theDocumentId => 748484 Healthcare Industry Still in Ransomware Crosshairs

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Ransomware

12/27/2018
09:15 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt
50%
50%

Healthcare Industry Still in Ransomware Crosshairs

A report by Kaspersky researchers has found that healthcare organizations in the US and Canada are still at heightened risk of ransomware attacks.

Healthcare facilities in the US and Canada continue to find themselves under siege from bad actors targeting them with ransomware attacks, according to researchers with Kaspersky Lab.

Overall, 27% of healthcare IT workers in North America report that their organizations had been hit with a ransomware attack within the past year, and of those workers, 85% of Canadians and 78% of Americans said there had been up to five ransomware attacks in the past five years or more, according to a survey commissioned by the cybersecurity vendor.

In addition, 33% report that these cyber attacks had happened more than once.

The study, "The State of Cybersecurity in Healthcare," paints a picture of an industry that not only holds massive amounts of the type of personal information attackers want but also of one that is not learning from past mistakes.

(Source: Pixabay)
(Source: Pixabay)

"There are a number of reasons that the healthcare industry seems to be hit by cyber attacks often, and particularly ransomware," Rob Cataldo, vice president of enterprise sales at Kaspersky, told Security Now in an email. "First, the amount of sensitive personal data accessible in many healthcare organizations make them an attractive target for cybercriminals. However, an even bigger draw for cybercriminals is that these organizations are leaving themselves vulnerable, with many still using legacy technology systems, while also leaving systems unpatched and insecure."

At the same time, many healthcare companies still don't provide employees with adequate cybersecurity training, making it more vulnerable to attacks caused by human errors or mistakes, Cataldo said.

Ransomware represented the most fearsome malware in 2017, thanks to such campaigns as WannaCry, Petya/NotPetya and SamSam, and the healthcare industry was an early and often target. According to a report by cybersecurity insurance company Beazly, in 2017, healthcare organizations were the victims of 45% of ransomware attacks. (For comparison, number two on the list was financial services and professional services, both at 12%.)

The threat isn't going away.

Over the course of the past year, cryptocurrency mining malware took over as the most popular used by threat actors, though there was a steady drumbeat of ransomware attacks. However, the non-profit Information Security Forum (ISF) late last month said that increasingly sophisticated ransomware attacks are among the top cybersecurity concerns in 2019. (See Ransomware, New Privacy Laws Are Top Security Concerns for 2019.)

That's bad news for the healthcare field, which has gotten a reputation as a good target for ransomware authors.

"Many industries do see repeated cyber attacks, but as we have seen with recent breaches in the news, this is particularly an issue for healthcare organizations," Cataldo said. "In many cases, following the first attack, cybercriminals will create variations of cyber-threats and resend them to the healthcare organization, either to get around any barriers that prevented their initial attack from being successful or to take advantage of reconnaissance details gathered during the initial infiltration. Additionally, as more healthcare breaches make news headlines, the more aware cybercriminals become that these kinds of organizations are an 'easy target,' so they will specifically look for healthcare groups to target, leading to repeated attacks on the same facilities."

Cybersecurity training and education are key tools for protecting organizations against attacks, he said. At healthcare companies, more work needs to be done to protect against employees clicking on email attachments or URLs that may contain malicious codes.

"While healthcare organizations are beginning to provide more comprehensive cybersecurity education to prevent these kinds of attacks, our research found that 17% of healthcare employees admitted to having responded to a third-party request for patient information with the requested e-PHI [electronic protected health information]," Cataldo wrote. "This means that there is a still a gap in cybersecurity education and training, and more must be done to ensure that the actions of a few employees are not putting the entire organization or its patents at risk."

That said, another key trend in the report was that employees lack confidence in how their healthcare organizations are approaching security, he said. Of those surveyed, only 26% of Americans and 18% of Canadians are confident in the strategies, and workers want to see their employers respond to cyber threats by taking such actions as increasing protection on medical device or ensuring that employees are secure when working remotely.

About 21% of employees said they don't think their organizations will sustain a data breach in 2019.

"Overall, it seems that employees understand that healthcare organizations are a key target for cyber threats, but there is a lack of communication and understanding that their employer is taking cybersecurity seriously," Cataldo said.

Among the steps healthcare organizations can take to protect against ransomware attacks are regularly updating operating systems on all networked devices with the latest patches, creating regular backups of critical information and storing those backups in different locations. Also, organizations should constantly remind employees about modern cyber threats and attack methods.

"Training and informing employees of IT security protocols and constantly communicating these through reminders can have a positive impact on preventing social engineering methods from spreading ransomware," he said.

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26180
PUBLISHED: 2021-07-28
Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols.
CVE-2020-5341
PUBLISHED: 2021-07-28
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated ...
CVE-2020-5351
PUBLISHED: 2021-07-28
Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privilege...
CVE-2021-32788
PUBLISHED: 2021-07-27
Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal mes...
CVE-2021-32796
PUBLISHED: 2021-07-27
xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes durin...