A sharp rise in hospital ransomware attacks is underscoring the need for security programs that blend human-powered threat hunting with technology that can identify risks based on a vast number of sources.
According to a report published by Check Point in May 2021, healthcare has been the most targeted sector by ransomware attackers since the beginning of April. Attackers target healthcare organizations an average of 109 times every week, far outpacing the average weekly attacks on the utilities and insurance sectors.
Hospital ransomware attacks reflect the spike in cyber criminals deploying ransomware attacks. Ransomware appeared in 10% of incidents, according to Verizon's 2021 Data Breach Investigations Report—more than double the frequency of ransomware attacks than reported in the previous year's analysis.
The consequences of ransomware attacks on healthcare
Ransomware uses malicious software or other mechanisms to block access to data and IT systems until the victim pays the attacker. In healthcare, cyber criminals could gain access to confidential and sensitive data such as electronic healthcare records and mission-critical applications.
When hospital ransomware attacks succeed, the damage can be extensive. Lives are put at risk. Earlier this year, Emsisoft's State of Ransomware Report suggested ransomware could make it impossible for providers to access lab tests, or even divert ambulances from where their emergency medical services teams are urgently needed.
The Emsisoft report highlighted the ransomware attack on the University of Vermont Health Network, whose team was locked out of its electronic health record, patient portal and other systems for more than a month. The financial impact is estimated to exceed $63 million, and the attack delayed planned IT system deployments.
Attackers do not always use ransomware for extortion. Once hackers gain access to healthcare systems, hospitals are also at risk of data exfiltration, where information about patients or the organization is stolen outright and used for malicious purposes.
Ransomware attacks on healthcare would be a concern at any time, but the increased burden on providers amid the urgency of the COVID-19 pandemic could make them even more devastating. At the same time, healthcare organizations are, like businesses in many other sectors, pivoting portions of their team to a remote work model, which widens the attack surface for ransomware.
How to mitigate the risk of hospital ransomware attacks
Organizations can deter hospital ransomware attacks by ensuring that employees receive proper security training. Many ransomware attacks on healthcare begin with phishing schemes, in which an employee is duped into clicking on a link that introduces malware to IT systems.
Increased vigilance for unusual activity on employee systems and corporate networks can bolster education efforts. Though healthcare IT teams might not have the bandwidth to do this on their own, advanced security operations services can monitor for and detect anomalies the moment they happen. Additionally, network security capabilities that address Domain Name System (DNS) weaknesses can help reduce the chance of ransomware sneaking into an organization’s systems.
The right third-party service provider will provide more than threat intelligence that can help reduce hospital ransomware attacks. It will also offer expertise on how to deal with threats as they are identified.
Some healthcare organizations might already have invested in security incident and event management (SIEM) technologies to improve their cybersecurity defenses. Managed SIEM services that offer a higher level of analytics can further enhance defenses—because the right managed service provider can provide threat intelligence from a wider variety of sources. “A ransomware attack forces organizations to make some very tough decisions,” says Jim Meehan, Senior Investigations Manager in Verizon’s cyber security practice. Meehan, who fought crime and cyber crimes as a member of the United States Secret Service for more than two decades, explains: “Should we pay? How much is too much? Who approves the payment, and where do we get the money from? And what if the hacker takes the payment but leaks our data anyway? You have to have a specific ransomware contingency plan and policy in place, well before such an attack, because you don’t want to be making those decisions in real time. The longer an incident goes on, the more damage it will do to the company.” Meehan advises business leaders and security teams to collaborate regularly to ensure their ransomware response plans are up to date.
Ransomware attacks on healthcare are unlikely to go away. Explore how partnering with a managed service provider could put providers in a better position to respond more quickly and better manage incidents as they happen.