During the first half of 2020, at least 41 hospitals and other healthcare providers were successfully attacked by malware, according to a report released by the New Zealand-based software firm Emsisoft. These types of attacks usually are aimed at holding data hostage through encryption unless ransoms are paid or perhaps extorting money by threatening to make the data available on the internet.
The Emsisoft report found there was a significant decline in malware attacks after the pandemic hit, which was a surprise, according to Brett Callow, a threat analyst for the organization. But the trend appears to be reversing, with a slight uptick in May and June. Data are now stolen in about 10% of malware attacks, Callow said.
Threats to Release Data
“Groups use the threat of releasing the data or auctioning the data as additional leverage to extort payment,” he said. “And the most you can hope to receive is a pinky promise that the stolen data will be deleted, but why would criminals delete something that they can make money with?”
Many people believe ransomware attacks are instantaneous, with files getting encrypted when someone clicks on a link. But hackers typically have access for days or even months before they deploy the ransomware, Callow said. During that time, they amass credentials needed to move through the network and steal data. When they have enough, they start encrypting files.
“Organizations should be assuming their perimeters will be breached, so they should have tools in place to monitor networks for early signs of compromise,” Callow said. “Aside from that, it’s really a matter of strictly abiding by well-established best practices.”
Improperly secured servers account for about half of breaches, according to Callow. This means providers need to stay abreast of software patches and use multi-factor authentication when possible. Weak passwords are “horrifyingly common,” he said. There should be complexity requirements and/or frequent password changes required in any organization, Callow said.
Another option is to have a security operations center and/or specialized software that monitors inflow and outflow of traffic in a network, said Rich Curtiss, director of healthcare risk assurance services at Coalfire, a cybersecurity firm with headquarters in Westminster, Colorado. This would detect, for instance, if a Romanian IP address was remotely accessing a system at 2 a.m., when most medical practices or facilities in the United States would be closed.
Ransomware is the worst kind of computer threat that healthcare organizations face, “and it requires additional security to mitigate the intrusion and the exfiltration of data from the networks,” Curtiss said. “HIPAA already requires these things, it’s just that healthcare isn’t very good about making information security and cyber risk management a priority.”
“The better you get, the better they get,” Curtiss said. “It’s a cat and mouse game, and too often the 2 sides aren’t playing the same game.”
Instead of treating cybersecurity as a cost center, organizations should consider it a business enabler and critical to their clinical operations, he said.
This article originally appeared on Renal and Urology News