By Dr. James Stanger
At a time when healthcare professionals, scientists, first responders, and everyday people are performing heroic deeds to help us out of the COVID-19 crisis, it’s important – as well as unfortunate – that we maintain our vigilance for bad actors seeking to do us harm in the cyber realm.
Cybercriminals and hackers are always on the prowl for vulnerabilities to exploit. The COVID-19 outbreak is no exception. The pandemic may even have sparked more nefarious behavior during a time when we are pre-occupied with social distancing, sheltering in place, layoffs and furloughs, vaccines and quarantines. From “Zoom bombing” to social engineering attempts via e-mail and phone, we’re all observing an increase in attacks.
A particular heinous example of how attackers are spreading havoc came to light in a recent warning from INTERPOL, the International Criminal Police Organization. INTERPOL alerted authorities in its 194 member countries about an increase in the number of ransomware attacks targeting hospitals and other key organizations engaged in the virus response around the world.
Healthcare institutions have fallen prey to malicious software, or malware, that is often spread through phishing emails or by unknowingly visiting infected websites. Once the malware is unleashed, the organization is held digitally hostage, prevented from accessing vital files and systems until a ransom is paid.
A recent example occurred in mid-April when a medical center in Pueblo, Colo., was hit with a suspected ransomware assault that resulted in an outage to a number of the center’s IT infrastructure, including its system for storing patient information. The hospital was forced to resort using paper forms, a troubling slowdown in productivity at any time, let alone when dealing with an influx of patients due to the pandemic. Hospitals and healthcare providers worldwide are also experiencing an increase in volumetric Distributed Denial of Service (DDoS) attacks, as well as ransomware attacks. Many threat actors are blending DDoS and ransomware-based attacks.
Even before the pandemic healthcare organizations were a prime target for ransomware attacks. A report from Corvus Insurance found that ransomware attacks on healthcare entities increased by 350% in Q4 2019 compared to Q4 2018.
Given the rising ransomware and blended threats, it is vital for hospitals, labs and medical centers to re-examine their readiness to fend off cyberattacks. In fact, it is a practice than any organization regardless of industry should do on a regular basis. Here are eight proactive steps and precautions that can reduce the chances that your company will become a ransomware victim.
- Improve company communications – A successful ransomware attack is usually a sign of improper employee communication and behavior. These issues are more pressing than the typical “an employee just clicked on the wrong URL” type of problem. In many cases, ransomware and blended threat problems are a symptom of larger issues.
- End point backup – This is more effective than software patching, as zero-day attacks abound. Proper endpoint backup (that is not susceptible to ransomware attacks itself) can ensure that an organization can recover more quickly. While updating software and patch levels is always useful, backup is the most critical technical step, in many ways. This is because many successful attacks are based on “zero-day” attack strategies. A zero-day attack is where the attacker targets a vulnerability that cannot be patched or easily anticipated.
- End user training – End users require constant help to communicate securely. “Fake phishing” campaigns are helpful, as are ways to encourage out-of-band confirmation on vital communications (e.g., wire transfers).
- Network segmentation – Proper use of Virtual LAN (VLAN) and network access control list implementation through switches and routers helps deter the spread of a ransomware outbreak. It is effectively the equivalent of “social distancing.” I call it “service distancing.”
- Multifactor authentication – Two-factor authentication (2FA) is a major help in slowing ransomware attacks.
- Filtering ISP / Cloud service – This provides the ability to “black hole” or otherwise block ransomware traffic, either after an attack, or before. It can block typical botnet command and control software.
- Scenario-based drills – Fire drills are a regular practice at almost every organization. But how often has your company actually practiced reacting to a ransomware attack? Software companies provide drilling and modeling services that allow people to practice and engage in simulations.
- Set privacy measures and metrics – Ransomware often tries to extort victims by threatening the release of intellectual property or other sensitive information. It is important to discuss implementing unique measures to help protect data at rest through adequate encryption and authentication (e.g., 2FA).
CompTIA offers a wide range of free resources on cybersecurity best practices, professional certifications, research on the latest trends, and training for both technical and non-technical staff. Here are just a few:
- What is a DDoS Attack? A Guide for Protection
- The Cybersecurity Skills Your Boss Wants You to Have to Counter DDoS Attacks
- Data Breach Response Planning Guide
- Security Awareness Training for Employees
- Cybersecurity for Digital Organizations
Additional cybersecurity resources are available at https://www.comptia.org/resources/cybersecurity.
About the Author
James Stanger, Ph.D., is the chief technology evangelist at CompTIA. James is an authority in security, open source, network administration and IT education. He has consulted with corporations, governments and learning institutions worldwide for more than 20 years. He is also an award-winning author and blogger.