By Greg Mancusi-Ungaro, BrandProtect
Hardly a week goes by without a hospital, healthcare provider or health insurer falling prey to some form of ransomware — a big problem that is only getting bigger. Leading hospitals such as Hollywood Presbyterian Medical Center, MedStar Health’s Union Memorial Hospital in Baltimore, MD, and Methodist Hospital in Henderson, KY have fallen victim to these attacks. The recent Verizon Data Breach Investigations Report (DBIR) saw ransomware attacks rise 16 percent overall this year and, according to Brookings Center for Technology Innovation study, 23 percent of all data breaches occurred in healthcare, tripling over the last two years alone.
What Makes Healthcare A Prime Target?
Healthcare organizations are a large target for many reasons. First and foremost, they possess extremely valuable assets including the personal, family, and billing information of their patients. EHRs contain virtually complete personal identity portfolios including social security numbers linked to names and birthdates, parent’s names, maiden names, physical and email addresses, children’s names, and, in some cases, complete information of close friends. They are the holy grail of the identity theft world. With this personal information, criminals can apply for credit cards or mortgages, submit state and local tax returns, and more.
Second, the available attack surface in the healthcare industry is very complex. The healthcare industry contains many different organizations that have, over the past few years, moved to electronic systems. Today’s healthcare network — phones, tablets, laptops, desktops, networks, data formats, communications protocols, and access points — are connected together in a complicated, semi-integrated way. Not only is this amalgamated network challenging to maintain, it creates massive opportunities for compromise. Cybercriminals know this, and routinely try to exploit it.
Finally, hospitals and regional medical centers are critical resources. When their operations are interrupted, it may truly be a matter of life and death. This built in-urgency makes them a prime target for sophisticated ransomware attacks.
Socially Engineered Attacks More Sophisticated Than Ever
Faced with a rapid increase in the number and sophistication of the cyber criminal’s exploits, healthcare security leaders have raised cyber protection to the top of their lists. At last year’s BlackHat conference — a gathering of security experts and leaders from across all industries — CISOs ranked social engineering and phishing exploits just behind direct attacks and breaches as their highest ranked pain point. Internal initiatives, including better educational programs, more timely backup, and aggressive cyber threat monitoring can blunt the impact of these external attacks.
The technology behind the actual malware is evolving rapidly. At the same time, the criminals seem to be price-testing the market to find the ransom sweet spot that enterprises are willing to pay. The original ransom demand at Hollywood Hospital was $3 million, but it was negotiated down to $17K, payable in bitcoin. It’s a dirty, ugly business.
Truth be told, ransomware is not really that sophisticated. It is just very effective. Where criminals have upped their game is effectively delivering ransomware into their targeted organizations. How do they do it? Social engineering.
The criminals target their attacks carefully, using publicly available data about professional networks such as LinkedIn, Spokeo, Hoovers, DiscoverORG.com, and other publicly available resources to create plausible emails. These emails are designed to come from executives who are known to the recipients and sometimes cover current business or industry issues, with an eerie familiarity. This greatly raises the likelihood that recipients of these emails click on the link, or open the attachment, springing the trap. According to the latest Verizon DBIR, 30 percent of all phishing emails are opened by their targets and 12 percent actually click on the dangerous link or attachment.
3 Tips For Preventing Modern-Day Spear Phishing Attacks
It is clear criminals are improving their technique, so it is essential healthcare CISOs up their game, too. How to do this effectively?
Cyberattacks against the healthcare industry are on the rise. The urgency around the operational integrity of healthcare infrastructure, plus the unique value of EHRs and other health data means there is no end in sight for these attacks. Ransomware is gaining notorious headlines, but malware attacks and other incursions that lead to breaches are also increasing in frequency. CISOs have opportunities to stay a step ahead. Educational programs for doctors and for staff members are critical, but they are not enough. Proactive cyber monitoring, particularly around MX-record activation, can help to slow the most dangerous socially engineered attacks from ever reaching their intended target.
About The Author
Greg Mancusi-Ungaro is the chief marketing officer for BrandProtect, a leader in cyber threat monitoring, intelligence and mitigation services. He is a frequent author and speaker, and a constant evangelist on cyber security issues, the changing nature of the modern threat landscape, and the emerging technologies that look beyond the perimeter to drive enterprise defenses against cyberattack. He blogs regularly on cyber threat and cyber security at info.brandprotect.com. For more information, email Greg.