Ascension Attack Intensifies Scrutiny Of Healthcare Cyber Defenses | #ransomware | #cybercrime

The healthcare sector has increasingly become a target for cybercriminals, with several high-profile cyber attacks disrupting services and illustrating the vulnerability of this critical industry. The cyber attack on Ascension underscores the concerning trend.

The cyber attack on Ascension is particularly alarming due to its impact on healthcare services, leading to patient diversions and disrupted clinical operations. Ascension hospitals are having EMS patients diverted and reports indicate that most or all of the 139 hospitals operated by Ascension are affected by the attack.

Recent Major Cyber Attacks on Healthcare

This attack follows closely on the heels of the significant cyber incident involving United Health and Change Healthcare, where attackers compromised patient data and demanded a ransom. United Health is still reeling from that attack and has projected that it could cost the company as much as $1.6 billion.

The attack on United Health’s Change Healthcare not only led to financial demands but also raised concerns about patient privacy and data security. These incidents serve as a stark reminder of the critical need for robust cybersecurity measures within the healthcare sector.

Corewell Health, the largest hospital system in Michigan, and McLaren Healthcare have also been recent high-profile victims in the healthcare sector.

These attacks against healthcare providers have crossed the line from mere criminal activity. They are not only a threat to the lives of patients, they threaten our national security. A recent report by Ponemon found a direct link between ransomware attacks and negative patient outcomes, increased mortality rates, and an increase in complications during medical procedures. Other research found a 33% increase in death rates per month for hospitalized Medicare patients.

The Ascension Cyber Attack: Early Details and Ransomware Suspicions

It is very early in the process, so there is a lot we do not know yet. As details continue to emerge about the Ascension cyber attack, the exact nature and scope of the incident remains unclear.

However, given the patterns observed in similar recent attacks, there is a reasonable likelihood that this could be a ransomware attack. Ransomware typically involves encrypting the victim’s data to extort payment in exchange for decryption keys. Healthcare organizations are often targeted due to the critical nature of their services and the sensitivity of the data they hold, which can increase the pressure to pay the ransom to restore services and maintain patient care.

Blurred Lines For Ransomware

Again, we don’t have much in the way of details for the Ascension attack yet and it has not been confirmed as ransomware. Regardless of whether it’s a ransomware attack or some other form of cyber attack, though, any threat that disrupts or compromises healthcare has significant repercussions.

“There is a good deal of evidence that much of the tooling and attack infrastructure employed by ransomware gangs overlap with those of some nation-state operators,” explained Jon Miller, co-founder and CEO of Halcyon. “The potential dual nature of ransomware attacks on healthcare and other critical infrastructure providers that may also be serving the geopolitical aims of adversarial nations should not be ignored.”

Miller noted that the perception that ransomware attacks appear at face value to be the actions of simple cybercriminals provides plausible deniability when those attacks also serve the geopolitical goals of a nation-state adversary. He shared research that estimates 74% of all illicit revenue from ransomware in 2021 went to attackers linked to Russia, and stressed that these attacks might be reclassified as state-sponsored terrorism if the Putin regime has influence over which organizations are targeted.

“The impact of attacks on the healthcare sector and patient outcomes emphasizes that we can no longer address ransomware as merely criminal matters, and the government needs to be more aggressive in combating these attackers and the nations that give them safe harbor,” declared Miller. “Infrequent indictments of threat actors who will likely never be apprehended and offering organizations more alerts, guidelines and frameworks is simply not enough.”

Miller succinctly summed up, “It’s time to call attacks on healthcare organizations and other critical infrastructure providers what they really are: a serious threat to national security.”

The Role of Phishing in Cyber Attacks

Regardless of whether ransomware is involved, there is a very good chance that phishing is. Phishing attacks are a common entry point for cybercriminals, with estimates suggesting that up to 90% of successful cyber attacks start with phishing.

These attacks often involve deceiving employees into providing sensitive information or accessing malicious websites, which can lead to further exploitation. Companies are aware of the risk posed by phishing attacks and most have tools and processes in place designed to protect them. Unfortunately, email filters and user awareness training have repeatedly been demonstrated to be insufficient alone.

A recent study found that 80% of organizations have email filtering that can be bypassed by attackers,, and it is estimated that there is a 1 in 5 chance that a phishing email will be clicked by a user.

Enhancing Protection Against Phishing

Organizations must adopt more comprehensive strategies to combat phishing. The problem with both email filters and user awareness training is that they depend on the ability to analyze email messages and identify nuanced and subtle clues. They are essentially making educated guesses about whether a message is potentially suspicious or malicious.

This attack and history in general demonstrate that we are not very good at guessing. For attackers, it’s a numbers game. Even if email filters catch the majority of phishing emails and only 5% of users are likely to fall prey, that is a non-zero chance. If an attacker sends enough phishing emails, it’s virtually guaranteed one will eventually work.

John Chirhart, founder and CEO of GTG.Online, urges companies to reconsider their approach to phishing defense. “To combat the sophistication of phishing techniques, organizations need to implement email security that irrefutably identifies legitimate messages. Remove the guessing entirely.”

Using out-of-band monitoring of email traffic and non-repudiation, legitimate emails can be clearly identified. Rather than teaching users how to scrutinize emails for clues they might be phishing attacks, companies can just teach users to only trust verified emails.

Safeguarding Healthcare Against Cyber Attacks

The Ascension cyber attack is a stark reminder of the cybersecurity challenges facing the healthcare industry. It emphasizes the necessity for healthcare organizations to bolster their cyber defenses, particularly against phishing and ransomware attacks.

As cyber threats continue to evolve, all companies—but especially the healthcare sector—must remain vigilant and proactive in adopting advanced security measures to protect sensitive patient data and ensure the continuity of critical healthcare services.

Source link


National Cyber Security