Experts Reacted On Universal Healthcare Services Cyber Attack

The Universal Healthcare Services, which runs 400 hospitals and facilities in the UK and the US, has suffered an outage as a result of a suspected cyber-attack.

Experts Comments

September 29, 2020
Sam Roguine
Backup, DR and Ransomware Prevention Evangelist
Arcserve
The ransomware attack on Universal Health Services speaks to the cruelty of ransomware operators. While some previously announced they planned to pause attacks on healthcare providers throughout the COVID-19 public health crisis, the volume of attacks in recent months prove this isn’t the case. But, we shouldn’t be surprised – hitting industries like healthcare while they’re vulnerable is par for the course for cybercriminals. That doesn’t mean organizations like UHS can’t fight.....Read More
The ransomware attack on Universal Health Services speaks to the cruelty of ransomware operators. While some previously announced they planned to pause attacks on healthcare providers throughout the COVID-19 public health crisis, the volume of attacks in recent months prove this isn’t the case. But, we shouldn’t be surprised – hitting industries like healthcare while they’re vulnerable is par for the course for cybercriminals. That doesn’t mean organizations like UHS can’t fight back, though. Companies should implement proactive data protection, business continuity and disaster recovery protocols to prevent extended IT downtime. These ransomware response plans should tightly integrate data protection with cybersecurity protocols, and backups have to be treated as critical IT infrastructure to ensure they don’t become compromised and irrecoverable. Situations like these easily turn into a life or death, so the importance of protecting critical healthcare data cannot be underestimated.  Read Less
September 29, 2020
Anthony Chadd
Global SVP
Neustar
In the early days of the pandemic, some ransomware syndicates publicly announced they would stop all activity against medical organisations until a stabilisation of the coronavirus situation. Clearly, that ceasefire has now ended. Over the past few years, ransomware attacks have only become easier to launch, and attackers increasingly are targeting healthcare organisations where cyber defenses may be less sophisticated and employees less savvy about how to spot threats. While providers.....Read More
In the early days of the pandemic, some ransomware syndicates publicly announced they would stop all activity against medical organisations until a stabilisation of the coronavirus situation. Clearly, that ceasefire has now ended. Over the past few years, ransomware attacks have only become easier to launch, and attackers increasingly are targeting healthcare organisations where cyber defenses may be less sophisticated and employees less savvy about how to spot threats. While providers typically have strong cybersecurity protections in place, many lack a mature cyber response plan and even sophisticated organisations may not have the resources and expertise needed to initiate a successful recovery process. There have been several examples of attacks against small providers and practices that caused them to permanently close their doors after attackers encrypted and destroyed servers containing vital data and backup hard drives. Attackers rightly recognise ransomware as an easy, effective way to garner financial gain. This dynamic is exacerbated by organisations that opt to pay the ransom — which perpetuates this cycle and leads to more attacks. Additionally, with IoT devices increasingly finding their way into all levels of healthcare, security and IT administrators must be aware of the risks they pose – and understand how the new threat vectors opened up by connected devices can potentially be exploited by attackers to harm the organisation. The IoT has essentially been built on top of infrastructure that is fundamentally vulnerable to cyber threats – the Internet was not initially created with security in mind. To avoid becoming a target, healthcare organisations must be proactive in their approach to cybersecurity and make it a priority to safeguard all IoT-based systems. The loopholes are numerous, and many healthcare organisations lack the resources and manpower required to manage the kinds of dynamic threats they might face. They must manage a mix of IoT devices, cloud-based apps and legacy systems that require regular patching and updating. This often includes connected equipment running on Windows – devices that can be easily overlooked during an IT audit. Many organisations simply don’t have the level of manpower required to oversee a robust cybersecurity program. Healthcare organisations face an uphill battle to protect themselves from the kinds of dynamic threats they face.  Read Less
September 29, 2020
Saryu Nayyar
CEO
Gurucul
The suspected ransomware attack against Universal Health Services is just another example of a high-profile cybercrime incident. While few details are available yet, the attack matches a pattern where criminals target high value organizations with little risk of prosecution. Worse, for every high-profile example like this, there are many more that are never reported in the press or, in fact, revealed at all. We have tools, such as behavioral analytics, that can identify an attack and mitigate.....Read More
