• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»Healthcare ransomware attacks are increasing – how to prepare
Security

Healthcare ransomware attacks are increasing – how to prepare

September 6, 2022No Comments9 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Healthcare ransomware attacks are increasing – how to prepare
Share
Facebook Twitter LinkedIn Pinterest Email

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


Cybercriminals are becoming skilled at using legitimate tools to launch more severe, weaponized ransomware attacks on healthcare providers. In addition, they’re avoiding detection by relying on Living off the Land (LotL) techniques that turn attacks into a prolonged digital pandemic. Using native Windows and standard remote-management tools, malicious ransomware actions blend in undetected with regular system admin activity. As a result, there has been a 94% increase in ransomware attacks targeting healthcare in the last year alone. 

Sophos’ recent study, “The State of Ransomware in Healthcare 2022,” finds a 69% jump in the volume of cyberattacks and a 67% increase in their complexity just this year. Another survey found 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000. One in four employees knows someone who has sold access to patient data to outsiders. It’s no surprise that insiders initiate 58% of all healthcare breaches. IBM’s recent data breach report found that 83% of all enterprises interviewed have experienced more than one breach; among the most significant factors are remote work and internal employees willing to sell their privileged access credentials. 

Healthcare ransomware: An accelerating digital pandemic  

Healthcare providers are prime targets for ransomware attacks because they often spend less than 10% of their IT budgets on security, and patient data is often used for launching fraud and identity theft. Accellion’s paying an $8.1 million settlement in January, the CaptureRX cyberattack that affected 17 hospitals, and the Scripps cyberattack that impacted five hospitals and 19 outpatient facilities costing an estimated $106.8 million quantify how severe this digital pandemic is.   

So far in 2022, there have been 368 breaches affecting 25.1 million patients, according to the U.S. Department of Health and Human Services HHS Breach Portal. 206 of the breaches started with the network server being compromised with malware, and 95 started via email phishing and privileged credential abuse. 

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

“We know that bad guys, once they’re in the network and compromise the first machine, in about an hour and 38 minutes, on average, they can move laterally to the next machine, and then the next machine, and the next machine. So once they’ve figured that out, the chances of you having a ransomware breach and having data exfiltrated from your environment increase,” Drex DeFord, executive strategist and healthcare CIO at CrowdStrike, told VentureBeat during an interview.

See also  Coalfire's evaluation on the 2022 software program provide chain

The growing threat of increasingly sophisticated ransomware-as-a-service (RaaS) groups is compounding healthcare providers’ risks from repeated ransomware attacks. The HHS Cybersecurity Program found that ALPHV/BlackCat, Conti, Hive, LockBit and SunCrypt are the five most active RaaS groups targeting healthcare. 

Each RaaS group has expertise in automating ransomware attacks using native Windows and common remote management tools that exceed what organizations can block or contain. When attackers initiate ransomware attacks with existing tools, their intrusions are difficult to identify as their behavior blends into legitimate admin activities.

Ransomware attackers rely on remote access, encryption, file transfer, Microsoft Sysinternals, utilities and open-source tools, including Cobalt Strike, Process Hacker, and others, to attack healthcare providers for ransomware extortion. SOURCE: HHS Cybersecurity Program, Ransomware Trends in the HPH Sector (Q1 2022).

How zero trust can help 

Ransomware attacks often start when endpoints, privileged access credentials, and gaps in identity management are compromised. Many healthcare providers have more machine identities to protect than human ones, making identity access management (IAM) and privileged access management (PAM) central to their zero-trust network access (ZTNA) initiatives. Designing for greater resilience needs to be the goal. CISOs and their teams need guardrails to stay on track while also realizing that many vendors misrepresent their zero-trust solutions. 

Two standards documents provide guardrails for healthcare security and risk management professionals in defining their ZTNA initiatives. The first is the recently published update from the the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE), “Implementing a Zero Trust Architecture.” 

John Kindervag, who created zero trust while at Forrester and who currently serves as senior vice president, Cybersecurity Strategy and ON2IT Group Fellow at ON2IT Cybersecurity, and Chase Cunningham, Ph.D., chief strategy officer at Ericom Software, were among several industry leaders who wrote the President’s National Security Telecommunications Advisory Committee (NSTAC) Draft on Zero Trust and Trusted Identity Management. The NSTAC document defines zero trust architecture as “an architecture that treats all users as potential threats and prevents access to data and resources until the users can be properly authenticated and their access authorized.” The NSTAC document and the new NCCoE guidelines are essential for healthcare providers planning and implementing their zero-trust initiatives. 

Where healthcare providers need to start 

Healthcare ransomware attack strategies are becoming more challenging to identify and stop. RaaS groups actively recruit specialists with common Windows and system admin tools expertise to launch more LotL attacks. Perimeter security isn’t slowing these attacks down, while the core principles of ZTNA implemented enterprise-wide are proving effective. 

Healthcare CISOs and their teams need to consider the following strategies for getting started:   

Get a compromise assessment done first and consider an incident response retainer

CrowdStrike’s DeFord says that healthcare CISOs must first establish a baseline and ensure a clean environment. “When you have a compromise assessment done, get a comprehensive look at the entire environment and make sure that you’re not owned and … just don’t know it yet, is incredibly important,” he told VentureBeat during a recent interview.

See also  Researchers Discovered Malware Actively Focusing on Digium VoIP Telephones

DeFord also advises healthcare CISOs to get an incident-response retainer if they don’t already have one. “That makes sure that should something happen, and you do have a security incident, you can call someone, and they will come immediately,” he advises. 

