White Paper: Ransomware as a Driver for Adopting Zero Trust Security in Healthcare

Ransomware is the most pressing threat to healthcare today
Cynerio
May 27, 2021

In healthcare, there are myriad reasons to implement a Zero Trust security architecture, but our research has shown that Zero Trust is the only way the industry's three most prominent threats can be effectively mitigated in the short and long term:

1. Ransomware—widely prevalent in connected healthcare environments due to outdated and unpatched operating systems in myriad devices

2. Outdated Vendor Firmware—many devices run embedded operating systems which are even less frequently updated than consumer OSs, and their vulnerabilities are not well known

3. Unmanaged Services—devices commonly ship with open communications protocols, like Telnet, FTP or HTTP, which are not authenticated and contain vulnerabilities

In this blog, we’ll be tackling the first threat on the list: Ransomware.

Ransomware’s Acute Threat to Healthcare

According to a recent report from Check Point, there was a 50% rise in ransomware attacks in Q3 of 2020. Healthcare is currently the most targeted industry for ransomware, and healthcare organizations are particularly vulnerable because:

  • Thousands, and sometimes tens of thousands, of vulnerable devices (including connected medical equipment) operate on their networks
  • Employee awareness of ransomware and general cybersecurity is low, and infections typically occur through phishing emails
  • Once a device within the network is infected, ransomware spreads quickly across other vulnerable devices to other parts of the network, compromising medical device functionality and blocking access to patient data 

Windows: The Central Vulnerability

Windows is healthcare's central vulnerability. Windows 7 was retired in January 2020 and Windows Embedded Standard 7 followed suit in October 2020. 

Unsupported Windows OS have the EternalBlue vulnerability (SMB port 445 on old Windows machines), making them particularly vulnerable to Ryuk ransomware, the malware responsible for one third of all attacks on healthcare organizations. Any device still running these operating systems (OS) and older do not receive support and are vulnerable.

According to a Forescout report on 75 healthcare organizations with 1.5 million connected healthcare devices, 59% of connected medical devices run Windows OS. Of those, 71% run unsupported versions that expired in 2020.

Connected Medical Devices and the Windows OS

Many critical medical devices run Windows Embedded Standard 7, including from vendors like Philips, GE, Becton Dickson, Siemens, Hologic, Carestream, and others. Many of these devices cannot be patched or upgraded for risk of disrupting critical patient care.

Ransomware Attacks on Healthcare Spike

Ransomware attacks rose sharply throughout 2020, and hit an increase of 71% in October--the month Windows retired Windows Embedded Standard 7, stopping support and security updates.

Ransomware hit and compromised numerous healthcare organizations in 2020, including:

  • United Health Services (UHS)--400 US hospitals and clinics were shut down for three weeks
  • Dusseldorf University Hospital--Services were shut down and led to the death of a patient
  • France University Hospital Health Network--6,000 PCs were shut down, forcing the hospital to return to pen and paper

Why Zero Trust Is the Solution to Ransomware

Healthcare organizations cannot employ reactive measures— detection and response—to mitigate the ransomware threat because:

Ransomware moves fast—it spreads laterally from device to device across flat networks. Ryuk ransomware can spread and infect an entire network in as few as 5 hours.

Medical devices are critical to patient care—once ransomware enters the network, it can leverage vulnerable connected medical and IoT devices to spread. If these devices are infected, ePHI can be compromised and medical treatment disrupted, posing a direct risk to patient safety.

Only a Zero Trust architecture can ensure:

Limited lateral movement—with Zero Trust security, unauthorized connections between devices are blocked, limiting the ability of ransomware to spread.

Attacks cannot cause harm—when vulnerable devices are segmented from other parts of the network, risk of a complete organizational shutdown is significantly reduced.

To learn more about applying healthcare-safe Zero Trust, download the full White Paper here >>


Keep your finger on the pulse of Healthcare IoT security

Get Your Free Pass to HIMSS21

August 9 -13, Las Vegas

HOW? Easy! If you are a Healthcare IT Executive and you book a 30-minute call with us before July 30th, you get a free pass (valued at $1295)

Book a Call

*Please note that there is limited pass availability