Ransomware History and News
The healthcare ecosystem continues to face persistent challenges due to ransomware attacks, affecting providers, payers, and vendors alike. Becker’s Hospital Review reported that the healthcare industry witnessed its first ransomware attack known as the AIDS Trojan, or the PC Cyborg back in 1989. Despite the passage of 28 years, this sector remains a prime target for cyber threats, highlighting the critical need to strengthen cybersecurity measures to protect sensitive data and ensure the security of patient information.
A 2022 Ponemon Institute study of healthcare organizations found that 41% of respondents experienced ransomware attacks over the past two years. These ransomware attacks frequently lead to delays in care, affecting patient lives and substantial financial losses.
According to a SonicWall report, approximately 140.1 million ransomware attacks took place worldwide across industries in the first half of 2023. The problem is severe enough that the White House is considering an outright ban on ransom payments.
The average cost of a data breach reached an all-time high in 2023 of USD 4.45 million as per report by IBM Security on data breach. However, this did not factor in many costs of ongoing legal battles, damage to the brand and future business, increase in cyber insurance premiums and investment in new technology. Considering these additional costs, the actual financial impact of a data breach can be much higher than the initial estimated average cost.
The Effect of Ransomware in Healthcare
Ransomware attacks impact healthcare providers on four fronts: financial impact, patient care and safety, impact to caregivers and damage to the brand and business. They also present a range of dangers, like completely going out of business, ongoing lawsuits, inability to recover the data completely and so on.
2017’s Wannacry ransomware attack took connected medical devices offline at hospitals in the United Kingdom and the United States. In Florida, smart IT work prevented a ransomware attack on Tampa General Hospital. St. Margaret’s Health, a small hospital in Illinois, closed their doors and cited a 2021 ransomware attack that delayed months of claims submissions as a contributing factor.
Why Healthcare?
Healthcare is one of the four most-frequently targeted verticals for ransomware attacks, alongside government, education, and finance. The healthcare sector is uniquely vulnerable to ransomware attacks for a number of reasons. Most importantly, healthcare providers have a large number of weak points due to third party vendors, patient data practices, connected medical devices, supply chain issues and outdated systems or software.
Criminals also target healthcare providers because they are soft targets. Healthcare providers have a responsibility to keep patients healthy and alive and are more likely to pay ransoms in many circumstances as a result.
The American Hospital Association, a trade group, characterizes ransomware attacks on hospitals as “threat-to-life crimes because they directly threaten a hospital’s ability to provide patient care, which puts patient safety at risk.”
What makes Healthcare an easy Target for Ransomware
Let us look at some factors that makes Healthcare an easy target for cyber criminals
Legacy Systems
One major problem facing healthcare in particular is overreliance on legacy systems. Many clinical systems and medical device vendors often run on outdated software stacks that don’t always support critical ongoing security updates.
Sensitive patient data held on undersecure legacy systems also presents an attractive target for ransomware criminals. Because patient data frequently includes personally identifying information such as date of birth and addresses that aid criminals in identity theft and credit card fraud, protecting it is a necessity.
Security, Regulation & Ethical Challenges
Healthcare organizations have a strong incentive to safeguard sensitive patient data due to legal obligations and potential consequences. Government regulations, patient privacy laws, and strict penalties create a framework that demands data security. Improperly secured data can lead to various legal complications if a breach occurs, including costly legal battles, damage to reputation, and loss of public trust. Consequently, prioritizing robust data security measures is crucial not only to protect patients but also to avoid potential legal issues and negative impacts on healthcare organizations.
Ransomware attacks on healthcare organizations frequently result in a challenging dilemma. Due to the critical nature of patient outcomes and service delivery, some healthcare organizations opt to pay the ransom demanded by criminals to regain access to their systems. This makes the healthcare sector an appealing target for attackers, knowing that they may get what they demand.
However, this practice creates tensions with government organizations that advocate against paying ransoms. Governments fear that yielding to these demands sets dangerous precedents, encouraging more ransomware attacks in the future.
Furthermore, even when the ransom is paid, there is no guarantee of a full data recovery. Many organizations have faced the grim outcome of not regaining complete control over their data, leading to further complications. In some instances, the attackers have even leaked sensitive data on the internet, exacerbating the damage caused by the initial attack.
Finding a balance between responding to attacks swiftly and responsibly while also avoiding rewarding criminal behavior remains a significant challenge for the healthcare industry.
Technological Challenges
Bad actors employ diverse attack vectors to distribute ransomware, making it imperative for security teams to be proactive in their response. One of the most concerning methods used by criminals involves exploiting zero-day vulnerabilities. These vulnerabilities are previously unknown to the software vendor and, as a result, have no patches or fixes available at the time of the attack. Prompt remediation actions are crucial for security teams to mitigate the impact of such attacks.
