Raj Sivaraju, President, APAC, Arete talks about the challenges faced by healthcare organisations and explores effective strategies for building a robust defense against threat actors
As the healthcare industry continues to digitize itself, the ever-evolving and increasing ransomware incidents pose a grave threat to patient outcomes and the security of sensitive data. The healthcare sector ranks fourth among the most frequently targeted sectors by ransomware, making it imperative to ensure a robust cybersecurity infrastructure. This article delves into the challenges faced by healthcare organisations and explores effective strategies for building a robust defense against threat actors.
Revealing the hidden aspect: Healthcare’s struggle in combating the escalating threats of ransomware incidents
The potential consequences of such incidents are deeply concerning, especially considering their impact on patients and the protection of sensitive personal health information (PHI). Recent statistics reveal that the healthcare sector accounted for 13 per cent of all ransomware incidents, while professional services topped the list with 35.8 per cent of cases. This trend can be attributed to the high demand for medical data in illicit markets, where it is exploited for identity theft, fraud, and other malicious activities.
Healthcare organisations, including hospitals and clinics, store vast amounts of confidential patient data, ranging from contact details and personal identification to payment information and PHI. While financial data can be frozen or replaced, medical histories encompassing diagnoses, test results, and treatment plans cannot be erased or undone. This realisation has prompted some threat actors to shift towards extortion-based methods, recognizing the increased profitability and reduced resource requirements compared to traditional ransomware incidents.
Navigating regulatory challenges: Healthcare providers’ battle against ransomware
In addition to these challenges, healthcare providers face the daunting task of navigating complex and ever-changing regulatory compliance requirements. Striking a delicate balance between safeguarding patient privacy, adhering to regulations such as HIPAA and GDPR, and delivering high-quality care poses significant challenges. Threat actors actively exploit providers who may have limited resources and budgets to manage these multifaceted responsibilities.
To counteract such ransomware threats, organisations must implement robust controls aimed at minimising the impact of potential compromises. Key measures include maintaining secure backups, adopting Multi-Factor Authentication (MFA), and deploying Endpoint Detection and Response (EDR) systems. These controls collectively contribute to the overall security posture of an organisation, helping to safeguard sensitive data and mitigate potential risks.
The paying game: MFA and backups as key factors in ransomware negotiations
Surprisingly, a recent study based on Arete’s case load revealed that less than one in four healthcare organizations had implemented MFA, while just over half performed regular backups. However, organisations equipped with an EDR platform exhibit higher effectiveness in reducing payment likelihood in the face of ransomware incidents.
While only 19 per cent of healthcare organisations had MFA in place, these organisations typically paid 34.4 per cent of the ransom demand, with a 52 per cent likelihood of paying. Similarly, those organisations demonstrating the ability to recover from backups paid just 30.5 per cent of the ransom demand, with a 52.2 per cent likelihood of paying. Organisations that solely relied on backups paid 41.9 per cent of the demanded ransom and had a 78.5 per cent likelihood of paying. This data indicates that having multiple controls in place will allow your organization to leverage the most negotiating power when it comes to a ransomware incident. Just performing backups isn’t enough to thwart attackers and lower payments.
From phishing to prevention: Strengthening healthcare’s defense against ransomware
Phishing incidents remain the most common method for initiating ransomware incidents in healthcare organisations, accounting for 50.5 per cent of observed cases. However, other techniques, such as exploiting valid accounts, drive-by compromises, external remote services, and replication via media, are less frequently employed, ranging from 14.1 per cent to 33.3 per cent of cases.
User training plays a crucial role in combating these threats, particularly by raising awareness of common social engineering schemes and fostering a culture of healthy skepticism. Additionally, defensive measures such as software configuration, antivirus/antimalware tools, network intrusion prevention, and web-based content restrictions can neutralise ransomware, even if a dangerous link or attachment is accessed.
The most effective mitigation techniques include data backups and behavior prevention on endpoints. It is crucial to emphasise the importance of demonstrating the ability to recover from backups as a critical aspect of mitigating such incidents and swiftly returning to normal business operations. Operating system configuration is moderately effective, but system design emphasising efficiency and safety should be prioritised.
Enhancing healthcare cybersecurity: A call for action and resilience
Threat actors have increasingly targeted medical service providers in recent years as the healthcare industry embraces digital technologies. It is imperative for organisations to proactively address these challenges by prioritising prevention and visibility.
CISOs and technology leaders must work diligently to fortify their cybersecurity postures, safeguard patient PHI, and ensure uninterrupted care. Healthcare providers can achieve transparency across critical endpoints and effectively protect sensitive patient data by implementing a robust security platform tailored to their needs. In an ever-evolving threat landscape, healthcare organisations have the opportunity to establish a resilient cybersecurity infrastructure that will help them withstand data breaches and ransomware attacks.
- Advertisement -