Targeted, sophisticated, and costly – over the past month, several high-profile ransomware attacks have been reported with a specific focus on some of the largest healthcare providers across the world1. With the recent surge in telemedicine adoption due to the COVID-19 as well as the growth of digital healthcare tools, cybersecurity is a real concern for these organizations as they navigate the expanding threat landscape.
When it comes to ransomware, the stakes are especially high for healthcare organizations. Data—specifically, sensitive patient information needed to deliver the best care and safely run these organizations— is a prime target for attackers who use ransomware to steal, encrypt, and hold data for ransom. When these malicious software attacks hit an organization’s server, healthcare organizations are often forced to take their computer systems offline in an effort to stop the spread of the attack, which can ultimately lead to lapses in inpatient care.
We asked two of our VMware Carbon Black security experts to share some insights on the recent ransomware attacks on the healthcare industry. Here’s what they had to say.
Cybercriminals Targeting Healthcare Organizations
“For cybercriminals, the reason behind the attacks is a return on investment,” explains Rick McElroy, Cybersecurity Strategist, VMware Carbon Black. “Whenever a sense of urgency is perceived by the organization, the faster organizations will consider paying the ransom.”
McElroy adds there are two main competing factors that have led to the rise in ransomware in this sector.
“The mission of these organizations is to protect lives and treat patients, so this leaves them more apt to pay fast when something happens. Secondarily, the prioritization of compliance over security and a long digital supply chain has left healthcare organizations vulnerable. This has of course all been compounded by the pandemic and the rapid adoption of new technologies to meet the needs of patients,” says McElroy.
Ransomware: To Pay or Not to Pay?
“Organizations confronted with the reality of a ransomware attack have seemingly few options at their disposal,” says Greg Foss, Senior Cybersecurity Strategist, VMware Carbon Black.
Foss explains that even if the companies pay the ransom, there is “no real guarantee” that the hackers will restore the data. Worse, the criminals may keep the data for resale or further extortion.
“The recent guidelines by the U.S. Department of the Treasury2 highlight issues around sanctions as they have the potential to affect ransomware payments. Payment becomes a risk calculation for the organization in addition to perpetuating the threat of ransomware as a whole,” says Foss.
McElroy added that stolen data often ends up on the dark web. “The dark web is now estimated to be the third-largest economy in the world, according to the World Economic Forum3,” says McElroy. “To combat the business of ransomware, organizations should not pay.”
Organizations hit with ransomware attacks and any firms that help facilitate negotiations with ransomware criminals could now face costly fines from the U.S. federal government if the hackers are already under economic sanctions, according to the new advisory from the guidelines by the U.S. Department of the Treasury2. More and more is being done to discourage ransomware payments in the effort to stop further attacks.
Increased Attacks on the Healthcare Industry During COVID-19
Last month, a ransomware attack hit Düsseldorf University Clinic in Germany crippling the server and encrypting data. With the hospital’s systems down, a patient who was seeking emergency treatment had to be moved to a hospital 20 miles away but died before she could be treated4.
For healthcare organizations, ransomware attacks could mean a matter of life or death for patients. The importance of cybersecurity goes far beyond data protection. Foss elucidates the global social impact these attacks carry.
“With the first death directly associated with ransomware happening recently and the massive impact that the latest ransomware attack will have on United Healthcare Services, we need to consider the larger risk that these types of destructive attacks can have on society as a whole,” says Foss. “These criminal groups are not going anywhere, and in fact, just the opposite is happening, they are growing, expanding, and partnering up to increase their capabilities by making tooling easy and accessible for even those without the technical skill to get involved and begin profiting from ransomware.”
The dark web provides a marketplace for attackers and criminals to communicate, buy, and sell stolen data, illegal access, and attack kits. Foss explains the innovation attackers are using and the increasingly sophisticated advances they are making.
“The exploitation and resale of direct access into corporate networks is exploding,” says Foss on the rise of the dark web. “Attackers are leveraging modular and increasingly more capable malware to maximize profits. Data theft, remote access trojans, credential stuffing, initial access brokers, and more are nothing new to the threat landscape that we have all become accustomed to. However, the dynamic expansion of core capabilities allows for more diversity in their overall operations. This results in new alliances, improved tooling, and collaboration that will further their overall impact and reach.”
Staying One Step Ahead of the Attackers
We can expect ransomware to continue impacting healthcare as cybercriminals look to cash-in on the strained healthcare systems amid the pandemic. Rick McElroy offers his insights on the state of security for healthcare organizations and how they should take a proactive approach to their cybersecurity measures.
“It’s a true struggle for healthcare information security teams,” McElroy says. “They are still underfunded and understaffed. Organizations need to invest in proactive security technologies and humans to locate and disrupt these attackers in their environments in real-time. We are past the point of human safety is an issue. Patient care should not be affected due to a ransomware attack.”
Rick McElroy and Greg Foss are trusted advisors and strategists at VMware Carbon Black addressing industry and cybersecurity challenges. They are focused on empowering security professionals at all levels, advising both leaders and power users, and building trust within the larger security community.
Looking for more insights? Check out the recent “Ask the Howlers”: Global Pandemic Healthcare Cyberattacks (Episode 11).
——
This blog may contain hyperlinks to non-VMware websites that are created and maintained by third parties who are solely responsible for the content on such websites.
1. TechCrunch, “Healthcare giant UHS hit by ransomware attack, sources say,” September 2020
2. The Department of the Treasury, “Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments,” October 2020
3. The World Economic Forum, “Global Risks Report 2020,” January 2020
4. WIRED, “A Patient Dies After a Ransomware Attack Hits a Hospital,” September 2020