Remove any dormant, unused identities in IAM and PAM systems immediately 

Do a hard reset on every IAM and PAM system in the tech stack to the identity level to make sure no dormant credentials are still active. They’re the front door to the IAM and PAM servers that cyberattackers are looking for. Purge access privileges for all expired accounts as a first step. Second, reset privileged access policies by role to limit the type of data and systems each user can access.    

Implement multifactor authentication (MFA) across all verified accounts 

Cyberattackers target the companies that healthcare providers regularly work with to steal their identities and privileged access credentials and then gain access to internal systems. The more privileged access an account has, the greater the probability it will be the target of a credential-based attack. Roll out MFA across every external business partner, supplier, contractor and employee in the first phase of any zero-trust initiative.

Automate endpoint device configurations and deployments from a single cloud platform to reduce the ransomware attack surface 

Forrester’s recent report, The Future of Endpoint Management, provides insights and useful suggestions for healthcare CISOs and their teams on how to modernize endpoint management. Forrester defines six characteristics of modern endpoint management, endpoint management challenges, and the four trends defining the future of endpoint management in 2022 and beyond. Andrew Hewitt, Forrester analyst and author of the report, told VentureBeat, “Most self-healing firmware is embedded directly into the OEM hardware itself.”

“It’s worth asking about this in up-front procurement conversations when negotiating new terms for endpoints. What kinds of security are embedded in hardware? Which players are there? What additional management benefits can we accrue?” Hewitt advised. 

Forrester found that “one global staffing company is already embedding self-healing at the firmware level using Absolute Software’s Application Persistence capability to ensure that its VPN remains functional for all remote workers.” Absolute provides self-healing endpoints and an undeletable digital tether to every PC-based endpoint. The company recently launched Ransomware Response based on its insights gained from protecting against ransomware attacks. Other leading vendors who can automate endpoint device configurations and deployments include CrowdStrike Falcon, Ivanti Neurons, and Microsoft Defender 365.

See also  Google Fixed Another Chrome Zero-Day With Emergency Update

Automate patch management to further reduce the risk of a ransomware attack

Automating patch management offloads IT and helps relieve desk staff from the heavy workloads IT teams already have supporting virtual workers and high-priority digital transformation projects. A majority (71%) of IT and security professionals perceive patching as too complex and time-consuming, and 62% admit they procrastinate about devoting time to patch-management work. They’re looking for a way to move beyond inventory-based patch management to a more automated approach based on artificial intelligence (AI), machine learning and bot-based technology that can help prioritize threats. 

Leading vendors include Blackberry, CrowdStrike Falcon, Ivanti Neurons for Patch Intelligence, and Microsoft. Ivanti’s acquisition of RiskSense last year combined Ivanti’s expertise in streamlining patch intelligence with RiskSense’s diverse dataset of ransomware attacks, which are considered the most comprehensive in the industry. RiskSense’s Vulnerability Intelligence and Vulnerability Risk Rating was also a core part of the acquisition. The acquisition reflects the future of AI-driven patch management as it consolidates all available data into a risk assessment in real time to identify ransomware attacks while automating patch management to reduce the exposed threat surfaces of healthcare providers. 

Creating more resilience is key 

Earlier this week on CNBC, CrowdStrike President, CEO and cofounder George Kurtz said that 80% of breaches are identity-based. He emphasized that boards of directors must see that the most significant risk to their businesses is cyber-based, “the systematic risk of a business going down with things like ransomware,” while compliance continues to become more complex, as he also mentioned during the interview. 

Based on Kurtz’s comments, it is clear that CISOs must be included as part of the board to help manage risk while automating compliance. Hardening endpoints is one of the most effective strategies for protecting identities, as Kurtz said during his CNBC interview. 

In an interview earlier this year with VentureBeat, Paddy Harrington, senior analyst, security and risk at Forrester, said there are three factors defining the future of endpoint platforms. They are isolation, containment, and segmentation; automation; and intelligent reporting. On automation, Harrington says, “AI, machine learning, scripts, preconfigured processes reduce the amount of human interaction and have consistency. Unfortunately, IT/security operations staffing is not growing to keep up with the diversifying environments, and the added complexity is only lengthening response times. Attacks are also becoming more complex, and an analyst’s misstep or response delay can have serious consequences.”

In the meantime, cyberattackers will continue targeting healthcare endpoints to launch ransomware attacks because endpoints the perfect distribution point for additional payloads. The key to reducing healthcare ransomware attacks is hardening endpoints and making them more resilient and self-healing while defining and implementing an enterprise-wide ZTNA framework.

Source link

attacks Healthcare increasing prepare ransomware
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

How AI Protects (and Attacks) Your Inbox

June 3, 2023

Eight Tips For Increasing Engagement With Your Business’s Instagram

February 9, 2023

The Challenge In Standardizing Electronic Healthcare Records (EHR). Where Is Progress Being Made?

November 23, 2022

Healthcare analytics startup founded by early Amazon employee lands $6.5M – Startup

November 13, 2022
Add A Comment

Comments are closed.

Editors Picks

Visby Medical tests positive for a Series E extension at $1B+ valuation – DailyTech

July 1, 2022

You can mod the Google Pixel 6a and bump the refresh rate up to 90Hz

August 14, 2022

Lenovo Smart Paper review

August 18, 2023

Which robot vacuum should you buy on Prime Day 2022?

July 11, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.