It has been reported that three US hospitals have been forced to temporarily close their doors to “all but the most critical new patients” following a ransomware outbreak. This incident was first reported on 1 October with computers at the DCH Regional Medical Center in Tuscaloosa, Fayette Medical Center and Northport Medical Center all infected with ransomware “A criminal is limiting our ability to use our computer systems in exchange for an as-yet-unknown payment,” said DCH Health System.
Offering insight and advice on this story are the following cybersecurity professionals:
Ransomware infections pose a more significant risk to healthcare organisations than entities in many other sectors due to the need for consistent, near real-time access to patient data and the potential for harm to patients should organisations lose access to important files, systems, and devices.
These attacks, which we class as “disruptive and destructive threats” typically fall into two categories – either targeted activity such as ransomware delivered post-compromise or less frequent but widespread nation-state-originated threats like WannaCry that hit poorly secured infrastructure. While no group or individual has taken responsibility for this activity yet, the fact that it is localized to three hospitals in one group suggests this falls into the first category of a targeted attack.
To reduce the impact from ransomware infections, organisations, particularly those that require high availability like hospitals, should have not only have robust backup policies and implementations but also redundant and properly segmented isolated networks (zones) and systems. This could assist in cases where one segment of a network or one set of devices has become compromised, as it could potentially allow other systems and data to remain protected and able to operate in at least a limited capacity during remediation efforts.
The healthcare sector is a target of cybersecurity attacks, and in the worst cases, these can be life-threatening. Indeed the number of hits only seems to be growing as cybercriminals become increasingly targeted and skilled. However, there is a way to mitigate the damage attacks are causing, and it starts with people. IT departments and other professionals on the front lines of such vulnerable sectors as healthcare must always be alert to the evolving threat landscape and prepared to act fast when attacks happen. The only way to do this is by making sure their skills are being sharpened against the latest threat intelligence. And we’re not talking about taking cyber courses twice a year, this has to become a regular habit and one that is instilled as standard practice. People are at the heart of cyber threats and organisational weaknesses. It’s time they’re also seen as a large part of the solution.
The ability for hospitals to provide constantly available care is a foundation of the society we live in, but this also makes them a huge target for hackers with the intent on causing disruption and forcing them into handing over funds. The impact of these latest ransomware attacks is being instantly felt by the public, as they are unable to attend appointments or go to their local hospital. It is vital that we improve protection for these critical services.
Identifying malware and phishing attacks early is critical to mitigating the risk of ransomware attacks, and this is where utilising insight into network traffic can be so valuable. Alongside this, good cyber hygiene is hugely important to improving workforce resilience to an attack, for example, not opening suspicious attachments, or clicking links unless you know they are legitimate. IT teams also need to ensure that system patches are kept up to date and backups are used to enable critical services to be resumed as soon as possible. This layered approach to security is fundamental in the plight against ransomware attacks.
These three hospitals in Alabama have been paralyzed by ransomware, putting lives at risk and causing ambulances to be diverted to other hospitals. Sadly, the targeting of hospitals with ransomware is a growing trend; earlier this week seven hospitals in Australia were also impacted by ransomware. Hospitals are becoming a major target as despite new technology adoption being high, there is often a lack of cybersecurity knowledge, even though health data can be a very lucrative area for cybercriminals. This makes busy hospital staff the perfect targets.
Stories like this really underscore the growing importance of cybersecurity in protecting our physical as well as our virtual worlds. As our kinetic and cyber worlds are becoming increasingly interlinked – whether due to an attack such as this that disrupts vital services, or an attack on a power grid or even a nuclear plant – cyber-attacks now have real-world consequences with hugely dangerous potential impacts. It is vital that there is greater education and that organizations do more to test their defenses against hackers or we will continue to see attacks of this kind.
The fact hackers target hospitals shows they have no remorse for the desperate patients who seek aid. Hospitals contain some of the most sensitive information we have, such as medical records, payment information and other personally identifiable information. Sometimes companies fear to distribute and share these datasets as they are sensitive and processing and storing is highly regulated.
The adaption of a data-centric security approach, protecting sensitive data with pseudonymization technology like tokenization, allows organizations to embrace modern technology like hybrid or multi-cloud computing to distribute infrastructure while still being compliant and secure. This results in more options for fallback and less risk when it comes to ransomware attacks.