By Dirk Schrader, resident CISO (EMEA) and vice president of security research, Netwrix.
Ransomware is steadily increasing each and every year, with the healthcare and hospital industries suffering among the most. In 2021, we saw that “The healthcare sector is seeing the highest volumes of ransomware attempts, averaging 109 attempts per entity, every week.”
Why is this sector being targeted specifically? They hold extremely sensitive patient data and information. Hackers are working more diligently than ever to find data, threaten hospitals and providers, and even extort individuals themselves. With such a high amount of cybercrime, how can this sector protect itself and its patients? To start, by learning about security trends and working to implement them where they can.
Here are five security trends we’ll see more of in 2022:
Cybercriminals will be increasingly greedy.
In 2022 attackers will search for new ways to monetize the access to large data troves. This may lead to changes in the tactics, techniques and procedures of threat actors. They will begin to extort individuals rather than the infiltrated companies themselves. The healthcare industry is especially prone to this trend. The data generated and held by a healthcare sector is life-changing for many people and can easily be misused.
Consider this possible scenario: by extracting and aggregating personal data about hundreds of thousands of diabetic patients (34.2 million people alone are diabetic in the US), threat actors might try to ‘offer’ cheaper drugs to the individual patients, extracting money from a highly vulnerable group. If such a scheme can trick, let’s say, ten thousand victims to pay $500 for Insulin (instead of about $1,000 on average), the amount of money on the table is substantial.
Medical device IoT will create more security gaps.
More and more medical devices are being connected using vulnerable IP stacks or old webserver packages which cannot be easily patched as it would jeopardize the devices certification for medical use. In 2017, around 10 billion medical devices were connected to the internet, with an expected jump to 50 billion by 2027. While this connectivity has created so much opportunity for advances in the medical field, it has also created a new set of vulnerabilities.
Frequently, the task of configuring a medical device is considered done when it operates within the parameters of the medical process it is supposed to support or enable. Any additional security aspects are overlooked and often neglected. As long as these medical and IoT devices remain unmanaged, unmonitored and improperly updated, this exposure risk will continue to be exploited by threat actors throughout 2022 and beyond.
Cyber insurance costs will increase.
Cyber insurance is a growing requirement across all industries, and the healthcare industry is certainly not immune. Not only will we see increasing insurance costs in 2022, but policies will also mandate higher security standards. With insurance payouts becoming both more frequent and more costly, the cost of cyber insurance has already skyrocketed: prices rose 96% in the US and 73% in the UK for the third quarter of 2021 compared to the same quarter last year.
This will add new expenses to the healthcare organization’s bottom line. Providers may also risk costly breach exposure and brand reputation loss which can cost even more over time. Moreover, insurance policies will require implementation of critical controls that reduce the risk of cybersecurity incidents. With attacks becoming increasingly common, insurance companies will pay in exceptional cases only.
Legislation will increase as security incidents affect national security.
The impact of ransomware and other cyberattacks is no longer limited to just the victim company anymore; attacks are now affecting entire regions. For instance, attacks on critical infrastructures that might supply food or fuel have led to empty shelves in supermarkets and long queues at gas stations. Healthcare providers should be forewarned that they too are a target for threats targeting critical infrastructure breakdowns.
Therefore, we can expect that security requirements for healthcare organizations will become tougher. In particular, notification rules will be affected, as governments need more visibility into the specifics of cyberattacks in order to improve legislation. In some cases, governments may opt to use proverbial carrots as well as sticks, such as tax breaks that reward organizations that invest in cyber defenses.
Attackers will penetrate healthcare networks via residential home networks.
In the new era of working from home, more and more healthcare workers, both clinical and back office, are operating at least a portion of the time remotely. This increases exposure to healthcare networks. Because a home network is much easier to infect with malicious software than a professionally secured enterprise IT environment, it creates security gaps that can drive costly breaches.
With processing power and bandwidth connectivity in residences increasing, home networks will become more attractive to bad actors. For example, by infecting many devices, they will be able to change IP addresses or even domain names dynamically during malware campaigns, thwarting common defenses like IP blocking and DNS filtering. Healthcare IT teams should keep this new threat vector in mind when reviewing their security strategies and incident response plans. Moreover, healthcare organizations should seek to increase user awareness and best practices adoption to reduce the number of easy victims.
Even with cyberattack numbers rising, and threat actors finding new ways to exploit vulnerabilities, these healthcare providers and hospitals need to continue learning about cybersecurity issues, as well as revising their strategies and tactics to best thwart any attacks.
By staying educated on the changing nature of ransomware, they can put the measures needed in place to keep patient information safe. It is absolutely vital that this data remains secure. This in turn will protect patients and ensure that healthcare providers can spend their time doing what they do best – working to improve the health and wellbeing of their communities.