As if going to the dentist wasn't painful enough.
A dental practice was hit last year by a strain of malicious software that sought out X-ray images and encrypted them on the clinic's computer system. Hackers in Eastern Europe then demanded $500 in Bitcoins to unlock the files, according to Jeff Horne, who investigated the breach for Accuvant, a Denver-based security firm. The ransom amount increased by $500 each day it wasn't paid.
While ransomware has been around for years, it has typically taken the form of fake antivirus alerts. Criminals demand payment to clean the malware (their own, of course) from the victims' computers. Now, hackers are using programs such as CryptoLocker and CryptoWall to search out valuable files on victims' machines and encrypt them, rendering them useless until a fee is paid. Often times, the most valuable files are images.
This type of cyber-extortion comes as more of the health-care industry goes digital with their patient records. Last year, we wrote about medical practices in Illinois and Australia that were infiltrated by hackers who encrypted patients' files and held them for ransom. Security experts expect to see these kinds of incidents becoming more common.
The use of ransom software is growing rapidly. Symantec, the biggest maker of security software, detected five times more of it in 2013 compared with 2012, according to Kevin Haley, a director at the company. The use of crypto-ransom software in particular is growing fast. In 2002, it accounted for 0.2 percent of all ransomware attacks. This year, it's 25 percent, he said.
Hackers are targeting images because they think those files are the ones people will most likely pay for to retrieve, he said.
"Eventually this will become the dominant form of ransomware," Haley said. "With photos, there's emotional value. That's really effective."
The medical industry is already a prime target for hackers. Last week, Community Health Systems, a Tennessee-based hospital chain, disclosed an extensive breach affecting 4.5 million health records.
As for the dental practice, which Accuvant's Horne declined to name, the outcome was good. His company was able to unlock the X-rays and give the dentist his files back without having to pay the ransom.