Increasing ransomware incidents in health care require strict protection of critical systems and data.
Since COVID-19 spotlighted digital care, the Australian healthcare sector has been the target of an increasing number of cybersecurity incidents. The industry has become a major target due to the sensitive data collected by healthcare providers and the growing reliance on cloud-based services and telemedicine.
NS Australian Cyber Security Center Earlier this year, (ACSC) announced an 85% increase in cybersecurity incidents related to Australia’s healthcare sector in 2020. In fact, outside of government and individuals, the medical sector reported the most cybercrime incidents to ACSC. In 2020.
This is an awakening for all healthcare organizations to check cybersecurity hygiene levels before they fall victim to the types of ransomware attacks that have already paralyzed Eastern Health, Regis Healthcare, and UnitingCare in the last 12 months. It should act as a call.
The rise of ransomware attacks on the healthcare sector is driven by two key factors. It is a high-value target and a health care access point with an expanding potential target area.
Healthcare data is arguably an attractive target for attackers, as it retains sensitive, personally identifiable information and routinely retains valuable technology and research intellectual property. .. This, coupled with the important nature of most healthcare operations, allows attackers to negotiate days or weeks in the life and death business while the system is held hostage by a ransomware attack. It means that you understand that you can’t afford it.For example, in the United States, the total ransom is $ 15.6 million Last year, medical institutions requested and paid more than $ 2 million, of which the total amount could be much higher than publicly reported.
Similarly, maintaining public confidence in health organizations, especially those related to government services, is very important.
The impact of digital transformation (accelerated by COVID-19) and the pursuit of efficiency that has resulted in many third-party companies entering the healthcare sector (eg, supply chain and medical areas) also need to be considered. .. shipping. This means more surface area for cybercriminals to attack, especially when combined with pandemic-related telecommuting and migration to BYOD devices.
In addition, a huge amount of devices are added to the risk factors of the healthcare sector. For example, in many medical practices, computers are placed in every room, giving practitioners quick access to records and communication between team members while the theater is in operation. Computers play an important role in preoperative planning, image visualization, patient monitoring, and even robot-assisted surgery. Each of these represents a potential vulnerability.
In addition to commanding these critical computers and servers, attackers are increasingly targeting medical IoT devices.Take the infected WannaCry ransomware attack as an example 1200 diagnostic devices, More devices will be offline to stop the spread of the attack.
Ransomware attacks are more subtle
Ransomware attacks begin by exploiting configuration gaps and access vulnerabilities to deliver malware. These often use ransomware kits as a service (ready to use and easily found on the dark web) for common phishing techniques, drive-by-malware downloads, and known public exploits. , Or use brute force credentials to infect unpatched systems. theft.
But over the past few months, of my own company Cyber Ark Lab The team tracked a significant increase in the operator base Ransomware attack, Looks very different from these Opportunistic “spray and play” attempt..
Operator-based ransomware attacks are carried out by highly skilled threat actors who can target and react to specific attack surfaces of specific organizations. Often, these attackers operate in stealth mode for extended periods of time while trying to find and steal credentials for both cloud and on-premises infrastructure.
Unfortunately, it’s well known in the medical industry to work as a privileged user (for example, a doctor patrols with a tablet that has access to the medical records of a large number of patients) and to allow third-party vendors (such as insurance). Is the fact. Access to a company or medical device supplier) privileged system is very common.
The attacker’s next goal is to collect higher privilege elevation and lateral movement credentials, looking for more machines and more valuable data to blackmail. And once in, the demand is growing. In many virtual hostage situations, attackers not only require ransom payments to decrypt the target data, but also threaten to leak the data unless additional payments are made. According to a F-Secure survey Almost 40% Many of the ransomware families discovered in 2020 used this double blackmail method.
How Healthcare Can Get Ahead of Ransomware Attacks
As ransomware attacks become more sophisticated and targeted, healthcare organizations need to strengthen their security regimes to protect critical infrastructure and maintain patient care and trust.This should start and end with a robust deployment Identity-centric control.. Simply put, if a healthcare provider can limit the number of people who have access to privileged assets, know exactly who has access to what, and quickly lock down privileges, the chances of a ransomware attack are quickly diminished. To do.
In the perfect world, each ID should be configured to have only the privileges and permissions needed to perform the desired function. No more, no less. This is the core of the principle of least privilege and the core belief of Zero Trust. Never trust and always verify.
A comprehensive identity security solution can do this. It authenticates all identities accurately, authorizes them with appropriate privileges, and provides access to privileged assets in a structured way. All of these can be audited or explained. It’s the ultimate gatekeeper to show who has access to what, where, and how long, providing complete protection, control, and visibility of privileged access across critical networks, systems, and applications. ..
As a protector of sensitive Australian personal, financial and medical data, dealing with anyone who can manage and access this important information is part of good governance for all Australian healthcare providers. Must be formed.
Why healthcare security needs urgent care Source link Why healthcare security needs urgent care