The Universal Healthcare Services, which runs 400 hospitals and facilities in the UK and the US, has suffered an outage as a result of a suspected cyber-attack.
Staff working for Universal Healthcare Services, which runs 400 hospitals and facilities in the UK and US, have been left using pen and paper after the firm's entire global IT network was knocked offline in a suspected cyber attack https://t.co/qBY8gKu9Zn
— Telegraph Technology Intelligence (@TelegraphTech) September 29, 2020
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The ransomware attack on Universal Health Services speaks to the cruelty of ransomware operators. While some previously announced they planned to pause attacks on healthcare providers throughout the COVID-19 public health crisis, the volume of attacks in recent months prove this isn’t the case. But, we shouldn’t be surprised – hitting industries like healthcare while they’re vulnerable is par for the course for cybercriminals. That doesn’t mean organizations like UHS can’t fight back, though. Companies should implement proactive data protection, business continuity and disaster recovery protocols to prevent extended IT downtime. These ransomware response plans should tightly integrate data protection with cybersecurity protocols, and backups have to be treated as critical IT infrastructure to ensure they don’t become compromised and irrecoverable. Situations like these easily turn into a life or death, so the importance of protecting critical healthcare data cannot be underestimated.
The suspected ransomware attack against Universal Health Services is just another example of a high-profile cybercrime incident. While few details are available yet, the attack matches a pattern where criminals target high value organizations with little risk of prosecution. Worse, for every high-profile example like this, there are many more that are never reported in the press or, in fact, revealed at all.
We have tools, such as behavioral analytics, that can identify an attack and mitigate it early in the cycle. But organizations still need to do better at protecting their assets, and governments across the world need to do more to prosecute and deter these cybercriminals.
The use of Ryuk Ransomware in the Universal Health Services attack is an interesting pivot for the ransomware operators. Up until recently, Ryuk was used solely to target financial services, but over the last several months Ryuk has been seen targeting manufacturing, oil and gas, and now healthcare. Ryuk is known to target large organizations across industries because it demands a very high ransom. The ransomware operators likely saw UHS as the opportunity to make a quick buck given the urgency to keep operations going, and the monetary loss associated with that downtime could outweigh the ransom demand.
Ryuk Ransomware is run by a group called Wizard Spider, which is known as the Russia-based operator of the TrickBot banking malware. Ryuk is one of the most evasive ransomware out there. Nuspire Intelligence has repeatedly seen the triple threat combo of Ryuk, TrickBot and Emotet to wreak the most damage to a network and harvest the most amount of data.
Cyberattacks that so directly impact human life are particularly sinister and shameful. Especially in the thick of a global pandemic, targeting healthcare institutions undoubtedly puts these sorts of cybercriminals on a different level than even those who have impacted hundreds of millions of consumers in a single act, like we’ve seen at organizations like Equifax, MySpace, and eBay in recent years. Frustratingly, these cybercriminals – whether small hacker groups or well-resourced nation-states – are but 1’s and 0’s in the ether and will likely never be brought to justice for their crimes. As insurmountable as some of these cybersecurity challenges may seem, however, it’s important to remember that cybercriminals most often take the paths of least resistance, and focus on foundational security concepts like privileged access controls, configuration management, end-user education, and patch management can have a tremendous impact on an organization’s resiliency to cyberattacks of all kinds.
Ransomware attacks often have collateral damage and impact beyond the ransom. When hospitals and healthcare providers are attacked, we\’ve unfortunately learned the lesson that patient lives can be put in danger as witnessed a few weeks ago. While the impact of the UHS incident is currently unknown, millions of patients are served yearly and their care could be at risk.
A proactive and threat-informed approach to security strategy that produces evidence of ransomware defense is crucial for these organizations. Being able to demonstrate which defenses are effective against the common tactics, techniques and procedures used by the adversary allows for a program to be implemented – and improved with automated solutions that continuously test that program over time.