Ransomware in Hospitals and Health Care: A Preventable Epidemic
By BUFFERZONE Team, 24/08/2021
The recent epidemic of targeted ransomware attacks against hospitals and other healthcare providers should concern anyone involved in these institutions’ information security. However, a vaccine is available.
Pathology: The Nature of the Threat
Ransomware attacks on the health care industry have significantly increased recently.
According to a research report by Ipsos, the world’s third largest research agency, 48% of responding hospital executives reported either a forced or proactive shutdown in the last 6 months as a result of external attacks or queries.
According to a recent U.S. Department of Health and Human Services (HHS) CyberSecurity Program report:
- 34% of healthcare organizations worldwide were hit by ransomware in the last year
- In over two thirds of ransomware attacks (as tracked in the first five months of 2021), victim data is leaked.
- The average bill for rectifying a ransomware attack – considering downtime, people time, device cost, network cost, lost opportunity, and ransom paid – was $1.27 million.
The escalation is not just in scope, but also in form. Instead of the familiar automatically self-spreading malware,
we have human-controlled, targeted attacks that make intelligent use of known and discovered information about selected targets’ assets and vulnerabilities.
Health care is one of the industries most targeted by ransomware, due to the combination of:
- High sensitivity of targeted data.
Besides business-oriented data, leakage of patient records is not only damaging to the patients but can result in
- Potential severity of system downtime ramifications.
For hospitals and other health care providers, inability to access patient records and other systems can negatively impact actual health care. Especially in these times of overloaded resources due to the COVID pandemic, dealing with
a ransomware attack could push a provider under stress to the breaking point.
- Relative lack of focus on information security.
All industries prefer to focus financial resources and energies on core business than on maintaining information technology and security, but this is even more so in the highly service-oriented health industry.
According to the Ipsos report mentioned above, less than 11% of hospital IT teams say cybersecurity is a high priority spend. And when asked about common vulnerabilities such as BlueKeep, WannaCry and NotPetya, the majority of respondents said their hospitals were unprotected.
Clinical Guidelines: Common Recommendations for Preventing Ransomware Attacks
Typical strategies for coping with the risk of ransomware attacks consist of general guidelines for reducing risk of malware infection via various possible attack vectors. For example, the above-mentioned HHS report quotes a general 11-point mitigations list from the U.S. government Cybersecurity & Infrastructure Security Agency (CISA), including access controls such as multi-factor authentication and Remote Desktop restriction, user training on phishing, and various types of filtering, patching, and malware scanning.
Needless to say, this is not exactly a focused, reliable strategy for preventing ransomware attacks. Ransomware can arrive via many different attack vectors, may act in different ways, and can be constantly changing form, making it difficult to block or identify by traditional methods. Relying on these traditional measures does not make for a positive prognosis.
Immunize with BUFFERZONE
Preemptive containment and isolation can enable healthcare providers, like other types of security-conscious organizations, get ahead of the ransomware pandemic. BUFFERZONE provides such a solution.
BUFFERZONE creates a virtual container on organizational endpoints, and all processes that could access external, untrusted sources such as the internet are kept in the container, along with any data they download or save. At the same time, only uncontained processes can access trusted native endpoint and organizational files and other resources. The container is periodically wiped clean. So, even if ransomware does reach an endpoint, it can only encrypt recently downloaded files, for a short time, and is unable to do any real damage.
U.S. Department of Health and Human Services (HHS) CyberSecurity Program, Ransomware Trends 2021, on hhs.gov , June 3rd 2021
U.S. government Cybersecurity & Infrastructure Security Agency (CISA), Alert (AA21-131A): DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks, on us-cert.cisa.gov , May 11th (revised July 8th) 2021
Ipsos, Perspectives in Healthcare Security, on cybermdx.com , summer 2021