Surgeons working on patient showing the ransomware threat on healthcare organizations

Under Siege: How Healthcare Organizations Can Fight Back

A recent spate of crippling ransomware attacks against healthcare organizations signals that these assaults remain a major threat to our healthcare system and may have led to the nation’s first ransomware-related death. An Alabama woman’s new lawsuit alleges that a ransomware attack at Springhill Medical Center in Mobile, Alabama disabled vital fetal heartbeat monitoring systems that would have alerted the hospital’s physicians and nurses to conduct an emergency C-section. This miscalculation, which was allegedly linked to the cyberattack, caused the infant to suffer brain damage during delivery. The Alabama woman’s baby later died from brain damage-related complications.

Ransomware attacks, where individuals shut down critical systems in exchange for ransom, are no longer perpetrated by just a small group of bad actors. Cybercriminals are stealthy, organized and tricky to decipher. Hacker groups can now resemble modern companies with live chat capabilities, help desks and even public relations professionals who attempt to extort their victims. They lure their victims in with common spoofing techniques, phishing attempts and other sophisticated tactics. As such, hospitals and healthcare systems remain primary targets in the eyes of cybercriminals looking for a large payout.

A timely example is HIVE ransomware, which recently forced Memorial Health System in Ohio to cancel all urgent surgeries and radiology exams and has already infiltrated 28 organizations since June 2021, according to a recent FBI alert. This particularly dangerous and sophisticated ransomware targets an organization’s most critical data by disabling antivirus software and destroying backup systems and then encrypting files and folders. Those behind the attack then attempt to extort their victims via live chat.

For healthcare leaders looking to avoid such disasters, only relying on a prevention strategy will not be effective in stopping future attacks. To get ahead of cyber threats, organizations must take a proactive stance in their security strategies and implement next-generation tools and technology. Bearing in mind that October marked Cybersecurity Awareness Month, here are a few strategies that healthcare leaders should consider in order to strengthen their organization’s cyber posture:

Evaluate risk before an attack

Healthcare leaders should understand where operational vulnerabilities exist in their organization, from marketing all the way down to critical health records. Comprehensive visibility into the network, critical data and all endpoints is crucial to understanding an organization’s digital footprint and where weaknesses may lie. By understanding the scope of the task at hand, management and other healthcare leaders can create a preparedness plan to address any weaknesses in digital infrastructure.

Healthcare leaders should also ensure employees are frequently trained on cybersecurity best practices, which can prevent costly errors. A cyber strategy is only as effective as the people who implement it.

Use a VPN with multifactor authentication

Leadership should develop a strategy to combat ransomware that targets Remote Desktop Protocol (RDP) and other applications that face the Internet.

Cybercriminals frequently target credentials, such as a VPN or administrative credentials, to sell on forums and to partners on the dark web. As part of their preparedness strategy, healthcare leaders should avoid exposing their RDP to the Internet and use a VPN with multifactor authentication. This includes prioritizing patching for other vulnerabilities in VPN platform(s) and any underlying authentication applications.

Develop an endpoint hardening strategy

By developing an endpoint hardening strategy, healthcare leaders can harden their digital infrastructure with multiple defense layers at various endpoints. These layers act as multiple barriers that cybercriminals must try to break through. Implementing this strategy will also help to detect and contain an attack before it reaches sensitive data, such as patient medical records or scheduling systems, and other networks.

Healthcare leaders should also add Endpoint Detection and Response (EDR) to their cyber strategy. EDR detects and mitigates cyber threats through continuous and comprehensive real-time visibility into a network’s endpoints. Behavioral analysis and intelligence are then applied to endpoint data to stop breaches when attempted.

Protect emails and patient health records

In addition to gaining access via RDP, HIVE ransomware attacks use phishing emails with malicious attachments to gain access to company systems and health records. As part of their mitigation strategy, healthcare leaders should incorporate email security software that uses URL filtering as well as attachment sandboxing.

Engage cyber threat hunters

Healthcare IT and cybersecurity professionals are steadfast in their work and their approach to combat evolving cyber threats. But that doesn’t mean that working long hours will protect hospitals and healthcare systems when disaster strikes. A top proactive approach leaders can take to protect their organization from ransomware and other cybercrime is to bring in experienced partners who can help them prepare for, detect and contain future cyberattacks through proactive threat hunting. Threat hunting is a proactive practice that finds bad actors who have infiltrated a network’s initial endpoint security defenses. This offers a human threat detection capability that operates as an extension of the organization’s cyber team, hunting relentlessly to see and stop the most sophisticated hidden threats.

Conduct red team / blue team exercises

A well-laid out cyber strategy is only as good as its execution, meaning it is important to ensure that what has been put into place works as intended. A red team / blue team exercise is a cybersecurity assessment technique that uses simulated attacks to gauge the strength of the organization’s existing security capabilities and identify areas of improvement in a low-risk environment. This drill is a face-off between two teams of highly trained cybersecurity professionals: a red team who uses real-world adversary tradecraft in an attempt to compromise the environment, and a blue team who consists of incident responders who work within the security unit to identify, assess and respond to the intrusion. This type of exercise is critical to understanding potential gaps or vulnerabilities.

Moving beyond prevention

The next ransomware or cyberattack is not a matter of if but when for healthcare organizations. Healthcare leaders should focus their efforts by moving beyond a prevention strategy and focusing on developing a proactive preparedness plan. Not only will this help understand vulnerabilities in the current network landscape, but it will also provide guidance on building the right framework to identify and stop attacks in process. Cybersecurity preparedness should not be done in a silo – working with trusted partners is key. From conducting red team / blue team exercises to developing an endpoint hardening strategy, a smart cybersecurity strategy is critical in protecting sensitive patient data — and most importantly — for continued system operations so healthcare professionals can save lives.