January 26, 2021

Rick McElroy: Ransomware Attacks Targeting Healthcare Surge

Targeted, sophisticated, and costly – over the past couple of months, several high-profile ransomware attacks have been reported with a specific focus on some of the largest healthcare providers across the world. With the recent surge in telemedicine adoption due to the COVID-19 as well as the growth of digital healthcare tools, cybersecurity is a real concern for these organisations as they navigate the expanding threat landscape.

When it comes to ransomware, the stakes are especially high for healthcare organisations. Data—specifically, sensitive patient information needed to deliver the best care and safely run these organisations— is a prime target for attackers who use ransomware to steal, encrypt, and hold data for ransom. When these malicious software attacks hit an organisation’s server, healthcare organisations are often forced to take their computer systems offline to stop the spread of the attack, which can lead to lapses in inpatient care.

So why are these attacks happening?

Cybercriminals Targeting Healthcare Organisations

One of the key reasons behind these attacks for the cybercriminals is a return on investment.  Whenever a sense of urgency is perceived by the organisation, the faster organisations will consider paying the ransom.

That said there are two main competing factors that have led to the rise in ransomware in this sector. The mission of these organisations is to protect lives and treat patients, so this leaves them more apt to pay fast when something happens. Secondarily, the prioritisation of compliance over security and a long digital supply chain has left healthcare organisations vulnerable. This has of course all been compounded by the pandemic and the rapid adoption of new technologies to meet the needs of patients.

Ransomware: To Pay or Not to Pay?

Organisations confronted with the reality of a ransomware attack have seemingly few options at their disposal. Even worse if the companies pay the ransom, there is “no real guarantee” that the hackers will restore the data. Worse, the criminals may keep the data for resale or further extortion.

The recent guidelines by the U.S. Department of the Treasury 2 highlight issues around sanctions as they have the potential to affect ransomware payments. Payment becomes a risk calculation for the organisation in addition to perpetuating the threat of ransomware as a whole.

Stolen data often ends up on the dark web which is now estimated to be the third-largest economy in the world, according to the World Economic Forum 3. To combat the business of ransomware, organisations should not pay.

Organisations hit with ransomware attacks and any firms that help ease negotiations with ransomware criminals could now face costly fines from the U.S. federal government if the hackers are already under economic sanctions, according to the new advisory from the guidelines by the U.S. Department of the TreasuryMore and more is being done to discourage ransomware payments in the effort to stop further attacks.

Increased Attacks on the Healthcare Industry During COVID-19

Last month, a ransomware attack hit Düsseldorf University Clinic in Germany crippling the server and encrypting data. With the hospital’s systems down, a patient who was seeking emergency treatment had to be moved to a hospital 20 miles away but died before she could be treated 4.

For healthcare organisations, ransomware attacks could mean a matter of life or death for patients. The importance of cybersecurity goes far beyond data protection. Foss elucidates the global social impact these attacks carry.

With the first death directly associated with ransomware happening recently and the massive impact that the latest ransomware attack will have on United Healthcare Services, we need to consider the larger risk that these types of destructive attacks can have on society as a whole.  These criminal groups are not going anywhere, and in fact, just the opposite is happening, they are growing, expanding, and partnering up to increase their capabilities by making tooling easy and accessible for even those without the technical skill to get involved and begin profiting from ransomware.

The dark web supplies a marketplace for attackers and criminals to communicate, buy, and sell stolen data, illegal access, and attack kits. The innovation attackers are using and the increasingly sophisticated advances they are making is really quite astounding.

The exploitation and resale of direct access into corporate networks is exploding. Attackers are leveraging modular and increasingly more capable malware to maximise profits. Data theft, remote access trojans, credential stuffing, initial access brokers, and more are nothing new to the threat landscape that we have all become accustomed to. However, the dynamic expansion of core capabilities allows for more diversity in their overall operations. This results in new alliances, improved tooling, and collaboration that will further their overall impact and reach.

Staying One Step Ahead of the Attackers

We can expect ransomware to continue affecting healthcare as cybercriminals look to cash-in on the strained healthcare systems amid the pandemic.

It’s a true struggle for healthcare information security teams.  They are still underfunded and understaffed. Organisations need to invest in proactive security technologies and humans to find and disrupt these attackers in their environments in real-time. We are past the point of human safety is an issue. Patient care should not be affected due to a ransomware attack.