Defending Healthcare Facilities Against Ransomware Attacks

As ransomware attacks and tactics evolve, healthcare facilities must be aware of what threats exist and how to stay secure.

By Jeff Wardon, Jr., Assistant Editor


Cybersecurity in the healthcare space is a prominent topic as cyberattacks continue to assault healthcare organizations daily. Worse, cybercriminals are constantly changing how they operate and execute their attacks, making adapting to their methods difficult.  

The biggest change in their tactics is the increasing use of ransomware, according to Errol Weiss, chief security officer at Health-ISAC. Not only that, but Weiss says healthcare organizations are also becoming more vulnerable to cyberattacks due to a lack of investment in cybersecurity and IT in general.  

“I think there's a perfect storm in healthcare where we've got an already cyber vulnerable population out there because of the lack of cybersecurity investment,” says Weiss.  

With an underfunded IT department, organizations may have systems that are not properly protected or backed up. This could lead to a ransomware actor taking a healthcare facility completely offline because the organization can’t restore from a backup. In situations like this, organizations may feel compelled to pay the ransom in order to get their systems back online and not compromise care.  

Different levels of threats 

Ransomware can be used to extort healthcare organizations on multiple levels. Double extortion, where cybercriminals not only take systems offline and hold the data for ransom while also stealing data and threatening to release it to the public, has become more commonplace, Weiss says. Then there’s triple extortion, where the cybercriminals use distributed denial of service (DDoS) attacks to take an organization’s main website offline and keep it that way unless the victim pays. 

It doesn’t end there, though, as Weiss says there is an additional type called quadruple extortion. 

“Within the last year, we've seen many more instances of what they will call quadruple extortion, where they're going after the patients themselves,” says Weiss. “So, they steal the data, and they know which patients are in the records they have access to. They may even have their e-mail addresses. Now, they go back to the patients and threaten to release their personal information unless that patient victim pays the attackers directly.” 

However, there are ways for healthcare organizations and facilities to protect themselves from these sophisticated attacks. 

Weiss says there are three key areas for healthcare organizations to focus on: staying up to date on patches, backing up systems and using multifactor authentication (MFA).  

The Cybersecurity and Infrastructure Security Agency (CISA) has created a catalog called the Known Exploited Vulnerability List.  The resource determines the areas that are being exploited, what vulnerabilities there are and how cybercriminals are taking advantage of these weaknesses to attack. Weiss says to pay attention to this list when prioritizing what to patch and to stay ahead of the network vulnerabilities. 

When backing up systems, facility managers need to ensure that connections are valid and reliable so that the organization can quickly rebuild the system from the ground up if something goes astray.  

“One of the challenges that we've also seen is they think they're backing up, but they've got some corruption, or the bad guys broke in already, meaning the backups have been tainted ever since,” says Weiss. “So, make sure the backups were done on a regular basis.” 

Jeff Wardon, Jr., is the assistant editor for the facilities market. 



September 19, 2024


Topic Area: Information Technology , Security


Recent Posts

Communication is Key for Hospital Renovation Projects

Communication goes beyond patient care.


PeaceHealth to Acquire Four Providence Clinics in Washington

The four clinics will provide new services and offerings to PeaceHealth’s network.


Six Challenges of Modern Healthcare Leadership

From technology and staffing to project management, managers must ensure efficient operations and high-quality patient care.


Work Begins on New UCSF Health Helen Diller Hospital

The new facility is expected to be complete in 2030.


Making Healthcare Lighting More Energy Efficient and Sustainable

Lighting manufacturers discuss the latest developments to make lighting more eco-friendly.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.