By Adam Burns
The pandemic has stretched healthcare facilities around the world to breaking point over the last 18 months, and even beyond it in some cases. However, while Covid-19 has presented a very real and present threat to healthcare systems, an even more sinister threat has been growing in the background. Recent research suggests there’s been a massive jump in the number of criminals targeting the sector with cyberattacks since the pandemic began, in an attempt to quickly profit from the sector’s current predicament.
A callous disregard for healthcare organizations and their patients
Ask any cybersecurity expert and they will tell you that cybercriminals are extremely opportunistic, going after victims they feel present the highest potential rewards for the risk/effort required. Unfortunately, recent global events mean that healthcare is firmly in their crosshairs. Primary care centers like hospitals simply can’t afford to be locked out of crucial patient care records at any time, let alone during a pandemic. As such, the likelihood of a rapid ransomware pay-out is extremely high. Couple that with the fact that many healthcare employees are completely worn out by the fight against Covid, meaning they are more likely to succumb to social engineering attempts or click on compromised email links, which is precisely what cybercriminals need to initiate an attack.
As if that wasn’t enough, years of stretched healthcare budgets means that many organizations are reliant on outdated IT systems and infrastructure that lacks the latest security protection needed to keep the latest cyber-attacks out. To put it bluntly, the combination of these factors makes them ideal targets for criminals looking to make fast money, however cruel or unjust it may be.
How can defenses be strengthened?
Fortunately, in response to this growing problem, much of the cybersecurity industry has rallied around the healthcare sector to help shore up flagging defenses against the growing amount of ransomware out there. For example, many advanced threat protection providers are now offering free solution updates to help customers quickly detect the tell-tale signs of particularly nasty new ransomware like Ryuk. These signs include deletion of volume shadow copies, unauthorized mass editing of files, and attempts to connect with known ransomware infrastructure.
In addition to this, there are multiple other cost-effective steps that organizations can take to minimize the chance of being targeted with an attack, or limit the damage caused should an attack take place. Three great examples are as follows:
1. Educate employees with regular cyber security training
Simply put, employees are every organization’s first and strongest line of defense against cyber-crime. This is because even the most advanced cyber-attacks still rely on primitive methods to gain access to a target network in the first place. Examples of this include social engineering and spear-phishing, both of which rely on fooling or convincing targeted victims to do something they shouldn’t, like clicking on an infected link or opening a suspicious email attachment. When employees are well trained and vigilant, this kind of attempted manipulation can be easily spotted and flagged to security teams, stopping cyber-attacks in their tracks.
It’s important to remember that criminals can target individuals at every level of the company, not just new joiners, or those with the highest perceived levels of security clearance. As such, any training needs to encompass everyone with access to the IT network, not just a select few.
2. Keep all software up to date with the latest security patches
We’ve all dismissed notifications asking us to install new software updates, particularly when we’re in the middle of a time-critical job. However, these patches contain critical security updates that address vulnerabilities and protect against newly discovered threats like Ryuk. Installing them costs nothing more than a few minutes and the protection offered is immediate, which makes continuously putting such tasks off a reckless thing to do. Regular security training is a great way to keep the importance of such updates top of mind for employees and ensure they aren’t unintentionally putting company security at risk through inactivity.
3. Maintain secure backups of all critical company and system data
Many ransomware programs will try to locate and erase company data backups as part of their execution, which, if successful, gives attackers a huge amount of leverage over their victims. To prevent this, it’s extremely prudent to maintain secure backups away from the main network, where ransomware will be unable to locate it. That way, if the worst were to happen, there will always be a way to restore critical information. Just remember, the older the backups, the bigger the setback it can cause, so back up frequently.
The idea of attacking healthcare organizations and holding them to ransom for profit during a pandemic may seem despicable to most people, but sadly most cybercriminals don’t share the same moral compass as the rest of us. Rather than waiting to become a victim, it is far more effective to plan ahead and put the necessary steps in place to mitigate damage in the event of an attack. Many of the most effective measures are also extremely cost-effective, meaning strong defenses don’t need to cost the earth.
About the author
Adam Burns is the Director of Cybersecurity at Digital Guardian and an expert in cybersecurity, specifically threat detection and protection. He graduated from Wentworth Institute of Technology (WIT) with a Major in Computer Networking and a Minor in Computer Science, and subsequently worked as a Systems Engineer at Kaspersky Lab, where his interest in security was born. He has been in his current role at Digital Guardian for over seven years.