November 10, 2020
“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”
Warnings don’t get much clearer or more dire than that one, issued in early October by the three U.S. Government agencies that monitor and respond to all online threats from inside and outside the country.
This latest rash of invasions — the probable work of a Russian-speaking gang known as Wizard Spider or UNC 1878 using trojan horse programs called Ryuk and TrickBot — are again exploiting the vulnerability of institutions where computer glitches and breakdowns can put lives at serious risk by knocking out or freezing vital machines and limiting access to digitized records.
That’s exactly what happened at University Hospital Düsseldorf in Germany, authorities there announced. An AP story at the time reported that “an apparently misdirected ransomware attack” had caused IT systems to fail with fatal consequences when a woman who required urgent medical care couldn’t be admitted and was instead taken to another hospital farther away.
“UNC1878 is one of the most brazen, heartless, and disruptive threat actors I’ve observed over my career,” Charles Carmakal, chief technical officer at the cybersecurity firm Mandiant, told Reuters in late October. He was equally forthright in a company statement, declaring, “We are experiencing the most significant cybersecurity threat we’ve ever seen in the United States.”
More troubling still, these types of destabilizing and costly incursions reportedly have risen by 50 percent just in the last few months.
But while the problem has intensified, it’s nothing new. In 2019, according to a report by Emsisoft, at least 966 government and civilian groups were hit by cyberattacks. Nearly 80 percent of the targets (764) were in the healthcare space. The question is, Why do healthcare organizations seem to have neon bullseyes on their backs. Ekram Ahmed thinks it all comes down to money. “They’re the most desperate and willing to pay,” the Check Point founder said in USA Today: However, he added, it’s a mistake to pony up because ransom spoils only fund “research and development” for future attacks.
Hold Security founder Alex Holden recently told the New York Times that the hackers currently upending American hospitals are working off a hit list of more than 400 potential targets, at least 30 of which they may already have infected with malware.
As an upstate New York healthcare executive put it last month, after multiple attacks on hospitals in his county, “One thing that I think healthcare has realized [is] it’s not about if, it’s about when.”
The key to prevention (or at least effective mitigation), it won’t surprise you to learn, is sufficient preparation. To that end, Mindsight Certified Ethical Hacker and Cybersecurity Leader Mishaal Khan has some useful suggestions based on years of experience in the sector.
- Keep up-to-date backups of entire systems
- Have a Disaster Recovery and Business Continuity Plan in place
- Perform regular Security Risk Assessments and mitigate vulnerabilities immediately
- Perform regular pentests to test the security controls in place
- Deliver cybersecurity user awareness training in the form of video-on-demand, briefings, phishing simulations, social engineering and a positive security culture
- Have a Security Program in place managed by a dedicated CISO or vCISO
“My goal,” Khan says, “is to be at a stage where more and more organizations ask for advice and assistance in managing and maintaining their security program rather than incident response.”
Join Mindsight on November 17th as we delve into the security lessons learned in 2020. Coronavirus may be the largest-ever global security threat. The pandemic has tested IT Leaders – and our security strategies – in ways never imagined. What have we learned in the last eight months – and more importantly, how do we apply that learning moving forward? Mishaal Khan, Mindsight’s Security Leader and Certified Ethical Hacker, will lead a candid, virtual discussion that will provide insights into managing through extreme change and more effectively safeguarding our organizations. Please click here for more info.
About Mindsight
Mindsight is industry recognized for delivering secure IT solutions and thought leadership that address your infrastructure and communications needs. Our engineers are expert level only – and they’re known as the most respected and valued engineering team based in Chicago, serving emerging to enterprise organizations around the globe. That’s why clients trust Mindsight as an extension of their IT team.
Visit us at http://www.gomindsight.com.
About the Expert
Mishaal Khan, Mindsight’s Security Solutions Architect, has been breaking and – thankfully – rebuilding computers for as long as he can remember. As a Certified Ethical Hacker (CEH), CCIE R&S, Security Practitioner, and Certified Social Engineer Pentester, Khan offers insight into the often murky world of cybersecurity. Khan brings a multinational perspective to the business security posture, and he has consulted with SMBs, schools, government institutions, and global enterprises, seeking to spread awareness in security, privacy, and open source intelligence.
