Manish Dangwal, Regional Vice President-India, OpenText emphasises that the incident at AIIMS is a precursor to what could emerge on a larger scale in future if healthcare providers do not ensure a foolproof approach to security
India’s most highly respected and pioneering medical institute, the All-India Institute of Medical Sciences (AIIMS) in New Delhi, recently reported a systems outage due to a suspected ransomware attack. The premier government hospital, known for its advanced medical science processes and practices, said that its e-hospital system went down, which affected the operations of the hospital including billing, appointment scheduling and other associated systems. The attack which reportedly exposed the hospital records of 40 million patients, crippled the hospital’s service capability, forcing it to resort to manual operations for several weeks until it could restore its online systems.
The incident at AIIMS is a precursor to what could emerge on a larger scale in future if healthcare providers do not ensure a foolproof approach to security. According to media reports, India’s healthcare sector was one of the most frequently targeted sectors for cyber criminals in 2021 with hackers using increasingly sophisticated methods to target prized information including personal data they believe they can find buyers for on the dark web or hold targeted organizations for ransom until their demands for payment are met.
Hackers view the healthcare sector as fertile ground for their nefarious online activities, as most service providers in the healthcare domain have outdated systems, unpatched software tools and badly managed networks. Once the frequently weak defenses are breached, the bounty on offer is a treasure trove of personal, financial and healthcare related data.
The rise of ransomware
While spear phishing and credential thefts have increased in propensity, such attack forms are becoming relatively less common compared to the phenomenal rise in ransomware attacks. Recent research studies suggest that cyberattacks—many tied to ransomware—focused on healthcare organizations have increased as attackers have taken advantage of opportunities created by increased digital access to health data and systems through the pandemic.
For healthcare service providers, the costs related to a ransom demand can be huge. Whether or not a ransom is eventually paid, the operational impact and associated costs of not being able to function as normal can be huge Cybercriminals are taking advantage of the increasing number of attack vectors that are available to them. For the healthcare sector, this means hackers targeting common domain technologies like EMR and financial systems, as well as imaging machines and phones.
Ransomware becomes more sophisticated
Today, cybersecurity is not related to companies alone. With nation states being involved in cyberattacks, and the increasing availability and affordability of ransomware-as-a-service, where different threat actors collaborate to exploit the power of technology, ransomware is becoming far more prevalent. Ransomware has also evolved from just spreading through the phishing approach. A majority of ransomware attacks now happen as a result of unpatched software or exploitation of system vulnerabilities. Ransomware approaches have in parallel become increasingly diversified with a huge number of variants being reported. Ransomware authors have also evolved from using a mass approach to using a human-directed one where the weakness and value of the target is studied before the ransomware attack is launched. For example, in October 2022, the US-based Cybersecurity and Infrastructure Security Agency (CISA) warned of a new ransomware hacking group called the Daixin Team, which specifically targeted healthcare service providers to gain access to patient records.
Increasing vigilance
As hackers evolve their tactics, healthcare service providers must also take active steps to improve their strategies, processes, and skillsets to ensure a proactive defense. Systems must be regularly updated and user access to systems must have multi-factor authentication. Steps must also be taken to disable ports not in use, while access to applications and data must be restricted with a least-privilege perspective. All data (especially at collection points) must be secured by ensuring a policy of “data in rest and in motion” is followed. Monitoring tools must be used to evaluate if medical devices or machines are showing any deviations in performance. Access of third-party vendors must be regularly evaluated and reviewed for any suspicious activity. More importantly, awareness training, covering the risks of clicking on suspicious links must be regularly held, to ensure that users are aware of the dangers of clicking on dangerous links. For healthcare firms, the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework can be a good and effective guide for ensuring security.
The dangers of a breach in security for healthcare security service providers are huge, as numerous incidents in India and abroad have shown us. It has become more critical than ever for healthcare service providers to invest the time and resource into taking a proactive approach to defending themselves from bad actors and to minimize the chances of becoming the next victim.