Healthcare facing increased risk of ransomware attacks
The computer systems at Universal Health Services, which runs approximately 400 hospitals and care centres across the United States and the United Kingdom, recently experienced a massive ransomware attack, making it one of the largest medical cyber attacks in US history.
The number of ransomware attacks has grown significantly over the past few months, as cyber criminals look to cash in on security vulnerabilities emerging as a result of increased remote work practices.
The golden age of ransomware attacks
In early April, near the start of the global pandemic, INTERPOL warned that it had detected a significant increase in ransomware attacks against hospitals and medical services engaged in the virus response. The following month, Fresenius, Europe's largest private hospital operator that employs nearly 300,000 people across more than 100 countries, was hit with a ransomware attack on its technology systems. Hackers reportedly utilised the Snake ransomware to attack Fresenius. In September, police in Germany launched a homicide investigation after the death of a woman who was transferred to another hospital following a ransomware attack.
Meanwhile, the World Health Organization (WHO) revealed that it was experiencing double the usual number of cyber attacks against its systems, including hackers running malicious sites impersonating the WHO’s internal email system.
Ransomware is a type of malicious software that spreads across computer networks, encrypting files and demanding payment for a key to decrypt them. It’s become a common tactic for hackers, though attacks of this scale against medical facilities aren’t common.
“Not only has the number of ransomware attacks increased, but ransomware itself has evolved, with some of the most popular forms disappearing and new forms emerging. In some cases, these are even more disruptive and damaging,” said Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams.
Putting patients’ safety at risk
A computer virus could put people in serious danger if the target is a healthcare facility. Experts say old machines and outdated software at hospitals have contributed to the spread of ransomware. If the situation doesn’t improve, it could put patients’ safety into further jeopardy.
“The consequences can be grave. If an attack happens in the middle of a surgery, whatever machines are being used could go down, forcing medical staff to fall back on manual methods,” commented the NordVPN Teams expert. ‘“MRI machines, ventilators, and some types of microscopes - are computers too. Just like our laptops, those computers come with software that the developers have to support. When the machines become old and outdated, the people who made them might stop supporting them. That means that old software can become vulnerable to attacks."
In many cases, hackers threaten to leak the data they've stolen if the victim doesn't pay a ransom - something that might strike fear and pressure victims to give into the extortion demands.
Patient records can sell for up to $1,000 on the black market due to the amount of information found in the documents, including date of birth, credit card information, Social Security number, address and email. Social Security numbers can be purchased for as little as $1, and credit card information sells for up to $110.
Therefore, there should be a two-pronged approach - one that allows the organisation to protect everything and also achieve HIPAA compliance. Attacks don’t just expose data, but also open the organisation up to HIPAA and GDPR violations and fines, according to a global research and advisory firm Gartner.
As governments around the world attempt to address the public health crisis and contain the spread of COVID-19, there is a big chance criminals will continue to exploit this chaos, triggering subsequent spikes in cyber attacks against healthcare institutions. According to Ms. Gurinaviciute, healthcare organisations, especially those that run outdated technology, should expect these kinds of attacks to continue happening around the globe.
7 steps to protect organisation’s data
Cyber security doesn’t concern large hospitals or medical institutions exclusively, and general precautions should be taken in the medical industry regardless of institution size.
NordVPN Teams experts suggest starting with the following:
1. Updates. Ensuring security patches are applied as soon as possible helps prevent hackers from exploiting known vulnerabilities that help them gain a foothold in the network.
2. Multi-factor authentication. Multi-factor authentication across the ecosystem can prevent hackers from moving across the network and gaining additional controls.
3. Regular backups. Organisations should also regularly back up their systems, as well as test those backups on a regular basis as part of a recovery plan. If the worst happens and ransomware does infiltrate the network, there's a known method of restoring it without the need to pay ransom to cyber criminals.
4. Audits. Hospitals should conduct regular audits of their machines and segment their networks, so if one piece of the network is compromised, it doesn't spread throughout the entire system.
5. Remote access. Only secure Virtual Private Network (VPN) connectivity should be allowed for remote access. In addition, only whitelisted IP addresses or device IDs should be allowed to access systems, as this will allow access to authorised users only.
6. Treat every email with zero trust. Because of the remote work environment, the amount of information exchanged over the internet through virtual conferences and emails has skyrocketed. Establish a process that enables employees to report anything suspicious, and share regular updates and information about phishing emails.
7. Security training. General security policies need to be drawn up and implemented, and staff have to be appropriately trained ad-hoc, whether remotely or in person.