Why healthcare providers need to brace for more ransomware attacks
When it comes to cybercrime, online attacks often follow seasonal trends. So as the kids head back to school, it’s safe to assume that cybercriminals have learned and developed some new ransomware tricks that will be coming to a computer near you this fall.
Most healthcare organizations are probably not prepared to deal with this new wave of attacks. Among the endless flow of sensational cyberattack headlines including NotPetya and the Erie County Medical Center, it’s easy to become numb to the threat of ransomware—choosing to believe that your organization is either too small to be a likely target or that your existing cybersecurity measures provide adequate protection. Unfortunately, this optimism has led to the peril of many healthcare providers and, in turn, the patients they serve.
The biggest cybersecurity concern used to be hackers invading healthcare systems to steal sensitive patient data and then selling it to the highest bidder. But today, one of the easiest assaults on a computer system is ransomware—a debilitating attack through which an anonymous criminal encrypts your files and then forces you to pay them whatever amount they request in order to regain access to your system—and all the important files it may contain.
SonicWall recently reported there have been 181.5 million ransomware attacks during the first six months of 2018, which marks a 229 percent increase over this same time frame in 2017. Encrypted threats are up 275 percent over last year.
Why has ransomware become the primary cyber threat out there? Most experts point to four primary factors:
Smaller healthcare organizations are an easy target for hackers because most don’t have adequate financial or technical resources to defend themselves against the onslaught attacks. According to Cryptonite, healthcare organizations have reported an 89 percent year-over-year increase in ransomware attacks.
No healthcare provider wants to be a victim of a ransomware attack, but cybersecurity is a complex problem that requires multiple layers of defenses. Many healthcare organizations feel they can’t afford to keep their practice safe because it typically requires deploying sophisticated endpoint technologies such as antivirus, anti-malware software and firewalls to keep intruders out and then hiring resources to keep up with frequent software, data backups and equipment security updates, as well as providing security training for staff.
Industry experts estimate that an organization with 50 employees may have to spend upward of $50,000 to have the best possible protection against cyberthreats and then thousands of dollars each year to keep everything up to date. But even when organizations make this investment in security, they might still have a breach.
Hackers are becoming extremely resourceful and have found ways to circumvent even the most advanced antivirus and anti-ransomware solutions. These solutions cannot protect against Fully UnDetectable (FUD) threats that were conceived by cyber criminals to directly evade existing security layers and harm data.
Recent Tenable research reveals, “cybercriminals have a median seven-day window of opportunity during which they can exploit a vulnerability to attack their victims.” Ponemon’s 2017 State of Endpoint Security Risk Report suggests that 69 percent of organizations don't believe their antivirus can stop the threats they're now seeing. Even FireEye reports “…in 100 percent of the breaches to which [they] responded… firewalls and antivirus protections were up to date.”
Antivirus software monitors for the signatures of known threats, so it can’t deal in real-time with all of the fresh attacks constantly evolving in dark web incubators. Other behavior-based security approaches use machine learning to identify threats. For example, if an email attachment tries to access a large number of files quickly or an unexpected file starts encrypting files, a behavior-based approach tries to shut it down. Today’s attackers simply avoid detection by changing the predictable characteristics of ransomware—slowing down or randomizing encryption or lying dormant for a period of time before executing the attack.
Although a focus for most industries, healthcare has not yet applied the concept of capability to physicians. Find out why capability might be as influential as explaining physician performance as it is in other service industries here.
To close this gap, healthcare organizations are adopting new forms of defenses that use Mirror Shielding technology, which enables users to recover files when other malware defenses, like antivirus and anti-ransomware software, fail. Unlike antivirus tools, new Mirror Shielding technologies aren’t dependent on signatures of known threats and don’t require users to download software updates to effectively protect and prevent malicious attacks.
Mirror Shielding makes an attacker believe he or she has taken control of an organization’s data files, but the attacker is seeing a mirror image of the system and does not have actual possession of the data. In the event that a user receives a ransom demand or notices that the files have been unintentionally altered, the user simply clicks a button and reverts back to the original files. Multiple revisions of the file are stored so that users can go back to the right version. This groundbreaking technology doesn’t require a backup procedure, so there is virtually no impact on computer performance.
As attackers get smarter, so must defenses. Taking a wait-and-see approach is becoming too risky. While there aren’t any silver bullet solutions that will complete eradicate all cyberthreats, healthcare organizations finally have the equivalent of a do-over button when things do go wrong because of a ransomware attack. With this assurance, healthcare organizations can continue to focus on treating patients and revenue generating activities instead of scrambling to recover their files if they get caught by the latest ransomware threat this fall.