Jun 07 2019

Cryptomining Threats Grow Stronger for Healthcare Organizations

Malware that mines for cryptocurrency wastes system resources and can overheat and even shut down devices.

The value of cryptocurrencies such as bitcoin and Monero might be tumbling, but cryptocurrency mining malware is on the rise. In fact, in a “most wanted” threats list by security firm Check Point, resource-draining cryptomining malware were the top three items.

Hackers can earn digital currency legitimately by mining it, but doing so takes a lot of computing power, bandwidth and electricity. Hackers use malware to steal those resources from the system of the organizations they infiltrate.

For example, Cryptoloot, which took the top spot on the Check Point list, performs online mining of Monero cryptocurrency when a user visits a web page, a web service or an app. It happens without the user’s knowledge or approval, and the user doesn’t get a share of the currency.

A persistent version will continue to use resources even after the user has left the site. “The implanted JavaScript [of a cryptominer] uses great computational resources of the end users to mine coins and might crash the system,” Check Point notes in an earlier report.

Healthcare organizations, though not a specific target of cryptominers, are particularly vulnerable because of the sensitive data contained in their systems and because of regulations such as HIPAA, which requires breach notifications.

Thought to be the first healthcare organization to fall victim to this kind of attack, Decatur County General Hospital in Parsons, Tenn., notified more than 20,000 individuals that their personal health information may have been compromised by an incident in 2017 involving cryptocurrency mining software discovered on an EHR server. The hospital noted, however, that the perpetrator wasn’t targeting personal health data and that they had found no evidence the information was actually acquired or viewed by an unauthorized individual.

MORE FROM HEALTHTECH: Find out how to protect against new Mobility and IoT security threats in healthcare.

Equipment That May Be Vulnerable to Cryptomining

The hackers can attack any internet-connected device that contains a CPU, including Internet of Things devices and network and mobile devices. Their malware can also operate within browser software.

Certain types of cryptocurrency miners could be just as damaging as a ransomware attack, particularly if they compromise or crash systems in a way that causes them to lose medical data.

MORE FROM HEALTHTECH: Four cybersecurity threats to watch out for in 2019.

Signs of Cryptomining to Watch Out For

Because it runs in the background, and often when the processor is relatively idle, cryptojacking can be difficult to identify, writes Rod Piechowski, senior director of health information systems at HIMSS, in a HealthTech article.

“The most obvious signs of a cryptominer in operation are related to performance (such as unknown processes taking up an unusual amount of CPU time) or excessive heat buildup (which can cause devices to shut down or even fail completely),” Piechowski writes. “The best action an organization can take is to understand what its normal traffic and CPU activity look like. If things slow down, cryptojacking could be involved.”

Other best practices, according to the National Cybersecurity and Communications Integration Center, include deploying anti-virus software and firewalls, updating and patching operating systems, reviewing system privileges and educating employees about the threat.

Of course, these are all steps healthcare organizations have taken to guard against ransomware, which has plagued the industry for years. But a recent report by Kaspersky Lab has good news and bad news: Ransomware is “rapidly vanishing,” and “cryptocurrency mining is starting to take its place.”

gorodenkoff/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.