It has been reported that Brazilian medical diagnostic company Grupo Fleury has suffered a ransomware attack that has disrupted business operations after the company took its systems offline. Grupo Fleury is the largest medical diagnostics company in Brazil, with over 200 service centers and more than 10,000 employees. The company performs approximately 75 million clinical exams in a year. Starting yesterday, the Fleury website began displaying an alert warning that they suffered an attack and that systems are no longer accessible.
<p>Healthcare organisations are under increasing attack from ransomware groups as healthcare data is a valuable commodity on the Dark Web. Unfortunately, healthcare organisations are a popular target for hackers as them having the right patient care information available is a matter of life and death, so they are more likely to pay the ransom demand. </p>
<p>Whether the ransom is paid or not, the current generation of ransomware steals the targeted healthcare and patient information before applying encryption to the target’s data systems. This means that a successful ransomware attack gives hackers access to large amounts of highly valuable healthcare and patient data, which they can then sell on the dark web.</p>
<p>For attackers this is a win-win scenario; they either succeed in getting a lucrative ransom payday or they end up with a valuable resource to sell on the dark web – if not both.</p>
<p>Too often healthcare organisations have old, outdated or limited security resources, which only gives hackers a clear entry point for attacks.</p>
<p style=\"font-weight: 400;\">Cyberattacks that disable medical facilities and weaponize stolen medical records are unconscionable when the uptime of every care facility and accuracy of every health record determines whether lives are saved and impacted. The sheer volume of attacks can often feel overwhelming and monetary gain is at the core of most attacks – through ransom demands, or by selling stolen data on illicit platforms. </p>
<p style=\"font-weight: 400;\">Going forward, this type of breach is likely something we are going to see more of and need to better prepare for, especially as some groups have been known to also publicly shame specific individuals involved. We are now moving towards blackmail that goes beyond victimising companies but also individuals and human beings, which will have resounding affects. As always, continuous web scanning is essential to quickly identify and plug data leaks to minimize operational downtimes and ultimately save lives. </p>
<p>Ransomware will remain a global cyber security threat during 2021 and the associated risk of this threat materializing will be more prevalent for certain industries particularly in healthcare.</p>
<p>Cybercrime is a business so all should think of it the same way. Out of all the various types of cyber crime activities ransomware is the one activity that has a high direct return of investment associated with it, by holding the victims ransom for financial payment. Taking the global economic environment and current market conditions into consideration cyber criminals will of course continue to focus on their efforts to this revenue generating stream. During 2021 we are likely to see cyber criminal individuals and groups partner together to try maximize their return of investment with their attacks. This could be targeting high-value individuals and/or large enterprise organizations.</p>
<p>I also envision we will see an increase in insider threat being used as a support vehicle to execute ransomware attacks. The most obvious vehicle to play out this attack is via an employee clicking on phishing links. Forrester predicts that employees will be responsible for 33% of breaches in 2021. A comprehensive security program incorporates the measurement and management of accidental behavior activity to constant risky behavior and/or activities.</p>
<p>Remember that your employees are your most valuable assets both from a security threat awareness perspective but too provide valuable insights into the pulse and culture of the organization so it\’s important to keep close eye on the ground. The key message here is no one or industry is exempt from the ransomware threat and it requires constant focus, assessment and review to ensure you and your critical information assets remain safeguarded and protected against it.</p>
<p>The Healthcare industry and healthcare supply chain are both one of the top three targeted sectors worldwide. Additionally, REvil are launching a lot of attacks at the moment, having hit a maritime organisation in Brazil earlier this month.</p>
<p>At the moment it looks like REvil are only accepting payment in Monero coin (XMR) which is a fully fungible currency, this may be a reaction to the confiscation of the DarkSide Bitcion wallets in May. With a revenue of $500 million USD, the victim would also classify as \"big game”, and therefore considered more likely to make a ransom payment.</p>
<p>Throughout the pandemic, we have seen cybercriminals prey on the most vulnerable of organisations in a bid to extort and exploit them, with healthcare facilities being no exception. All healthcare organisations have been a prime target for criminal groups as they hold a multitude of sensitive and highly valuable data such as patients names, dates of birth, and home addresses. Once a healthcare organisation is breached a ransomware group is then able to access the organisation’s data and threaten to leak it if a ransom is not paid.</p>
<p>Although this has not been confirmed as a ransomware attack, sources have suggested it most likely is. If this is the case the organisation should enlist the help of experts who can advise on the best action to take, which will largely depend on the data that has been stolen and the ransom demanded. Preparation is key when trying to limit the damages of ransomware attacks. Having a strong resilience plan in place is one of the best ways to prepare for attacks. This allows organisations to rehearse their mitigation efforts and know exactly how to respond when they get attacked and the amount of loss they are likely to face – leaving no unwanted surprises.</p>