On Sunday, Universal Health Services, one of the largest healthcare providers in the US, was hit by a ransomware attack. UHS published a statement on Monday, saying its IT network “is currently offline, due to an IT security issue.”
UHS has 400 hospitals and healthcare facilities in the US and UK. According to reports, UHS employees have said the ransomware has the hallmarks of Ryuk, linked to a Russian cybercrime group known as Wizard Spider.
More information: https://techcrunch.com/2020/
Even during a pandemic, ransomware distributors continue to take advantage of the healthcare industry while medical professionals are continuously working hard to slow down the contagion and save lives. Cybercriminal gangs only care about one thing; to profit even at the greatest expense of all. Some ransomware developers have signaled to the industry that they would not target healthcare facilities to show some sign of empathy, however, these statements are clearly non-binding and will continue. These actions should only further enforce the requirement for all businesses running computing technology that support health services to implement controls and technology that actually work to prevent the spread of ransomware or any other form of cyberattack that disrupts operations.
The Ryuk Ransomware, which is believed to be associated with the UHS attack, is commonly delivered via email from phishing links or attachments. There are a myriad of controls that could stop this from email filtering, end-user security awareness, patching devices, endpoint protection platforms, to anti-virus. Hospitals need to fund cybersecurity programs more appropriately with a focus on gaining the right level of visibility across the environment and providing regular training to staff given the amount of responsibility they have on keeping patients safe. Not to mention protecting sensitive data and PII information which inevitably becomes a primary target in soliciting payment.