Furthermore, security teams must take a comprehensive approach to safeguarding against ransomware. They need to analyze and secure wider attack surfaces, which may include various locations where critical data and workloads are distributed. This can encompass on-premises software, edge networks, data collection centers, cloud-based or Software-as-a-Service (SaaS) solutions, and more.
Slowed or delayed support for remote administration and access can create vulnerabilities that ransomware attackers may exploit to gain unauthorized access to systems. Additionally, fileless attacks can be leveraged by bad actors to move laterally within a network, making it harder for traditional security measures to detect their presence.
Moreover, ransomware attacks can remain undetected for extended periods, posing significant challenges for prevention and mitigation efforts. Sophos reports an average of 11 days before such attacks are discovered, during which time they can silently wreak havoc on a system, exfiltrate data, or escalate their impact.
Resource & Education Gaps
The healthcare industry, particularly clinical clients, requires enhanced user education and outreach to address ransomware risks effectively. Organizations must gain a comprehensive understanding of how technology can aid in protecting and recovering from ransomware attacks, rather than relying solely on traditional backup restore methods.
However, the shortage of qualified cybersecurity analysts and engineers poses a significant challenge, making it difficult for many organizations to build robust teams despite available funding. Furthermore, cyber attackers continuously develop more sophisticated techniques, necessitating constant adaptation from cybersecurity teams.
The high cost of maintaining Security Operations Centers further exacerbates resource constraints for many healthcare entities. To tackle these issues, a holistic approach is needed, encompassing improved user training, targeted hiring efforts, and exploring cost-effective alternatives for SOC services.
Infrastructure Challenges
The absence of standardized infrastructure across the healthcare ecosystem presents an additional hurdle for security experts. Establishing and managing Air-gap Environments and immutable backups is a daunting task, both financially and technically. Since there are no universal solutions for protecting against ransomware attacks, security teams must tailor and optimize their approaches, often integrating multiple solutions.
Furthermore, interoperability demands at many organizations necessitate API and other integrations, which can increase the risk of ransomware attacks by exposing systems to potential vulnerabilities. This lack of standardization and the need for customized solutions create complex challenges that healthcare organizations must address to effectively protect their systems and data from ransomware threats.
Cost Challenges
Providers and vendors in the healthcare ecosystem encounter numerous cost challenges that can complicate ransomware defense efforts. While not specific to healthcare, these financial constraints impact the implementation of robust cybersecurity measures. Cybersecurity tools and software, in particular, can be costly to procure and implement. Additionally, the complexity involved in integrating and managing these tools further adds to the financial burden.
Insurance-related challenges add to the complexity of ransomware defense in the healthcare industry. Cybersecurity insurance premiums that include coverage for ransomware incidents can be prohibitively expensive, especially for high-risk organizations. In some cases, insurers are even refusing to provide coverage to organizations deemed to have significant vulnerability to ransomware attacks, further exacerbating the issue.
Comprehensive ransomware defense audits, which encompass penetration testing and recovery drills, are crucial spending areas to assess and strengthen an organization’s resilience against ransomware threats. However, these audits can be costly.
While they provide strong defenses, some organizations are also hesitant to implement widespread encryption and firewall systems as those can cause slowness and decrease performance which can affect the bottomline. Managing encryption keys and configuring firewall rules can be complex and time-consuming tasks, requiring specialized expertise and resources. Some organizations may be reluctant to invest in the necessary infrastructure and personnel to implement and maintain these security measures.
Finally, maintaining a comprehensive and effective security operations center (SOC) requires a dedicated team of skilled professionals who can monitor, detect, and respond to security incidents around the clock. The cost of hiring and retaining such cybersecurity experts can be significant, especially in the face of a cybersecurity talent shortage.
While they are expensive, all of these defenses and strategies can prevent the significant damage to patient outcomes, organizational finances, and public reputation that many ransomware attacks result in.
What’s Next?
Now that we understand the challenges of Ransomware in Healthcare, in our next two posts, we will focus on the industry’s response to protect against these threats. We will briefly explore the diverse range of solutions available to tackle the healthcare ransomware challenge and shed light on effective strategies for mitigating the risk and facilitating recovery in case of an attack. Stay tuned for parts 2 and 3 of this series for more valuable insights on safeguarding healthcare systems and patient data in the face of this persistent cyber threat.
The post Ransomware in Healthcare: Understanding the Challenges appeared first on VMware Industry Solutions.
VMware Industry Solutions