Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Ransomware

12/27/2018
09:15 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt
50%
50%

Healthcare Industry Still in Ransomware Crosshairs

A report by Kaspersky researchers has found that healthcare organizations in the US and Canada are still at heightened risk of ransomware attacks.

Healthcare facilities in the US and Canada continue to find themselves under siege from bad actors targeting them with ransomware attacks, according to researchers with Kaspersky Lab.

Overall, 27% of healthcare IT workers in North America report that their organizations had been hit with a ransomware attack within the past year, and of those workers, 85% of Canadians and 78% of Americans said there had been up to five ransomware attacks in the past five years or more, according to a survey commissioned by the cybersecurity vendor.

In addition, 33% report that these cyber attacks had happened more than once.

The study, "The State of Cybersecurity in Healthcare," paints a picture of an industry that not only holds massive amounts of the type of personal information attackers want but also of one that is not learning from past mistakes.

"There are a number of reasons that the healthcare industry seems to be hit by cyber attacks often, and particularly ransomware," Rob Cataldo, vice president of enterprise sales at Kaspersky, told Security Now in an email. "First, the amount of sensitive personal data accessible in many healthcare organizations make them an attractive target for cybercriminals. However, an even bigger draw for cybercriminals is that these organizations are leaving themselves vulnerable, with many still using legacy technology systems, while also leaving systems unpatched and insecure."

At the same time, many healthcare companies still don't provide employees with adequate cybersecurity training, making it more vulnerable to attacks caused by human errors or mistakes, Cataldo said.

Ransomware represented the most fearsome malware in 2017, thanks to such campaigns as WannaCry, Petya/NotPetya and SamSam, and the healthcare industry was an early and often target. According to a report by cybersecurity insurance company Beazly, in 2017, healthcare organizations were the victims of 45% of ransomware attacks. (For comparison, number two on the list was financial services and professional services, both at 12%.)

The threat isn't going away.

Over the course of the past year, cryptocurrency mining malware took over as the most popular used by threat actors, though there was a steady drumbeat of ransomware attacks. However, the non-profit Information Security Forum (ISF) late last month said that increasingly sophisticated ransomware attacks are among the top cybersecurity concerns in 2019. (See Ransomware, New Privacy Laws Are Top Security Concerns for 2019.)

That's bad news for the healthcare field, which has gotten a reputation as a good target for ransomware authors.

"Many industries do see repeated cyber attacks, but as we have seen with recent breaches in the news, this is particularly an issue for healthcare organizations," Cataldo said. "In many cases, following the first attack, cybercriminals will create variations of cyber-threats and resend them to the healthcare organization, either to get around any barriers that prevented their initial attack from being successful or to take advantage of reconnaissance details gathered during the initial infiltration. Additionally, as more healthcare breaches make news headlines, the more aware cybercriminals become that these kinds of organizations are an 'easy target,' so they will specifically look for healthcare groups to target, leading to repeated attacks on the same facilities."

Cybersecurity training and education are key tools for protecting organizations against attacks, he said. At healthcare companies, more work needs to be done to protect against employees clicking on email attachments or URLs that may contain malicious codes.

"While healthcare organizations are beginning to provide more comprehensive cybersecurity education to prevent these kinds of attacks, our research found that 17% of healthcare employees admitted to having responded to a third-party request for patient information with the requested e-PHI [electronic protected health information]," Cataldo wrote. "This means that there is a still a gap in cybersecurity education and training, and more must be done to ensure that the actions of a few employees are not putting the entire organization or its patents at risk."

That said, another key trend in the report was that employees lack confidence in how their healthcare organizations are approaching security, he said. Of those surveyed, only 26% of Americans and 18% of Canadians are confident in the strategies, and workers want to see their employers respond to cyber threats by taking such actions as increasing protection on medical device or ensuring that employees are secure when working remotely.

About 21% of employees said they don't think their organizations will sustain a data breach in 2019.

"Overall, it seems that employees understand that healthcare organizations are a key target for cyber threats, but there is a lack of communication and understanding that their employer is taking cybersecurity seriously," Cataldo said.

Among the steps healthcare organizations can take to protect against ransomware attacks are regularly updating operating systems on all networked devices with the latest patches, creating regular backups of critical information and storing those backups in different locations. Also, organizations should constantly remind employees about modern cyber threats and attack methods.

"Training and informing employees of IT security protocols and constantly communicating these through reminders can have a positive impact on preventing social engineering methods from spreading ransomware," he said.

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-6017
PUBLISHED: 2020-12-03
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code ...
CVE-2020-6021
PUBLISHED: 2020-12-03
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DL...
CVE-2020-6111
PUBLISHED: 2020-12-03
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and...
CVE-2020-5680
PUBLISHED: 2020-12-03
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.
CVE-2020-5638
PUBLISHED: 2020-12-03
Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.