Although they may seem different environments, the field of health is treated in the same way as an industrial environment, or at least it should be. We rarely relate the importance of digital security treatment in health-related environments, but they are just as important and critical as industrial ones, after all, our lives depend on it.

Increasingly, criminals are attacking healthcare environments with ransomware.

There has been a fairly substantial increase in the number of cases of attacks on hospitals and healthcare-related data centers.

“A survey of 318 organizations from 31 countries conducted earlier this year by agency Vanson Bourne for Sophos found that 66% reported being hit with ransomware”

If in 2018 there were 500 publicly confirmed attacks on healthcare organizations around the world, their new report finds that attacks have risen to 13,000 facilities affecting almost 49 million patient records.
With a cost of 92,000 million $, and payments to hackers are estimated at almost 44 million $.

In addition, there is a shift away in attacks from large corporations to smaller ones, which are more unprotected, such as clinics, primary care centers and rural hospitals.

What makes these facilities so vulnerable?

While industrial environments can power down systems, reboot them, and even temporarily shut down, healthcare environments have an imperative to stay active while restoring systems as quickly as possible. Obviously, the larger the organization, the more vulnerable and critical, since more critical aspects will depend on the capacities of each center.

"Organizations targeted by ransomware groups are often targeted for the C (confidentiality) and A (availability) of the CIA pyramid," he says John. Fokker, head of threat intelligence at the Trellix Advanced Research Center.

"Unfortunately, healthcare organizations can be affected both in their availability through an encryption attack, and in their confidentiality through data theft and leak extortion, due to their HIPAA compliance," he says.

We have an example in the CHSF Hospital Center in Coberil-Essones, near Paris In August he suffered an attack in which; The hospital's IT, imaging, and other systems were down for weeks, and the attackers demanded a cryptocurrency ransom worth millions, which the hospital refused to pay.

"The actual architecture of a healthcare organization tends to be more challenging than a normal enterprise," says Bill Siegel, co-founder and CEO of ransomware incident response firm Coveware. If a business is hit with ransomware and 100 laptops are locked down with encryption, IT can often just replace the laptops. In a hospital, that is often not the case.

Ransomware: main attack vectors.

A variety of tactics are combined to achieve the objectives. From "phishing" emails, active scans for known software vulnerabilities, credential access, "Man in the middle" or even through brute force.

According to Peter Mackenzie, Sophos Response Manager:

"It's depressing how amateurish some of these attacks are, but they work," he says, adding that attackers sometimes watch YouTube videos to learn how to use highly automated tools.

During the pandemic, it seemed that an attempt was made to prevent this type of attack on health settings, but after the end of this and with the current geopolitical environment there has been a significant upturn.

Summary.

As we can see, we cannot neglect the health environment. It is as critical as a power plant or nuclear power plant. But recovery is slowed by not being able to shut down systems, as they are literally vital.

Unlike attacks on industrial facilities, which are usually directed, in the health environment they are of the "shotgun attack" or massive type, simultaneously attacking various organizations, and waiting for the result of it to continue deploying.

Source of the original article here

Christian Perez Perera