Extortion is about leverage. The more leverage you can attain, the greater the chance that an extortion attempt will prove successful. A ransomware attack is a classic example of an extortion maneuver. A ransomware gang encrypts the systems and data repositories that an organization’s business operations depend on. At that point, everything grinds to a halt. Once everything is encrypted, company leadership is faced with two options. Either pay the ransom and hope that the criminals make good on their word to provide the decryption keys, or hope that the company’s incident response plan can restore everything to its pre-attack status within a reasonable amount of time. In most cases, the costs are restricted to a financial hit to the business, and inconveniences for its customers.

The Human Element of Extortion

While the risks of financial loss and reputational damage are powerful, the risk of human tragedy is the ultimate leverage. This is why terrorists conduct attacks that target innocent people. It is also why ransomware criminals target healthcare organizations. Medical organizations provide critical services that cannot afford to be interrupted. When the network systems of a hospital are taken down, the lives of patients are potentially at risk.

It is this human element that puts significant pressure on an organization to pay a ransom quickly to restore services. This is what makes ransomware attacks on healthcare organizations so formidable and why there are strict industry regulatory requirements placed upon the industry that healthcare organizations must comply with. According to a 2022 survey conducted by the Ponemon Institute, 45% of healthcare IT professionals said their organization experienced a ransomware attack that resulted in a disruption to patient care.

The Perfect Storm

Unfortunately, there are additional factors on top of the risks to patients’ lives that make the healthcare industry such a desirable target for ransomware criminals.

• Affected outreach

The net is very wide. Like banking, everyone at some point in their lives depends on a healthcare provider. Nearly 50 million Americans were affected by a data breach of health information in 2022 alone. In fact, all the 11 largest health data breaches in 2022 affected at least one million people according to data compiled by the U.S. Department of Health & Human Services.

• Data exfiltration

Healthcare organizations host large amounts of personal information about their patients. This type of sensitive information has a lot of value on the black market, otherwise known as the dark web. Many ransomware attacks involve the exfiltration of data just prior to the encryption phase of the attack. This provides the attackers with yet one more way to extort a ransom if the organization’s IT department can restore services to their operational status.

• Various touchpoints

While the purpose of every network is to share data and resources, organizations that provide services to patients take the concept of sharing to a copious level as data must be readily shared with medical staff, patients, family members, pharmacies, and insurance companies. This creates a lot of touchpoints that attack avenues that must be secured.

• Integrated complexity

The IT systems of many healthcare organizations are highly complex fabrics of interconnected systems and devices such as electronic health records, diagnostic tools, medical devices, billing systems, and patient scheduling software. This integrated complexity hampers visibility and creates blind spots that increase the vulnerability of the overall attack surface. 

• Legacy systems

Medical organizations rely on many legacy systems and outdated protocols. Many medical devices either run proprietary or outdated operating systems that cannot be easily updated or patched according to proper security practices. Often these devices were designed without any thought about security. Many systems rely on protocols that have been deprecated due to their inherent vulnerabilities.
It is not a stretch to refer to a ransomware attack on a healthcare organization as the perfect storm as attackers have more leverage than normal to levy on organizations that host greater vulnerability.

The Numbers Are Real

The concept of this perfect storm is not a hypothetical exercise. The scenario is very real.  According to the 2021 HIPAA Journal, 82% of healthcare organizations experienced a cyberattack on medical devices in 2020/2021. Another report compiled by Check Point Research showed that healthcare organizations experienced 1,426 attacks per week in 2022. That is a 60% increase over the previous year. These cyberattacks came in many forms including data breaches, ransomware attacks, and Distributed Denial of Service (DDoS) attacks.

Ransomware is the biggest threat though as Check Point Research showed that the healthcare sector was the most targeted industry for ransomware during the third quarter of 2022, with one in 42 organizations impacted by such attacks. The prominent instances of these attacks was further substantiated by the FBI whose Internet Crime Complaint Center (IC3) released a report showing that of the 870 ransomware attacks levied against the 16 most critical infrastructure sectors in the country, 210 were targeted at healthcare organizations.

Greater Visibility With a SOC Can Help Solve the Problem

There is no doubt that the attackers have an inherent advantage involving these attacks. So how do we go about evening the odds, or even prevent these attacks all together? If the goal is prevention, then early detection is critical and that means greater visibility. In order to keep a medical provider focused on its mission to serve its patients, health sector organizations can acquire the expertise of a third-party security operations center (SOC) such as CYREBRO.

Outsourcing SOC capabilities gives your organization the ability to leverage toolsets and skill sets that many organizations can’t provide internally. A SOC connects to all your security technologies, providing full visibility into all your security events. While visibility itself is essential, preventing attacks at their earliest stages requires the ability to prioritize events. Because SOCs witness so many types of attacks, SOC analysts have the experience to interpret noise from imminent threats. In the case of CYREBRO, our proprietary detection algorithms allow us to strategically monitor and analyze security events with real context on a 24/7 basis.

The stakes are higher when it comes to the healthcare sector, which means that the cybersecurity bar needs to be set higher as well. It is time that we begin reversing the trending acceleration of attacks on the industry so that attackers not only are prevented from impacting the digital operations housed within these organizations, but the very lives of the patients who depend on those operations.