The health-care industry has recently been in the spotlight. It has been a prominent target for ransomware in addition to assisting in the control of COVID-19’s effects. A survey of 597 health delivery organizations (HDOs) conducted in 2021 found that 42% had been victimized by two ransomware attacks over the past two years. Over a third (36%) blamed ransomware events on a third party, such as the Kaseya ransomware attack earlier this year. The consequences extend beyond the theft of health-care data, but that is vital as well. What does it signify when a health-care facility is targeted? What can they do to safeguard themselves?
Patients are directly impacted by health-care information.
Many HDOs lost faith in their abilities to deal with ransomware threats. This is the consequence of these attacks. Following the events of 2020, for example, more over half (61 percent) said they were not confident in their ransomware countermeasures. This is an increase from 55% a year ago.
After all, ransomware attacks jeopardize health care organizations’ ability to provide timely care to their patients. Take a look at the conclusions of the Ponemon study:
A successful cyber assault resulted in extended stay lengths for patients, according to nearly three-quarters (71%) of respondents.
Approximately the same percentage stated ransomware attacks caused delays in medical treatments and tests, resulting in bad outcomes for patients who required them.
Fewer (65%) indicated the assaults had resulted in an increase in the number of patients diverted to or transferred to other hospitals as a result of the attacks.
Cyber-attacks increased the death risk of around a quarter of those surveyed.
Cyber-Attacks on Hospitals in the News
The most high-profile cyber intrusions nowadays aren’t just about health-care data. In September 2020, for example, German police investigated a woman’s death after a ransomware attack on a hospital. After being sent to a hospital more than 30 kilometers (18 miles) away from her intended destination, University Hospital Dusseldorf, the patient died. The facility was hit by the DoppelPaymer ransomware, which made it impossible to receive her.
The German authorities determined after investigating the incident that the victim’s medical condition was such that she would have died no matter what hospital she was admitted to.
An Alabama woman filed a lawsuit in October lawsuit filed alleging a hospital had not informed her that a ransomware attack had disabled its computers. According to the lawsuit, hospital personnel failed to provide proper care to her baby. The baby died after suffering a severe brain injury. The attackers after money or health care data ended up with something far worse.
The Wall Street Journal reported that many of those hackers targeted health care organizations because they believed that their victims would be more inclined to pay. In order to treat their patients, these doctors needed to retrieve sensitive health data as quickly as possible. Consequently, these organizations might not have had time to negotiate with ransomware actors. Thus, they could have met those attackers’ demands without hesitation.
How Can Health-Care Organizations Protect Themselves?
Many of the HDOs polled said they were planning for a ransomware attack aimed at their health-care data or vital systems. For example, 54 percent of respondents developed a business continuity strategy that includes planned system disruptions in the case of a ransomware attack. Others, at 51 percent, 34 percent, and 23 percent, respectively, purchased cyber insurance, audited and expanded backups of business-critical systems, and budgeted for a ransomware assault.
These and other steps can undoubtedly assist health-care businesses in the event of a ransomware assault. It’s also critical that people take efforts to avoid becoming infected with ransomware in the first place.
Training in security awareness should be the first step. Modules should cover ransomware as well as other relevant concerns, including insider threats, medical imaging privacy, and supply chain risks. By doing so, people will be better able to recognize and disclose any threats to their patients’ and health-care data. This will improve the security posture of their employer.
It Is Better To Remain Updated
Of course, security awareness training is a continuous activity. This means that information security professionals must constantly update their employee training. Ensure that you are aware of any new or developing threats. This is especially true in the case of ransomware. Attack operations are continually rebranding themselves and adding more layers of extortion in this threat landscape. To that reason, security teams should consider utilizing threat intelligence to stay current. They can think about combining in-house sources with third-party streams that are relevant to their sector. They can gain as much visibility into their particular danger profile as feasible this way.
Finally, teams can put in place technical restrictions to keep ransomware gangs from employing popular attack paths. Email filters that block messages containing embedded links for disallowed domains, disabling Remote Desktop Protocol (RDP) on Windows machines that don’t need remote access, and vulnerability management to prioritize the remediation of known vulnerabilities affecting authorized software and hardware assets are among these measures.
Conclusion
A ransomware attack in the health-care sector could jeopardize someone’s physical safety and well-being. No one wants to risk their reputation or incur extra fees as a result of an event. This is in addition to the possibility of a health-care data breach. As a result, health-care institutions must be proactive and ensure that they have the appropriate ransomware security measures in place as soon as possible.
