Healthcare Industry Battles Chronic Ransomware Attacks

VMware Carbon Black Senior Director, APJ Matt Bennett discusses ways healthcare organizations can adopt a proactive approach to stay one step ahead of cyber attackers.

By Matt Bennett

Over the past few months, several high-profile ransomware attacks have been reported with a specific focus on some of the largest healthcare providers across the globe. The recent surge in telemedicine adoption amidst the COVID-19 pandemic, as well as the growth in adoption of digital healthcare tools, have made cybersecurity a real concern for these organisations as they navigate the expanding threat landscape.

Ransomware attacks can be detrimental to all organisations. However, the stakes are especially high for healthcare providers. Data —specifically, sensitive patient information needed to deliver the best care and safely run these organisations — is a prime target for attackers who use ransomware to steal, encrypt, and hold data for ransom. When malicious software attacks hit healthcare institutions, they are more often than not forced to take their computer systems offline in an effort to stop the spread of the attack, which can ultimately lead to lapses in patient care.

Healthcare organisations are a prime target because of the quick return on investment. Cybercriminals understand that whenever a sense of urgency is perceived by their target, the faster they will respond and pay the ransom.

There are two main competing factors that have led to the rise in ransomware attacks within the healthcare industry. First, the mission of healthcare organisations is to protect lives and treat patients. This noble mission undoubtedly leaves healthcare providers more apt to pay a ransom quickly when an attack occurs to ensure the organization can return back to business as usual, protecting patient data and care.

Secondly, the prioritisation of compliance over security and a long digital supply chain has left healthcare organisations vulnerable. Without a doubt, this has been further exacerbated by the pandemic and the rapid adoption of new technologies to meet patient needs.

Unfortunately, when confronted with a ransomware attack, healthcare organisations have seemingly few options at their disposal. Even if the affected organization does pay the ransom, there is no real guarantee that their data will be restored. The ransom payment then becomes a risk calculation for the affected organisation, in addition to the perpetuating threat of ransomware.

Even worse, these hackers may keep the stolen data for resale or further extortion. Stolen data often appears on the dark web for a purchase price. Over the past decade, the dark web has grown steadily and now at the scale to be the third-largest economy in the world, according to the World Economic Forum. While it may seem like a difficult choice, organisations should not pay a ransom to help to combat the business of ransomware.

We have seen plenty of cases where big technology or retail companies fall prey to cyberattacks, but they do not carry the same weight as it does in the healthcare sector.

In September, a ransomware attack hit Düsseldorf University Clinic in Germany crippling the server and encrypting data. With the hospital’s systems down, a patient who was seeking emergency treatment had to be moved to another hospital, and unfortunately died before she could be treated. In Asia, hospitals across Thailand were similarly affected by a ransomware attack where hackers held computer systems and data for ransom.

For healthcare organisations, there is a clear social impact to these cyberattacks. The importance of cybersecurity goes far beyond data protection. A strong cybersecurity posture could mean the difference between a life or death. According to our recent research, 55% of healthcare organisations plan to increase their cyber defence budgets within the next 12 months. While the industry is finally understanding the gravity of the situation, more needs to be done as there is no one-size-fits-all approach to cybersecurity.

Healthcare organisations need to consider the larger risk and consequences that these types of cyberattacks can have on society. Cybercriminal groups are here to stay, and they are unfortunately growing, expanding, and partnering up to increase their destructive capabilities and effectiveness. With the power of the dark web, cybercriminals – even the most novice – have a marketplace for attackers to communicate and access cyberattack tools.

Ransomware attacks will continue to be pervasive as cybercriminals look to profit from the strained healthcare systems amidst the pandemic. It is a true struggle for understaffed and underfunded healthcare security teams.

As much as cybercriminals continue to exploit these trying times for personal gain, healthcare organisations need to take a proactive approach to their cybersecurity measures. Raising cybersecurity awareness among employees, implementing stronger security practices, as well as investment in proper proactive security technologies and staff are among the many actions that organisations can take to stay one step ahead of attackers.

Organisations should shift to an intrinsic security model, one where security is built in and not bolted onto the enterprise. Security teams must integrate security controls, microsegmentation, employ just-in-time authentication and modernize their endpoint security controls. We are past the point of human safety as an issue. Patient care should not be affected due to a ransomware attack.

(Ed. Featured image by Photographer Jonathan Borba.)