Three ways Australian healthcare providers can ride out the ransomware wave

As if coping with COVID-19 wasn’t enough of a challenge for the healthcare industry this year, in mid-November the Australian Cyber Security Centre (ACSC) issued a warning of an onslaught of ransomware attempts being launched by malicious actors against the Australian healthcare sector to extract valuable hospital data. Successful ransomware attacks can disable critical systems, which in a hospital could result in a life-threatening situation.

For instance, in September a ransomware attack in Dusseldorf, Germany, resulted in a hospital patient’s death. The death was caused by a delay in treatment, with the ransomware-crippled hospital being forced to transfer the patient to another facility.

So what are the risks?

An ACSC report published in October revealed that the healthcare industry is the most targeted sector by ransomware in Australia. But the sector has long been ripe for ransomware and other cyber attacks. And with decentralised operations across hospitals and healthcare providers, and exponentially growing volumes of patient health information being captured and stored electronically, the industry has become an increasingly appealing target.

No doubt the onset of COVID-19 has also, in many ways, accelerated the threat of ransomware within the sector. The sudden onset of the pandemic forced healthcare providers to very quickly set up emergency COVID-19 facilities, with little time to plan out robust IT security infrastructures to protect these facilities. On top of that, the almost overnight shift to telehealth and remote working meant scores of new security gaps were opened — and discovered by attackers just as quickly.

Attacks are getting more targeted

Attackers are continuing to evolve their ransomware tactics. Now instead of large-scale, brute-force attacks, ransomware attackers have rapidly shifted to more focused, strategically planned and executed strikes, resulting in more precise attacks that are harder to detect and defend against. This is no assembly-line, mass-produced product; this stuff is the craft beer of malware.

Hospitals are the perfect target for attackers as they can’t afford to have their systems down because losing data can literally cost lives. Nor do they have the dedicated IT security teams of other enterprises to adequately defend against or even detect ransomware attacks.

So how do they respond? Here are three key steps every healthcare provider needs to undertake to get ahead of their growing ransomware problem.

1. Check your cyber hygiene

Knowing where your vulnerabilities are is critical given the pace at which ransomware attackers are able to strike. If a target opens a phishing email attachment, it only takes a little over three hours for the cybercriminals to begin performing recon across the target’s network. Within a day, they’ll have begun deployment of their ransomware package. Servers with Remote Desktop Protocol (RDP) enabled, unpatched web servers and a lack of multifactor authentication for logins are all common and key weak points that attackers will exploit.

But this is as much an awareness issue as an IT one. Anyone in the organisation that sends an email, has a password or uses a device to log onto a network needs to know and practise basic cyber hygiene, including creating stronger passwords and knowing how to spot spear-phishing emails. If they don’t know what that means, they need to be taught. The security of a hospital’s network is only as strong as its weakest password.

2. Conduct company-wide cybersecurity training

IT security isn’t just the responsibility of security professionals; it’s something that every employee can, and should, partake in. Everyone has to know what spear-phishing emails and what attachments look like. This is especially important as phishing is a major vehicle for ransomware delivery and has become particularly acute during the pandemic, with a major uptick in phishing emails that infect hospital networks by co-opting names resembling legitimate health organisations.

3. Deploy lightning-fast incident response

Ransomware moves fast, so healthcare providers need to be able to move faster. The speed of your incident response is critical; it’s the difference between an executed or thwarted ransomware deployment — and potentially life or death for patients. Employing the use of an incident response team provides the lightning-fast edge that healthcare providers need to stay a step ahead of ransomware gangs, minimising the damage done to their networks, recouping otherwise lost costs, reducing recovery time, and ultimately helping to preserve the speed and quality of patient care — even potentially saving lives.

Ransomware attacks pose a constant critical threat to the healthcare sector. However, the threat is heightened when services are already under pressure from COVID-19. Now is the time for hospitals to be aware of not only invisible biological threats, but the very real cyber ones, too.

Image credit: ©stock.adobe.com/au/18percentgrey