The suspected ransomware attack against Universal Health Services is just another example of a high-profile cybercrime incident. While few details are available yet, the attack matches a pattern where criminals target high value organizations with little risk of prosecution. Worse, for every high-profile example like this, there are many more that are never reported in the press or, in fact, revealed at all. We have tools, such as behavioral analytics, that can identify an attack and mitigate it early in the cycle. But organizations still need to do better at protecting their assets, and governments across the world need to do more to prosecute and deter these cybercriminals.  Read Less
September 29, 2020
Justin Heard
Director of the Security Intelligence and Analytics
Nuspire
The use of Ryuk Ransomware in the Universal Health Services attack is an interesting pivot for the ransomware operators. Up until recently, Ryuk was used solely to target financial services, but over the last several months Ryuk has been seen targeting manufacturing, oil and gas, and now healthcare. Ryuk is known to target large organizations across industries because it demands a very high ransom. The ransomware operators likely saw UHS as the opportunity to make a quick buck given the urgency .....Read More
The use of Ryuk Ransomware in the Universal Health Services attack is an interesting pivot for the ransomware operators. Up until recently, Ryuk was used solely to target financial services, but over the last several months Ryuk has been seen targeting manufacturing, oil and gas, and now healthcare. Ryuk is known to target large organizations across industries because it demands a very high ransom. The ransomware operators likely saw UHS as the opportunity to make a quick buck given the urgency to keep operations going, and the monetary loss associated with that downtime could outweigh the ransom demand. Ryuk Ransomware is run by a group called Wizard Spider, which is known as the Russia-based operator of the TrickBot banking malware. Ryuk is one of the most evasive ransomware out there. Nuspire Intelligence has repeatedly seen the triple threat combo of Ryuk, TrickBot and Emotet to wreak the most damage to a network and harvest the most amount of data.  Read Less
September 29, 2020
Adam Laub
CMO
STEALTHbits Technologies
Cyberattacks that so directly impact human life are particularly sinister and shameful. Especially in the thick of a global pandemic, targeting healthcare institutions undoubtedly puts these sorts of cybercriminals on a different level than even those who have impacted hundreds of millions of consumers in a single act, like we’ve seen at organizations like Equifax, MySpace, and eBay in recent years. Frustratingly, these cybercriminals – whether small hacker groups or well-resourced.....Read More
Cyberattacks that so directly impact human life are particularly sinister and shameful. Especially in the thick of a global pandemic, targeting healthcare institutions undoubtedly puts these sorts of cybercriminals on a different level than even those who have impacted hundreds of millions of consumers in a single act, like we’ve seen at organizations like Equifax, MySpace, and eBay in recent years. Frustratingly, these cybercriminals – whether small hacker groups or well-resourced nation-states – are but 1’s and 0’s in the ether and will likely never be brought to justice for their crimes. As insurmountable as some of these cybersecurity challenges may seem, however, it’s important to remember that cybercriminals most often take the paths of least resistance, and focus on foundational security concepts like privileged access controls, configuration management, end-user education, and patch management can have a tremendous impact on an organization’s resiliency to cyberattacks of all kinds.  Read Less
September 29, 2020
Mark Bagley
VP, Product Management
AttackIQ
Ransomware attacks often have collateral damage and impact beyond the ransom. When hospitals and healthcare providers are attacked, we've unfortunately learned the lesson that patient lives can be put in danger as witnessed a few weeks ago. While the impact of the UHS incident is currently unknown, millions of patients are served yearly and their care could be at risk. A proactive and threat-informed approach to security strategy that produces evidence of ransomware defense is crucial for.....Read More
Ransomware attacks often have collateral damage and impact beyond the ransom. When hospitals and healthcare providers are attacked, we've unfortunately learned the lesson that patient lives can be put in danger as witnessed a few weeks ago. While the impact of the UHS incident is currently unknown, millions of patients are served yearly and their care could be at risk. A proactive and threat-informed approach to security strategy that produces evidence of ransomware defense is crucial for these organizations. Being able to demonstrate which defenses are effective against the common tactics, techniques and procedures used by the adversary allows for a program to be implemented - and improved with automated solutions that continuously test that program over time.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.