Ransomware vs. Healthcare: Why Cybersecurity Is Patient Security
Ransomware: The stats
In the first half of 2020, cyber attacks against healthcare surged by 300%. In particular, ransomware attacks jumped by 109% across the US, and that's after healthcare providers had already suffered a 350% increase in ransomware attacks in the last quarter of 2019.
Ransomware attacks against healthcare providers are on an upward trajectory and gaining in popularity among threat actors, particularly against the healthcare sector. But what is ransomware and why is it so dangerous?
What is ransomware?
In a ransomware attack, files (patient medical records, in the case of healthcare), devices (DICOM devices, computers, MRI machines, etc.), and systems (healthcare IT networks) are encrypted by threat actors and held ransom. Typically, access to systems and files will be granted once a fee, dictated by the threat actors, is paid in full.
Recent ransomware attacks have forced system-wide hospital shutdowns, appointment and surgery cancellations, and reversions to pencil and paper records. Financial damage from ransomware attacks has cost "the U.S. health system more than $157 million" since 2016. In mid-September 2020, a ransomware attack against Duesseldorf University Hospital in Germany led to the death of a patient.
Most recently, a ransomware attack against Universal Health Services (UHS), a large hospital chain in the United States and UK, took thousands of computers offline and led to the cancellation of surgeries and the diversion of emergency patients to neighboring facilities.
Why is ransomware so popular among threat actors?
Ransomware attacks are easy to execute, especially against the healthcare sector. Healthcare IT networks are replete with electronic medical records (which can garner thousands of dollars on the black market vs. 10 cents for a social security number and 25 cents for a credit card number).
The devices on these networks are particularly difficult to secure, old, and running legacy operating systems. For instance, the most infamous ransomware attacks, including WannaCry and Petya exploit a legacy Windows vulnerability that allows them to gain entry into a single vulnerable device and infect all connected devices on the network from there, including clinically-critical medical IoT (IoMT) devices. IoMT devices are notorious for their lack of built-in cybersecurity and easy exploitation.
On top of this, hospitals are often willing to pay the ransom because of devices’ involvement in life-saving medical procedures and the inability to operate without access to patient records.
How can you prevent ransomware attacks on hospitals?
The best way to stop ransomware and other attacks in their tracks, including DoS and MEDJACK attacks, is to take proactive, preventative measures.
1. Automate your risk assessment process
Constantly assess risk on all assets across your organization. Automated risk assessment solutions send relevant team members real-time alerts on suspicious activity, recall notices, devices with known vulnerabilities, and OS updates and patches.
2. Identify at-risk devices
Automatically locate and identify every vulnerable and at-risk device on your network.
3. Patch or reconfigure devices (where possible)
Once you’ve conducted your risk assessment and identified at-risk devices, tag those that can be patched or reconfigured to remediate the risk.
4. Configure segmentation policies for unpatchable devices
Configure segmentation policies to remediate risks that can’t be resolved by updating or patching to improve overall security posture.
5. Monitor risk continuously
Once you’ve patched or segmented your at-risk devices, perpetually monitor your network for new risks and vulnerabilities.