or distributed throughout the hospital, we see that the protection of that information becomes very critical, and we are significantly lagging behind. It has taken a lot of time for people to realize how valuable this data is, and right now, there is a lot of catching up to be done.

Healthcare is also a very easy target because the nature of access to data is critical. People often feel the need to immediately pay the ransom, or intervene quickly, because human lives are on the line. Hospitals are willing to pay ransoms because they need to access data to take care of their patients. This makes security and privacy a real challenge, and is one of the reasons why healthcare has a lot of unique elements.

There is a need for healthcare-specific cybersecurity/privacy solutions from vendors who really understand the unique requirements of the healthcare environment. This encompasses the nature of the threat, the nature of the data, the complexity of the environment and the need to deliver healthcare.

Dark Web Angle

It is unbelievably easy to sell and purchase patient data on the dark web because it facilitates an easy transfer of data. The dark web allows for a relatively anonymous way to trade stolen patient information, since it is difficult to track. This has created a very easy market for health data, increasing the incentive to steal and distribute the stolen data. When you think about the deep web, or the more criminally focused dark web, it is essentially a tool that allows these criminals to have a market for their loot.

Nature of Ransomware

Ransomware is the encryption of an organization’s data in such a way that it is rendered inaccessible to that organization. The key to decrypt the data is not held by that organization, and this can occur in a variety of different ways. An individual can click on a bad link on a website, or open an executable attachment in an email. One way or another, what ends up happening is a program is downloaded, that gets into a hospital or health system’s network, then goes about and systematically turns all of their normal data into encrypted garbage – unless you have the key to decrypt.

Ransomware is interesting in the sense that it is not a new threat, but is definitely something that has been on the minds of a lot of people a lot more recently, especially in 2016. There is a powerful argument to be made for ransomware as the top threat for 2016, but in other ways, there are other threats that are occurring right now. Some of the biggest threats, especially with regards to the health care sector, are not so much external, but are more of the internal variety, such as insider threat. This involves those who already have access to patient records.

When you go back to the history of ransomware, it’s not always purely about encryption. In its general sense, it could merely be about impairing the function of a device or an application, in exchange for a ransom to be paid, typically in bitcoin, although there are other ways that you could pay. Bitcoin has made it easy to use ransomware by allowing for that anonymous transfer of value. In the past, you could trace back transactions using credit card numbers, post office box numbers and things like that.


Good backup hygiene is important and there are a lot of ways to do that. The basics are to have them, test them, do your due diligence to ensure that they work and can be restored. You must also make sure that they are properly segmented from the active network, such that the ransomware can’t also encrypt those backups, which we have seen happen. Recent versions of ransomware are sophisticated enough to also encrypt backups.

One of the challenges of the healthcare is sector is that they have very tight budgets, and are extremely underesourced, with regards to cybersecurity. They tend to concentrate more on the basic blocking and tackling aspect of cybersecurity, and are also facing a wide variety of other threats.

People tend to see ransomware as the main security challenge for the health sector, but they also have a huge problem with insider threat. They have employees, contractor affiliates and business associates who have access to electronic health records. The issue with such ubiquitous access to this sensitive information includes medical record snooping, where coworkers look up the medical records of each other, and individuals looking at the health records of VIPs who come into the hospitals. You find criminal networks operating inside the hospitals, bribing hospital employees to steal electronic health records for sale on the black market. There is an overwhelming amount of work to be done to protect from external threats, in addition to building that immune system for the internal threats.

Protenus’ Solutions

Protenus proactively detects HIPAA violations and insider threats in electronic health record systems and associated systems. This includes hospitals and a wide array of organizations that handle health data. Essentially, we understand in great depth what individuals should be doing with patient data, and when they go outside set boundaries of administratively appropriate areas of activity, we immediately know, since we have an end-to-end platform for the rapid resolution of those threats.


Speaker: Robert Lord

Robert Lord is the co-founder and CEO of Protenus, a health data security platform that protects patient data in the electronic health record (EHR) for some of the nation’s top-ranked hospitals. As a medical student, Robert saw first-hand how the EHR systems could be used to improve patient care and share clinical data more efficiently, but also observed that this technology created a whole new slate of serious security and privacy concerns. In 2014, Robert and his cofounder Nick Culbertson developed the initial prototype and algorithms that launched Protenus, fulfilling a critical need to better protect patient data. Robert holds an AB in Social Studies, magna cum laude, from Harvard University.

protenusAbout Protenus

Protenus protects patient privacy in the electronic health record (EHR) for top-ranked hospitals, using the latest big data techniques and Protenus-led advances in data science, machine learning, visualization, and engineering. Founded by former medical school students, the Protenus platform uniquely understands the clinical behavior and context of each person accessing patient data to determine the appropriateness of each action, elevating only true threats to patient privacy.  Protenus and its partner hospitals are fundamentally improving the way hospitals protect their patient data—further ensuring trust in healthcare.