Cybercrime has developed into a multibillion-dollar industry, complete with call centers that help victims pay ransoms, tech support, affiliates who transport and launder money, and people in charge of forums on the Dark Web where programmers may buy and sell their wares.
With this, we’ve seen the rise of Ransomware-as-a-service (RaaS), a subscription-based business model that enables partners (affiliates) to carry out attacks using ransomware tools that have been built by others. Healthcare has clearly been a major target of ransomware – and that’s true with RaaS, too. In fact, some – like Evil Corp – are even specifically targeting this vertical. Another ransomware group, known as Daixin Team, has also claimed credit for an attack against a Texas healthcare system. The list goes on. Healthcare is under attack, and the pressure is on IT leaders at these organizations to ensure they’re up on the latest and greatest when it comes to RaaS and these bad actors’ tactics.
The rise of RaaS
With RaaS, if an attack is effective, affiliates might receive up to 80% of the revenues. Everyone else receives their share, too. As a result, the rapidly expanding environment of cybercrime has developed its own supply chain and now brings in more than a trillion dollars annually.
Because the malicious actors are better funded, using new components and service models, and continually altering their strategies and upping their game, the supply chain is expanding, as well. This has increased the number of cyberattacks that, in a single instance, harm thousands of enterprises.
We’re also seeing that RaaS is enabling the proliferation of more ransomware variants.
FortiGuard Labs researchers have encountered a total of 10,666 ransomware variations in the last six months, as opposed to just 5,400 in the preceding six months.
An inflection point for healthcare organizations
As federal officials warn, Evil Corp should be considered a significant threat to the U.S. health sector. But it’s just the tip of the iceberg.
The fight against cybercrime has reached a critical turning point at this time.
Four actions that healthcare IT teams should take to maximize protection against ransomware and RaaS include:
- Build a culture of security: IT and security experts can help their healthcare organization create a security culture first by conducting regular risk assessments. They can also offer cybersecurity education and training to all employees, including those at the executive level, as they are particularly targeted for and vulnerable to spear phishing attacks. The usage of strong passwords and routine updating of passwords are additional strategies cybersecurity teams can employ to establish a security culture in healthcare businesses. In addition, encourage additional measures such as MFA. They can also advise workers to be cautious of their physical surroundings and the possibility of mobile device theft.
- Create an incident response plan: CISOs and CSOs must be ready to work with their IT and cybersecurity teams to create effective incident response plans. Organizations need to be proactive rather than reactive – that’s crucial. It is wise to prepare for the unexpected, especially as cyber events keep changing, and have an idea of what to do before the event happens. As you create your strategies, you might want to look into the incident response and readiness services offered by cybersecurity providers.
- Automate and integrate the deployment of security solutions: Healthcare companies must use cutting-edge cybersecurity tools, such as next-generation firewalls. The setup and upkeep of antivirus software is another prerequisite for healthcare cybersecurity. But these are simply the fundamentals. As healthcare continues to advance, segmentation can lessen the effect of breaches, and other solutions that enable secure telemedicine – such Zero Trust Network Access (ZTNA) and SD-WAN – are essential.
- Get informed in unique ways: Threat intelligence is vital but so is information to help manage risk. Services like a digital risk protection service (DRPS) can help provide an outside-the-network view to potential risks to an organization.
Strengthening healthcare security
Cybersecurity has become big business, and RaaS is on the rise. The recent alert from the Department of Health and Human Services about Evil Corp is just one more reminder that healthcare is under attack. Cybercriminals understand that healthcare organizations have competing needs when it comes to budget allocation and that the immediate needs of patient health often outweigh cybersecurity concerns.
That’s what makes the healthcare industry such an attractive target – along with the mounds of personal data available to steal and, for ransomware attackers, the seriousness of the need for health workers to have network access. By following the recommendations above, healthcare organizations will be able to strengthen their security posture significantly.
Troy Ament is Fortinet’s field CISO for healthcare. He brings more than 20 years of experience to Fortinet, transforming information technology and security programs, with 14 years in the healthcare sector as an executive overseeing clinical technology implementations, and serving as the chief information security officer (CISO) at two of the largest integrated health delivery systems in the U.S. Before joining Fortinet, Troy held the positions of CISO and Director, CISO chief at Sanford Health where he had oversight of the Security Technology, Security Operations, Identity and Access Management, and Governance Risk and Compliance (GRC) Teams.