By Ilia Sotnikov, vice president of product management, Netwrix.
New warnings from the FBI report “an increased and imminent cybercrime threat” to U.S. hospitals and healthcare providers. Experts say the ransomware, called Ryuk, was seen by at least five U.S. hospitals in October. This isn’t unexpected.
In fact, recent research has found that every third healthcare organization experienced a ransomware attack during the past few months. This is the highest exposure across all industries surveyed, above education, finance and public sector. It has disrupted patient care at up to 510 facilities.
So with cyberattacks in healthcare at their peak, it’s time to take heed. Particularly since ransomware in the healthcare sector not only impacts money and reputation, but also human health and lives. And with the current pandemic, healthcare organizations are more vital and fragile than ever.
Today’s healthcare strongly depends on IT; without access to health data and IT systems, doctors cannot provide treatment to patients or make decisions. What is worse, if intensive care units and life-support devices, which are typically connected to the network, are blocked by ransomware, this puts lives of critically ill patients at risk. Such a damage is incomparable to losses in terms of reputation and money, but these still follow as well for healthcare organizations just as they do in other industries.
One of the common reasons why the healthcare industry is vulnerable to ransomware is the frequent use of legacy systems that can be easily exploited by hackers. Making hospitals even more vulnerable to cybercrime is that their IT departments are understaffed. This makes them prone to errors, particularly as they face additional pressure and the demand to support remote work due to pandemic.
In fact, 39% of healthcare organizations suffered from admin mistakes during the past few months. Such mistakes might include improper configurations changes or failure to install updates in a timely manner, which result in vulnerabilities.
The sad reality is that any hospital might fall a victim of ransomware. Therefore, it makes sense to get ready to the worst scenario, taking under consideration the shortage of resources that organizations in the health sector face. Here are five major areas to focus on:
Netwrix, a cybersecurity vendor that makes data security easy, released predictions about key trends that will impact organizations in 2021 and beyond. Most of them arise from the digital transformation and new workflows required by the rapid transition to remote work in 2020.
Ilia Sotnikov, cybersecurity expert and Netwrix vice president of product management, recommends that IT and security professionals refine their risk management and business continuity strategies with these seven predictions in mind.
Ransomware will do more damage to motivate payments
Next-gen ransomware will be designed to do damage that is more difficult to recover from in order to force organizations into paying the ransom. One example is “bricking” devices by modifying the BIOS or other firmware. Cybercriminals will also be expanding to new targets, such as operational technology and IoT devices, which may have a much more visible impact on the physical world.
Cloud misconfigurations will be one of the top causes of data breaches
A lack of clear understanding of the shared responsibility model due to the rapid transition to the cloud will backfire in 2021. The speed of transition coupled with prioritizing productivity over security has made misconfigurations inevitable, resulting in overexposed data.
Hackers will increasingly target service providers
The shortage of cybersecurity experts will lead more organizations to turn to managed service providers (MSPs). In response, hackers will conduct targeted attacks on MSPs in order to get access to not just one organization but all of the MSP’s customers.
The rapid digital transformation in 2020 will have a delayed impact on cybersecurity in 2021
In 2020, organizations were forced to quickly adapt to new ways of working and implement new technologies; and through their own admission via the upcoming Netwrix survey with little experience and nearly no time for planning and testing. In 2021, the security gaps caused by the inevitable mistakes during this rapid transition will be exploited, and we will see new data breach patterns like the recent Twitter hacks.
By Ilia Sotnikov, vice president of product management, Netwrix.
On February 21, UConn Health reported that personally identifiable information (PII) from 326,000 patients was compromised. A malicious third party illegally gained access to several employee email accounts that contained patient names, dates of birth, Social Security numbers, addresses, and limited medical information, such as billing and appointment information.
What is most important about this data breach is that the hackers were not necessarily looking for patient medical records — they seem to have been looking for any personal information they could steal. That vividly illustrates the importance of having stringent policies to protect PII, supported by employee training on best security practices. Specifically, there are three lessons to learn from this event if you want to mitigate your risk of suffering a similar breach.
Lesson #1. Classify your sensitive data
The 2018 Netwrix IT Risks Report shows that healthcare organizations generally lack proper data governance practices and rarely check what data they store and how sensitive it is. The majority of respondents classify data based on its sensitivity (61 percent) and clear up unnecessary data (67 percent) only once a year or even less often.
It’s estimated that by 2020, each person will generate 1.7 MB of data every second. However, not all of that data needs special protection. Therefore, an effective strategy is to develop a data classification policy to discover all the data you have and classify it according to your organization’s needs. That way, you can prioritize your security efforts on the data that deserves it the most. At the same time, you can eliminate duplicate and unneeded files, which will reduce your attack surface area and lower your storage and backup costs.