The omnipresent ransomware threat is changing how healthcare organisations approach cybersecurity — from formalising practices in an effort to obtain cyber insurance coverage to improving their ability to restore encrypted data after attacks. But as cyber attackers lean heavily on third-party vendors and suppliers to extort ransoms, remaining gaps across healthcare security frameworks are coming into focus, including a lack of identity security controls for securing and managing privileged accounts and third-party access.
Healthcare is Ransomware Attackers’ Top Target
According to the FBI, healthcare remains the most targeted industry by cyber attackers, and based on the findings of the CyberArk 2022 Identity Security Threat Landscape Report, the average healthcare organisation faced two or more ransomware attacks over the past year.
While ransomware is far from new to the sector, attacks continue to grow in sophistication and scale.
Cyber criminal organisations have increasingly been heading toward the ‘as a service’ model for some time. The dark web is now teeming with darknet marketplaces such as AlphaBay and underground forums where threat actors can sell or lease malicious tools and services. It is through these marketplaces that cyber attackers with little malware development experience can find virtually anything they need directly off the shelf, paying anonymously with cryptocurrency.
The most lucrative “cyberattack-as-a-service” model is ransomware. Threat actors develop ransomware-as-a-service (RaaS) affiliate models either to be sold to profit off extortions or to hire others to do their dirty work.
Examples of recent ransomware attacks on healthcare organisations
Taking a Broader View Across the Healthcare Supply Chain
In the healthcare field, it’s common to view ransomware and other cyber threats as they relate to the electronic health record (EHR). However, healthcare organisations should consider a more comprehensive approach that includes everything from software, to connected devices, legacy systems, and anything across the network.
Maintaining healthcare service continuity involves better assessment and management of cybersecurity risks associated with third-party vendors across healthcare supply chains. To that end, Singapore’s Ministry of Health outlined several best practices that allow organisations to overcome challenges related to cybersecurity risk by using third-party IT assets.
In its Healthcare Cybersecurity Essentials report, some of the measures include:
1. Creating an inventory of all IT assets including those provided by third party vendors, so that health care providers will know where they can prioritise their cybersecurity.
2. Understanding how the assets work including how data is collected and processed, the safeguards that are in place and contractual agreements in the event of a breach. Users of third-party IT services should also know about what services and security practices the vendor can provide as well as train staff on how to properly use new software so that they do not expose the system to cyber-risks.
3. Checking up on vulnerability reports and alerts. Healthcare providers should be aware of new cyber threats that can affect their third-party software, devices or assets since these assets can expose systems to various cyber threats, such as compromising database integrity, allowing unauthorised access and data breaches.
4. Work with third-party vendors on implementing cybersecurity measures. Healthcare providers should also work with third-party vendors in installing new security programs such as installing and configuring firewalls, implementing security controls to restrict unauthorised traffic and using security patches from third-party security providers.
In addition, Singapore plans to expand the Cybersecurity Act to improve awareness of threats in cyberspace, protect virtual assets that support essential services, and include non – Critical Information Infrastructures (non-CIIs )that play an important role in the digital economy. It is also looking to update the Cybersecurity Code of Practice for CIIs, which includes the healthcare sector, to help CIIs improve their defence against more sophisticated cyber threats, including ransomware.
The role of intelligent privileged controls Privilege escalation is the No. 1 attack vector of risk for healthcare organizations today. Using stolen credentials, attackers can begin moving through systems looking for opportunities to escalate privileges and exploit powerful privileged accounts to install ransomware.
Extending critical Identity Security practices to include privileged access management should top healthcare organizations’ action list. Doing so can help protect against ransomware and dramatically drive down risk across the supply chain by enhancing visibility and control over privileged accounts, isolating and monitoring privileged activity, removing direct access to tier 0 systems, and minimizing credential exposure and privilege escalation opportunities.
Organisations should also adopt Zero Trust identity security programs that deliver measurable cyber-risk reduction by continuously authenticating the user’s credentials before accessing an organisation’s applications, infrastructure, and data across a variety of environments.
Because of the critical nature of healthcare services, providers must adopt a mature cybersecurity posture that provides a high level of resiliency, not just to protect not only their services, but also their patients. Having a weak cybersecurity posture can cripple healthcare services, which will lead to severe injury or death. With the right measures in place, healthcare providers can be assured that they continue treating their clients, even in the face of an imminent cyber threat.