By Troy Ament, field CISO for healthcare, Fortinet
Ransomware activity hasn’t subsided from peak levels over the last year – and the sophistication, aggressiveness and impact of ransomware is increasing as well. Threat actors continue to attack organizations with a variety of new as well as previously seen ransomware strains, often leaving a trail of destruction in their wake – and healthcare organizations remain especially vulnerable.
A survey of health delivery organizations conducted by Ponemon in 2021 found that 67% have been hit by a ransomware attack. Over a third (36%) attribute ransomware incidents to a third party, like what happened last year with Kaseya. Ransomware attacks aren’t stopping, so it’s key to understand what healthcare organizations are facing and what IT teams can do proactively.
Ransomware continued its stride for healthcare and other sectors
As denoted in a 1H 2021 threat report, FortiGuard Labs researchers saw an almost 11x increase in the number of sensors detecting ransomware variants over the previous 12 months. In addition, ransomware prevalence remained at an elevated level during the second half of 2021.
Ransomware also continues to grow in sophistication and aggressiveness. Bad actors continued to assault organizations with multiple new and previously seen ransomware strains. Double extortion attacks, where ransomware actors steal data and use the threat of leaking it as additional leverage for extorting ransoms, became the norm rather than the rarity it was a short while ago.
What’s more, even old ransomware is being actively updated and enhanced, sometimes with wiper malware included, while other ransomware is evolving to adopt ransomware-as-as-service (RaaS) business models. RaaS enables more threat actors to leverage and distribute the malware without having to create the ransomware themselves. FortiGuard Labs observed a consistent level of malicious activity involving multiple ransomware strains in the second half of 2021, including new versions of Phobos, Yanluwong and BlackMatter.
Risks to healthcare and other critical infrastructure continue to grow
Overall, critical infrastructure, which includes healthcare, has rapidly become a bigger target. The operators of BlackMatter professed they would not attack target organizations in the healthcare sector and other critical infrastructure sectors but did so anyway.
The Health Sector Cybersecurity Coordination Center, the security arm of Health and Human Services, issued a warning about BlackMatter in September. The group first resurfaced in July after the well-known ransomware group REvil/Sodinokibi suddenly took its website down. That threat was reduced in February, but healthcare IT and security leaders can be assured that this won’t be the last of its kind. Recently, authorities in the U.S., Australia and the UK issued a joint advisory warning of the cybersecurity risks to critical infrastructure.
The rise of telecare and the growth of the Internet of Medical Things (IoMT), coupled with the need for rapid digitization, has raised the stakes for the healthcare sector in terms of security challenges. Endpoints are proliferating – from smartphones and laptops to medical devices, printers and servers. All of these factors have expanded the threat landscape and cyber threats have spiked accordingly.
Taking a proactive approach to securing patient care
To address the significant ransomware threat, healthcare IT teams must take a proactive approach with real-time endpoint protection, detection and automated response coupled with zero trust access, segmentation and encryption. As attacks continue to get faster, organizations need to switch from collections of point products to integrated solutions that are designed to work together. Smarter solutions are needed to secure against evolving attack techniques, ones that can take in threat intelligence in real time, detect threat patterns and fingerprints, correlate massive amounts of data to detect anomalies, and automatically initiate a coordinated response.
The centralized management and broad visibility that an integrated cybersecurity platform provides can help ensure that policies are enforced consistently, configurations and updates are delivered promptly, and a coordinated threat response can be launched when the system spots suspicious activity.
Because the IoMT connects to healthcare IT systems using networking technologies, secure SD-WAN offers a significant opportunity to secure connections across branches, clinics and endpoints. SD-WAN is able to consolidate WAN connectivity, wired and wireless local-area network (LAN) controllers, and next-generation firewall (NGFW) security into a single, easy-to-manage device at each location. This framework reduces network complexity, simplifies management, and lowers costs for the healthcare business. It’s also an excellent option for improving application performance and resiliency.
Equipped for victory
A lot has been asked of healthcare IT professionals over the past two years, including setting up external COVID-19 testing sites and telemedicine capabilities. These new services afforded new opportunities for cyberattack, which they had to defend against as well. And now, attackers are using strains of ransomware old and new and focusing particularly closely on critical infrastructure. And don’t forget RaaS, which levels the playing field for criminals who want in on the opportunity.
The multi-pronged assault on the healthcare industry requires a diligent and comprehensive strategy. Organizations need to take a proactive approach with real-time endpoint protection, detection and automated response coupled with zero trust access, segmentation and encryption. This approach will give healthcare organizations more than a fighting chance in the constant battle with ransomware and other threats.
Troy Ament is Fortinet’s field CISO for healthcare. He brings more than 20 years of experience to Fortinet, transforming information technology and security programs, with 14 years in the healthcare sector as an executive overseeing clinical technology implementations, and serving as the chief information security officer (CISO) at two of the largest integrated health delivery systems in the U.S. Before joining Fortinet, Troy held the positions of CISO and Director, CISO chief at Sanford Health where he had oversight of the Security Technology, Security Operations, Identity and Access Management, and Governance Risk and Compliance (GRC) Teams.
Healthcare Business Today is a leading online publication that covers the business of healthcare. Our stories are written from those who are entrenched in this field and helping to shape the future of this industry. Healthcare Business Today offers readers access to fresh developments in health, medicine, science, and technology as well as the latest in patient news, with an emphasis on how these developments affect our lives.