Joe Robertson, EMEA Field CISO at Fortinet, explores how ransomware attacks are increasing in healthcare and what organisations can do to protect themselves
Ransomware attacks are on the rise. After a surge in remote working and with employees accessing organisational networks in ways that aren’t always perfectly secured, cybercrime has spiked over the past few months as malicious parties have taken advantage of the sudden move to life in lockdown. Opportunistic hackers have found a particularly tender target to focus on: hospitals and healthcare providers.
Of all the industries to attack, why healthcare in particular? While all organisations suffer when cybercrime strikes, with lives at stake cybercriminals know hospitals can’t afford any downtime. This means those in the industry are likely to be willing to meet ransom demands in order to resume service as soon as possible, despite government guidance often being to do the opposite. And that’s not the only reason why hospitals are particularly appealing victims.
The main element that makes hospitals such a tantalising target is the value of healthcare records on the dark web. Stolen records can sell for as much as $1,000 each. Compare this to credit card numbers, which tend to have a price tag of around $5, and it’s easy to see why hackers have hospitals in their crosshairs. Once a piece of ransomware has penetrated the network, it can run amok and take down the entire system if appropriate measures aren’t in place. Thankfully, there are many defences that can be deployed to protect the system. But getting this support in place can be difficult.
Despite the wide variety of tools on the market to help limit the impact of malicious attacks such as ransomware, hospitals, like most organisations, often have difficulty in identifying where to invest their limited resources to extract the biggest benefit. Justifying expensive security measures when assessing budgets can be tough, as security systems can’t provide a solid prediction when it comes to return on investment. Attempting to cost-justify a loss that may or may not happen can be complicated, especially when management, politicians, and the general public might not understand the intricacies involved. No organisation, whether public sector or private, wants to be vulnerable – and they don’t have to be, either. It’s a matter of making the most of the budget they have, and deploying financial resources, whether big or small, in the right direction. So, which security measures should be prioritised for investment?
Even though ransomware isn’t necessarily more sophisticated than another form of malware, it continues to be a form that is commonly used by attackers. In addition to ensuring that data backups are timely, complete, and secure off-site, hospitals should consider a layered security strategy that consists of prevention, detection and response technologies appropriately deployed across all possible points of entry.
Network level technologies such as Intrusion Prevention (IPS) and anti-virus (AV) are just some of the prevention technologies to consider. Other specific options include a secure email gateway (SEG) as email is still one of the most prevalent points of entry, and protection for web applications with a web application firewall (WAF). With a viable prevention layer in place, key detection technologies such as endpoint detection and response (EDR) and sandboxing can be deployed. To help ensure that only authorized users and devices can access the network, network access control (NAC) is a perfect complement to supporting remote workers. It’s also important to consider integrating a security information and event management (SIEM) solution to provide live analysis of security threats combined with data from across the organisation’s entire architecture – or, alternatively, cross-layered detection and response (XDR), which collects data from all security layers and correlates it to prevent the same threats affecting different areas.
By taking a multi-layered approach, not only is the threat of malware entering the network minimised, it is also prevented from doing harm if it does.
However, even with the best protection in the world, it’s important to remember that around 99% of attacks require human error to gain access to an organisation’s network. Hackers rely on users clicking a link, downloading a file, or inadvertently divulging information like passwords, so cyber-hygiene training has become just as crucial as medical hygiene. With a workforce armed with knowledge of what to avoid and when to think twice, an organization is halfway to solid security.
Soon to be secure
As digital growth in healthcare continues thanks to services like connected medicine and video consultation, the sector is more efficient and accessible than ever before. However, this means that securing the underlying network and all of the connected systems and devices is more important than ever. Hospitals should be looking for automated, integrated, global cybersecurity approaches from vendors who understand the unique concerns of the field – especially as 5G and IoT continue to grow in popularity.
Getting these protections in place doesn’t have to absorb the bulk of a hospital’s budget or require extensive technical knowledge – but it does require the right support and a proactive mindset. After all, as every healthcare professional knows, prevention is always better than cure.