By Anthony Giandomenico
The healthcare industry currently sits at the top of the list of sectors affected by data breaches for many reasons. The data held by healthcare organizations is valuable. Additionally, the need to keep networks up and running – given that they include critical systems used in monitoring and treating patients – makes them prime targets for paying ransoms. The growth in ransomware and other attacks aimed directly at healthcare systems have brought the issue of cybersecurity to the forefront and thankfully, awareness is growing.
In Q3 of 2019, Fortinet researchers examined the cybersecurity issues that healthcare IT leaders are facing today, especially ransomware and Ransomware-as-a-Service (RaaS). Threats from additional Malware-as-a-Service solutions, as well as attacks on public-facing edge services, also loom large.
What we’ve seen and what’s to come
Overall, the threat landscape index was flat in Q3. While this is positive news, it doesn’t mean that IT teams can let their guard down when it comes to security.
Part of this trend may be due to the extra focus that organizations have been paying to combating phishing, which is still the source for over 90% of all malware intrusions. End user training and upgrading secure email gateway technologies seem to have taken a bite out of the effectiveness of that particular attack vector. However, we are now seeing a trend where, after years of focusing on phishing attacks to implant code on targeted systems, some cybercriminals are now reverting to an earlier tactic – attacking vulnerable services, especially publicly-facing edge services, to inject/execute code commands on target systems.
They are having success, perhaps in part because some organizations have over-rotated their limited resources to addressing the phishing problem. With this in mind, security teams must not only emphasize updates and fortification to publicly exposed services, but also remember that they need a security strategy in place that keeps all attack vectors in mind to prevent their cyber adversaries from simply switching targets.
On a similar note, as we have detailed in the past several reports, botnets are still prevalent threats. Well known botnets such as Gh0st and Bladabindi top the list of most prevalent botnets detected in Q3. Interestingly, Mirai came in as the fourth most prevalent botnet, in spite of its being more than three years old and being responsible for one of the most sweeping global attacks to date. And because botnet detection reflects actual network compromise, rather than simply seeing malware floating through cyberspace, it means that too many organizations still haven’t taken the proper precautions to harden their networks against this threat.
RaaS and Ransomware Attacks That Target Healthcare Systems
Ransomware continues to be a threat to healthcare organizations – causing operations to halt due to seized data and patient information. Healthcare cybersecurity professionals should be especially aware of increasing ransomware activity and threats that target connected devices. And because ransomware attacks tend to be both successful and highly lucrative, healthcare IT teams must also be aware of the growing threat brought on by Ransomware-as-a-Service (RaaS) offerings. Now that less technical adversaries have access to advanced ransomware tools, IT teams can expect the volume and persistence of ransomware attacks to continue.
The cybercriminal community is very aware that the group that deployed the ransomware GandCrab netted over $2 billion in just under two years. Even in 2019, with ransomware awareness and defense tactics on the rise, this particular ransomware strain was successful in part because it leveraged RaaS to expand its attack base. Two other forms of ransomware joined the RaaS ranks this past quarter – Sodinokibi and Nemty, each seem to be related to GandCrab – and as a result, healthcare IT teams can expect to see more of them over the next year or so.
What Healthcare IT Teams Can Do to Minimize Risk
Threat research supports the fact that IT leaders need to be more security-minded when making technology purchases and in how those devices are deployed to ensure they have adequate proximity controls in place. In particular, a 2019 McKinsey report shows that strong cybersecurity is now the most important factor in IoT acquisition, no matter what industry you’re in. It comes ahead of reliability, compatibility, and ease of use. Leveraging network access control (NAC) systems can assist healthcare teams in tracking these devices deployed within their networks and continuously monitor them to remain apprised of their level of risk.
In addition to closely monitoring the use of IoT devices for example, IT teams should be taking precautions to defend against the looming spike in ransomware attacks about to be brought on by the growth in RaaS. At a high level, this means educating employees on how to spot and avoid phishing emails or malicious attachments that may seek to disseminate ransomware – as was seen with Sodinokibi. Getting more technical, this means deploying the tools and policies that will allow health IT teams to detect and halt ransomware using anti-analysis techniques to evade detection. This means implementing segmentation, inspecting encrypted traffic, and automating event correlation.
And finally, healthcare IT teams cannot afford to take their eye off the ball of any segment or sector of their network – which can be a daunting task especially now as many networks are in the throes of digital transformation. So in addition to regular patching of things like publicly-facing services, organizations need to adopt a security-first strategy that ensure that an integrated security system is designed and built as step one of any new network expansion or adoption strategy
Healthcare Cybersecurity Beyond Q3
The Privacy Act of 1974 ensured that data privacy concerns were built into healthcare systems decades ahead of other fields not affected by that ground-breaking legislation. But in spite of this, even among the traditionally hyper-aware ranks of the healthcare industry, the digital era still poses security challenges. As healthcare IT has learned, and as our quarterly threat landscape reports show, modern threats are functioning on a whole new level, and security teams need to take note.
Staying ahead of the attackers starts with awareness. Knowing about common entry points and attack strategies can help health IT teams bolster their defenses, improve their processes, and eventually enable them to get out ahead of today’s cyber adversaries.
About the author
Anthony Giandomenico is an experienced Information Security Executive, Evangelist, Entrepreneur and Mentor with over 20 years of experience. In his current position at Fortinet he is focused on delivering knowledge, tools and methodologies to properly demonstrate advanced threat concept and defense strategy using a practical approach to security.