Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Ransomware

12/27/2018
09:15 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt
50%
50%

Healthcare Industry Still in Ransomware Crosshairs

A report by Kaspersky researchers has found that healthcare organizations in the US and Canada are still at heightened risk of ransomware attacks.

Healthcare facilities in the US and Canada continue to find themselves under siege from bad actors targeting them with ransomware attacks, according to researchers with Kaspersky Lab.

Overall, 27% of healthcare IT workers in North America report that their organizations had been hit with a ransomware attack within the past year, and of those workers, 85% of Canadians and 78% of Americans said there had been up to five ransomware attacks in the past five years or more, according to a survey commissioned by the cybersecurity vendor.

In addition, 33% report that these cyber attacks had happened more than once.

The study, "The State of Cybersecurity in Healthcare," paints a picture of an industry that not only holds massive amounts of the type of personal information attackers want but also of one that is not learning from past mistakes.

"There are a number of reasons that the healthcare industry seems to be hit by cyber attacks often, and particularly ransomware," Rob Cataldo, vice president of enterprise sales at Kaspersky, told Security Now in an email. "First, the amount of sensitive personal data accessible in many healthcare organizations make them an attractive target for cybercriminals. However, an even bigger draw for cybercriminals is that these organizations are leaving themselves vulnerable, with many still using legacy technology systems, while also leaving systems unpatched and insecure."

At the same time, many healthcare companies still don't provide employees with adequate cybersecurity training, making it more vulnerable to attacks caused by human errors or mistakes, Cataldo said.

Ransomware represented the most fearsome malware in 2017, thanks to such campaigns as WannaCry, Petya/NotPetya and SamSam, and the healthcare industry was an early and often target. According to a report by cybersecurity insurance company Beazly, in 2017, healthcare organizations were the victims of 45% of ransomware attacks. (For comparison, number two on the list was financial services and professional services, both at 12%.)

The threat isn't going away.

Over the course of the past year, cryptocurrency mining malware took over as the most popular used by threat actors, though there was a steady drumbeat of ransomware attacks. However, the non-profit Information Security Forum (ISF) late last month said that increasingly sophisticated ransomware attacks are among the top cybersecurity concerns in 2019. (See Ransomware, New Privacy Laws Are Top Security Concerns for 2019.)

That's bad news for the healthcare field, which has gotten a reputation as a good target for ransomware authors.

"Many industries do see repeated cyber attacks, but as we have seen with recent breaches in the news, this is particularly an issue for healthcare organizations," Cataldo said. "In many cases, following the first attack, cybercriminals will create variations of cyber-threats and resend them to the healthcare organization, either to get around any barriers that prevented their initial attack from being successful or to take advantage of reconnaissance details gathered during the initial infiltration. Additionally, as more healthcare breaches make news headlines, the more aware cybercriminals become that these kinds of organizations are an 'easy target,' so they will specifically look for healthcare groups to target, leading to repeated attacks on the same facilities."

Cybersecurity training and education are key tools for protecting organizations against attacks, he said. At healthcare companies, more work needs to be done to protect against employees clicking on email attachments or URLs that may contain malicious codes.

"While healthcare organizations are beginning to provide more comprehensive cybersecurity education to prevent these kinds of attacks, our research found that 17% of healthcare employees admitted to having responded to a third-party request for patient information with the requested e-PHI [electronic protected health information]," Cataldo wrote. "This means that there is a still a gap in cybersecurity education and training, and more must be done to ensure that the actions of a few employees are not putting the entire organization or its patents at risk."

That said, another key trend in the report was that employees lack confidence in how their healthcare organizations are approaching security, he said. Of those surveyed, only 26% of Americans and 18% of Canadians are confident in the strategies, and workers want to see their employers respond to cyber threats by taking such actions as increasing protection on medical device or ensuring that employees are secure when working remotely.

About 21% of employees said they don't think their organizations will sustain a data breach in 2019.

"Overall, it seems that employees understand that healthcare organizations are a key target for cyber threats, but there is a lack of communication and understanding that their employer is taking cybersecurity seriously," Cataldo said.

Among the steps healthcare organizations can take to protect against ransomware attacks are regularly updating operating systems on all networked devices with the latest patches, creating regular backups of critical information and storing those backups in different locations. Also, organizations should constantly remind employees about modern cyber threats and attack methods.

"Training and informing employees of IT security protocols and constantly communicating these through reminders can have a positive impact on preventing social engineering methods from spreading ransomware," he said.

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Kelly Sheridan, Staff Editor, Dark Reading,  10/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11484
PUBLISHED: 2020-10-29
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure.
CVE-2020-11485
PUBLISHED: 2020-10-29
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the u...
CVE-2020-11486
PUBLISHED: 2020-10-29
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.
CVE-2020-11487
PUBLISHED: 2020-10-29
NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may lead ...
CVE-2020-11488
PUBLISHED: 2020-10-29
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to i...