The global healthcare industry has more to worry about than just treating patients. The ever-growing risk of ransomware is a major threat currently facing the entire sector, compromising confidential patient data, and disrupting the crucial services it provides.
“With ransomware accounting for 54% of all cybersecurity threats in the healthcare industry, the chances of a successful breach are higher than ever,” explains Andrew Hollister, Chief Information Security Officer (CISO), LogRhythm. “A recent example of how threat actors are targeting the industry can be seen in the attack on Barts Health NHS Trust. The Trust, which runs five London-based hospitals and serves more than 2.5m patients, was breached by the ALPHV ransomware gang. This resulted in it compromising 70 terabytes of sensitive data, including National Insurance numbers, financial data, and insurance agreements.”
Healthcare security teams are faced with a challenging, but vital role. There is a growing need for comprehensive detection and response solutions within healthcare to overcome the threats posed by ransomware attacks.
Here, Hollister tells us more.
Healthcare under attack
The healthcare industry is a top target for hackers due to the vast amount of people that rely on its services on a global scale. Threat actors can hold healthcare service providers at ransom for large pay-outs leaving them with little other option than to give in to their demands.
“The introduction of more connected Internet of Things (IoT) medical devices plays a part in advancing the patient experience, but also broadens the attack surface for cybercriminals. With access to hospital IT systems, threat actors can easily steal a huge range of important personal data from patients and employees alike,” Hollister explains. “Further to this, the challenges caused by the expanding threat landscape are amplified by tight budgetary constraints within the public sector. Funding limitations leave many healthcare institutions in the difficult position of having to juggle their investment priorities between cybersecurity and direct healthcare provisions.”
The level of data that some criminals can access has the potential to severely diminish public trust, damaging its perceived reputation and confidence in its services. To stay ahead of the rising ransomware risk, healthcare providers need to prioritise holistic visibility into networks to detect, mitigate and reduce threat response times.
“The healthcare industry has a duty to not only look after patients’ physical health, but also safeguard their digital data,” he says.
Fighting back against ransomware
“Ransomware attacks are here to stay and the healthcare industry needs to take the security of its operations into its own hands,” says Hollister. “Protecting against the most pertinent threats requires a multi-faceted cybersecurity plan.”
Deploying intelligent security tools
According to Microsoft’s digital defence report 2022, 60% of organisations who experienced a ransomware attack did not have a security information and event management (SIEM) platform in place.
“The healthcare industry must step up to the challenge and deploy appropriate solutions to tackle ransomware risks,” explains Hollister. “SIEM platforms can help organisations in detecting ransomware, including the steps that proceed the actual encryption and exfiltration of data before it causes widespread business disruption. SIEM enables security teams to detect and rapidly prioritise potential threats with agility.”
Prioritising cyber hygiene
With only 35% of organisations within healthcare using training or awareness-raising sessions in the last 12 months, employees are left vulnerable to taking actions that increase the risk of ransomware.
“Healthcare organisations can reduce the risk to themselves and their patients using a mix of ‘cyber hygiene’ measures. This starts with making all employees inside an institution aware of the associated risks when a threat actor is trying to exploit them,” he says. “Other basic cyber hygiene practices include implementing two factor authentication and keeping all software up to date. Many vulnerabilities within software programs are patched out in newer versions so running older software and not applying patches in a timely manner is a huge risk.”
Performing regular data back-ups
Another of the key ways to prepare for ransomware attacks is by performing regular backups in multiple locations.
“If a ransomware attack were to take place, healthcare institutions with backed-up data would be able to restore their data, avoiding the main lever of extortion that attackers use today. It is also important to do these back-ups regularly so that the data is refreshed and up to date.”
Taking care of critical data
Securing data and avoiding system down-time is essential for patient well-being. By combining SIEM solutions with robust cyber hygiene measures, security teams can make it harder for cyber-criminals to get a foothold in the healthcare industry.
“Attackers will go after the low hanging fruit first and whilst taking these measures will not make you immune to ransomware, they will significantly reduce your risk of suffering a successful ransomware attack,” says Hollister.
It is not enough to just act reactively when it comes to ransomware attacks. To stay ahead, organisations need to implement proactive measures to keep employee and patient data safe and maintain trust in their services.