In the last year the world has become a hotbed for ransomware – organisations large and small have been hit, earning cybercriminals over £420 million in the first half of 2021 alone. Not only have ransomware earnings gone up, recent research from SonicWall has revealed that ransomware attacks have also soared. The volume of attacks over the first three quarters of 2021 reached 470 million, which was a 148% increase on the same period last year, making 2021 the worst year on record for ransomware. Today, ransomware is the face of cybercrime and it is a harsh reality hitting organisations and consumers by the minute.
It is therefore not surprising that another piece of research from Obrela Security Industries has revealed that 81 percent of UK healthcare organisations have experienced a ransomware attack in the last year, which resulted in 38 percent opting to pay hackers to free their data.
The same study also revealed that 44 percent of healthcare organisations chose not to pay the ransom demand but lost of their healthcare data as a result. Worryingly, only five percent of healthcare organisations were able to successfully mitigate a ransomware attack without losing any of their data.
These concerning figures highlight that healthcare organisations are increasingly being targeted by ransomware criminals, but very few have the resources to handle to threat. This is putting healthcare services at risk and could put people’s lives at risk as well, with the Obrela survey also revealing that 65 percent of UK healthcare organisations believe a cyberattack on their systems could lead to a loss of lives.
So, what makes healthcare organisations such an attractive target for cybercriminals, and is there a remedy to the threat?
The ransomware pandemic
The last year has been one of the hardest in history for UK healthcare organisations, which have navigating through the uncertainty and unknown of the global COVID-19 pandemic. However, attack data has revealed that while UK hospitals were under significantly increased pressure posed by the pandemic, cybercriminals saw this as an opportunity to target the industry.
According to reports, medical information is worth between 10 and 40 times more than credit card data on the dark web. Why? Because unlike financial information, healthcare data cannot be changed.Healthcare data can be used for almost anything from tax fraud, to opening bank accounts to stealing identities entirely.
In addition, when it comes to ransomware, cybercriminals understand that when healthcare systems are inaccessible hospitals will do anything they can to get back online so they can continue treating patients, even if it means paying a ransom to retrieve their data.
According to Obrela’s survey, 64 percent of UK healthcare organisations have had to cancel in person medical appointments because of a cyberattack on their systems, which highlights just how disruptive attacks are – not only making systems inaccessible, but also putting the physical care of patients at risk.
Ransomware attacks can make organisations to feel powerless, but in the case of healthcare their consequences can be far worse, from putting people’s lives at risk or costing millions of pounds to recover from.
It is therefore critical that healthcare organisations begin preparing for ransomware attacks and hardening their systems, so that when attackers do get it, the damage they cause is minimal. While there can be no guarantee of ‘absolute security’, nonetheless there are several things to keep in mind to minimise the impact of an incident, should it occur.
1. Conduct comprehensive and rigorous end-user awareness training on phishing and social engineering techniques. Not every member of the organisation will have the technical background to understand the implications of a malicious email, but everybody should understand that they are sharing a common cyber risk.2. Maintain regular backups of your files and configurations from a verified ‘safe’ state and ensure the backups are stored offline. It is crucial to ensure the integrity of these backups otherwise the threat will not be properly eradicated. 3. Leverage centralised log systems, such as a Security Information and Event Management (SIEM) system, to increase log retention and availability during an incident analysis. 4. Identify assets that store sensitive organisational and patient data and implement strong access controls along with proper network segmentation. The latter proves to be a challenge as the introduction of IoT medical devices forces network administrators to reconfigure firewalls and zones with strict policies, thus limiting their interconnecting functionality. 5. Implement strict identity policies regarding internet facing and remote services by using multi-factor authentication (MFA) for all remote access that’s internet accessible