The value of cryptocurrencies such as bitcoin and Monero might be tumbling, but cryptocurrency mining malware is on the rise. In fact, in a “most wanted” threats list by security firm Check Point, resource-draining cryptomining malware were the top three items.
Hackers can earn digital currency legitimately by mining it, but doing so takes a lot of computing power, bandwidth and electricity. Hackers use malware to steal those resources from the system of the organizations they infiltrate.
For example, Cryptoloot, which took the top spot on the Check Point list, performs online mining of Monero cryptocurrency when a user visits a web page, a web service or an app. It happens without the user’s knowledge or approval, and the user doesn’t get a share of the currency.
Healthcare organizations, though not a specific target of cryptominers, are particularly vulnerable because of the sensitive data contained in their systems and because of regulations such as HIPAA, which requires breach notifications.
Thought to be the first healthcare organization to fall victim to this kind of attack, Decatur County General Hospital in Parsons, Tenn., notified more than 20,000 individuals that their personal health information may have been compromised by an incident in 2017 involving cryptocurrency mining software discovered on an EHR server. The hospital noted, however, that the perpetrator wasn’t targeting personal health data and that they had found no evidence the information was actually acquired or viewed by an unauthorized individual.
Equipment That May Be Vulnerable to Cryptomining
The hackers can attack any internet-connected device that contains a CPU, including Internet of Things devices and network and mobile devices. Their malware can also operate within browser software.
Certain types of cryptocurrency miners could be just as damaging as a ransomware attack, particularly if they compromise or crash systems in a way that causes them to lose medical data.
Signs of Cryptomining to Watch Out For
Because it runs in the background, and often when the processor is relatively idle, cryptojacking can be difficult to identify, writes Rod Piechowski, senior director of health information systems at HIMSS, in a HealthTech article.
“The most obvious signs of a cryptominer in operation are related to performance (such as unknown processes taking up an unusual amount of CPU time) or excessive heat buildup (which can cause devices to shut down or even fail completely),” Piechowski writes. “The best action an organization can take is to understand what its normal traffic and CPU activity look like. If things slow down, cryptojacking could be involved.”
Other best practices, according to the National Cybersecurity and Communications Integration Center, include deploying anti-virus software and firewalls, updating and patching operating systems, reviewing system privileges and educating employees about the threat.
Of course, these are all steps healthcare organizations have taken to guard against ransomware, which has plagued the industry for years. But a recent report by Kaspersky Lab has good news and bad news: Ransomware is “rapidly vanishing,” and “cryptocurrency mining is starting to take its place.”