Healthcare organizations are under constant threat from cyberattacks, with ransomware being a major concern as recent incidents like the BlackCat attack on Change Healthcare, impacting millions, highlight the danger.
HHS data confirms the rising trend, with a record 725 large healthcare breaches reported in 2023, nearly double the number in 2018. To combat this, healthcare providers need to strengthen their cybersecurity posture with improved detection, protection, and mitigation strategies.
Researchers identified LockBit 3.0, ALPHV/BlackCat (BlackCat), Clop, DMA Locker, and Royal as the top ransomware threats targeting healthcare.
Disruptions from law enforcement in February and December 2023 cast doubt on LockBit and BlackCat’s current activity, where BlackCat stands out for its aggressive tactics, including leaking stolen patient data.
Attackers use techniques like HTML smuggling and Qakbot malware to deploy ransomware strains including Babuk, Magniber, LockBit, Black Basta, and RansomHouse, highlighting the rise of double-extortion ransomware in healthcare, where stolen data is exfiltrated and threatened to be sold on the Dark Web if the ransom isn’t paid.
To mitigate ransomware risks, organizations should implement a layered defense strategy, which includes regular employee training and testing on cybersecurity best practices, maintaining up-to-date security policies and software patches, and deploying layered email security solutions to identify and remove malicious emails.
Regular data backups stored offsite with verified restore capabilities are crucial for recovery, and organizations should secure or disable Remote Desktop Protocol (RDP) services due to their frequent exploitation by attackers.
The healthcare industry’s reliance on third-party vendors creates a vulnerability where hackers can exploit weak security practices at these vendors to gain access to a healthcare organization’s data.
According to Trust Wave, the problem is compounded by the growing number of Internet of Things (IoT) devices in use, which expands the attack surface for malicious actors and necessitates robust cybersecurity measures and data breach protection throughout the healthcare ecosystem.
How will it affect users?
Healthcare organizations are prime targets for supply chain attacks due to their critical role and access to sensitive data. The recent MOVEit vulnerability exposed this risk, as the file transfer software is widely used in healthcare and attackers exploited it to gain access to data.
Medical devices with long lifespans and short software support cycles create exploitable vulnerabilities for attackers, which highlights the importance of strong security measures throughout the healthcare supply chain, including software and IoT devices.
Healthcare providers need to enforce strict security protocols on their vendors to minimize risks, including regular penetration testing and vulnerability scans on both internal systems and those of third-party partners.
To achieve better security, healthcare organizations should maintain a detailed inventory of medical devices and their software components, including vendor-developed software, operating systems, and versions.
Prior to the incorporation of any new cutting-edge medical technology or device into the network, a vulnerability scan should be mandatory.
Never forget to check out our YouTube channel, ETHICAL EMPIRE, and keep reading our exciting blogs. Until next time, stay curious, stay secure, and keep exploring the fascinating world of cyber security. See you soon, bye!
