Costa Rica Public Health Service Ransomware Attack

Costa Rica’s public health service, known as the Costa Rican Social Security Fund (CCSS), has been forced to take its systems offline after being hit by Hive ransomware.

Subscribe
Notify of
guest

3 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Max Vetter
InfoSec Expert
June 2, 2022 1:14 pm

As ransomware gangs continue to target Costa Rica with a vengeance, it is perhaps unsurprising that, following a HIVE ransomware attack, all computer systems on its public health service were taken offline. Attackers gained access to its network in the early hours of Tuesday morning. Employees were allegedly told to shut down their computers and unplug them from the networks amidst the ensuing havoc.

This response could hint at the unpreparedness of organisations that have limited plans in place should a cyber attack hit. Ransomware attacks are what we refer to as ‘wicked problems’ – ones with no clear ‘right answer’. This is the reason that recent research by Immersive Labs highlights that 18% of government organisations resort to paying the ransom in attack simulations. The healthcare sector is particularly vulnerable to ransomware, partly due to the sensitive nature of the data it holds. But in our research, it was the worst performing industry in terms of cyber crisis response by some margin, with a score of just 18%. This needs to change.

Cybersecurity is no longer an issue for IT teams alone; remaining resilient in such a high-paced threat environment requires the optimisation of human cyber knowledge, skills, and judgement across the entire organisations when it comes to preparing for, responding to, and remediating against cyber threats. When it comes to crisis planning, all departments should be rolled into incident response plans from the start – and not left as an afterthought. Had this been the case here, the consequent chaos and shutdown of operations could have been reduced if not prevented entirely.

Keith Neilson
Keith Neilson
InfoSec Expert
June 2, 2022 1:12 pm

There is no easy technology solution to prevent ransomware, but lack of visibility and poor adherence to a security policy will result in manual errors and misconfigurations, which can increase the attack surface. Organisations need strong, consistent policy and rules to tighten their network security posture. It’s also important to segment the network into different zones so that access privileges are minimized, which ensures that only those who are permitted have access to the data they need. This limits the exposure that an attacker would have in the event that the network is breached and provides visibility, compliance, and security.

Keith Neilson
Keith Neilson
InfoSec Expert
June 2, 2022 1:10 pm

Ransomware gangs are increasingly targeting government organizations, and with Russian leaders refusing to prosecute the REvil gang following the largest ever U.S. ransomware attack on Kaseya last year, cybercrime isn’t expected to let up any time soon. Now more than ever, government organizations entrusted with the collection and storage of highly sensitive data have a responsibility to be hypervigilant in their security and governance practices. 
This attack on Costa Rica’s public health agency serves as a reminder that a comprehensive cybersecurity strategy begins with cyber asset management. To properly secure sensitive data, organizations must take the first step of cyber asset management by discovering all cyber assets hosted within the IT environment. Without a comprehensive inventory of these cyber assets, organizations have no way of detecting potential risk points for a ransomware attack (let alone remediating them) until it is too late. Once all cyber assets are accounted for, IT leaders can establish clear, real-time visibility of the attack surface and effectively implement security guardrails across the entire IT landscape.

Information Security Buzz
3
0
Would love your thoughts, please comment.x
()
x