Healthcare providers must urgently review and update their email security strategies to protect patients and personnel from the rising tide of malicious emails.

Why healthcare is a prime target

While phishing is a common threat to most sectors, healthcare has become a favourite target. The industry’s extensive store of medical records makes for a very lucrative prize – in fact, research indicates that a single record can fetch up to 20 times the price of credit card data on the dark web. Medical records are stuffed with personally identifiable information (PII) that can be used to fuel further malicious activity, and much of this data is permanent, giving it a long shelf life.

The sector is also highly vulnerable to ransom and blackmail tactics. Criminal gangs will routinely threaten to leak sensitive medical records online unless the target organisation pays up. Disrupting essential healthcare services can have disastrous consequences for patients’ wellbeing and cybercriminals know that desperate organisations will pay a hefty ransom to halt an active attack.

Healthcare providers are also seen as something of an easy target – one that often struggles to find the budget and resources to keep their IT and security systems up-to-date. Healthcare’s vast ecosystem of third-party vendors also presents significant vulnerabilities, expanding the number of entry points criminals can exploit.

The impact of attacks on the healthcare sector has been demonstrated in multiple recent incidents including the Synnovis breach, which caused the cancellation of thousands of appointments, and the massive data breach suffered by NHS Scotland.

Why high staff turnover is an overlooked weak link

Alongside technical issues, the sector is particularly vulnerable to social engineering tactics like phishing due to its high rate of employee turnover.

Frequent onboarding of new staff means that many are unfamiliar with internal security protocols and communication patterns, making it easier for cybercriminals to carry out impersonation attacks. This also means employees are less likely to know their colleagues personally, making it harder to spot the impersonation tactics widely used in phishing.

Compounding this, healthcare professionals operate in high-pressure, fast-paced environments. When workloads are heavy and time is scarce, staff are more likely to open and act on emails without scrutinising them carefully.

The rise of sophisticated Vendor Email Compromise (VEC)

Most healthcare providers operate within vast and complex supply chain webs, with large numbers of third-party vendors, contractors, and others requiring regular access to IT systems. This leaves the healthcare industry highly exposed to an increasingly popular tactic known as Vendor Email Compromise (VEC).

Unlike traditional phishing, where attackers impersonate internal employees, VEC targets trusted third-party vendors. We have seen VEC attacks on healthcare surge by 60% in the past year alone.

In these attacks, cybercriminals will often impersonate trusted contacts using email spoofing techniques to hide their identities. More advanced attackers will go as far as infiltrating vendor email accounts with account takeover tactics, and then send malicious emails directly from the legitimate email account. Their goal is to manipulate ongoing communications to deceive healthcare staff into sharing data and login credentials or transferring funds to the attackers’ accounts directly.

Moving beyond employee awareness training

Increasing cyber threat awareness through employee training has long been a favoured tactic to countering these attacks. However, while still important, it is no longer enough to protect healthcare organisations from today’s sophisticated cyber threats.

Modern phishing attacks often appear highly realistic, especially in today’s generative AI era, where threat actors can quickly and accurately craft sophisticated emails that closely mimic trusted contacts. These attacks can not only easily evade detection by employees – even the most security aware employees – they can also bypass traditional email security tools. These tools are usually based on policies that look for known indicators of compromise, like malicious links or bad senders. By omitting these indicators and instead relying on social engineering, attackers are able to successfully compromise their targets without raising any red flags.

To counter these threats, healthcare organisations must adopt advanced security measures that extend beyond traditional awareness programs and email security technologies.

Solutions powered by machine learning and artificial intelligence have a major role to play against today’s modern phishing attacks. By learning and baselining “normal” email behaviour, these solutions can detect and block malicious anomalies before they reach an employee’s inbox. These systems continuously adapt to evolving threats, offering protection against even the most convincing impersonation attempts.

Layering technical solutions with ongoing training and phishing simulations provides the most effective defence. While it is valuable for personnel to be aware of common phishing tactics, they should not be expected to spot them reliably every single time.

The need for regulatory evolution

Regulatory bodies also have an important role to play in supporting healthcare providers as they manage the growing volume of cyberattacks. However, many compliance frameworks remain focused on legacy security issues, leaving healthcare providers vulnerable to new and fast-changing tactics like VEC and AI-assisted phishing.

Regulators need to ensure there are steps in place to frequently review the state of play in cyber threats to the sector, and update guidance and mandates accordingly.

Enforcing the implementation of specific processes like multifactor authentication and steering organisations towards stronger, behavioural-based email security will help to mitigate these threats. Prioritising vendor risk management and ensuring consistent cybersecurity protocols across the supply chain will also reduce the risk of VEC attacks.

A proactive future for healthcare email cybersecurity

It’s clear that cybercriminal gangs are only growing more aggressive and brutal in their attacks on healthcare, emboldened by the many successful raids we have seen over the last few years.

Implementing multi-layered defence strategies, including advanced AI-powered systems, will be key to countering VEC and other phishing threats. By combining technological solutions with tough regulatory frameworks and continuous staff training, healthcare providers can better protect their operations, sensitive data, and, most importantly, patient safety.

By Mike Britton, CIO at Abnormal Security

The post Countering the Rise of Email Threats Against Healthcare appeared first on .

While these technologies are essential for increasing access to care, they open doors for cyberthreats. Therefore, mental health providers must adopt cybersecurity protective measures against cybercriminal activities to ensure the safety and privacy of their digital interactions with clients.

Digital Mental Health Is on the Rise

The rise of digital mental health services traces back to COVID-19. The pandemic disrupted lives and had a profound impact on mental health. Researchers found that regions with higher COVID-19 case rates experienced a substantial increase in reports of depression.

Following the first year of the pandemic, research showed that about 60% of students had at least one mental health problem during the 2021-2022 school year. With these statistics, health care professionals realized an urgent need for mental health support. As a result, the adoption of digital platforms for therapy and counselling increased.

Even before the pandemic began, the demand for digital mental health services surged due to convenience and immediate access to care. These services have filled a gap for individuals seeking support in all mental health conditions, especially when in-person therapy became inaccessible during lockdown.

However, this expansion in access to care has amplified the exposure of sensitive data to cyberthreats. As these services transition to online platforms, the amount of personal and health-related information stored online has skyrocketed. This creates a larger attack surface for cybercriminals who are constantly on the lookout for security weaknesses.

How Cyberattackers are Targeting Mental Health Professionals

Since digital systems have become a major target for cybercriminals, attackers employ any strategy to steal data. These methods include everything from phishing and ransomware to malware attacks.

Typically, they use fraudulent emails to trick individuals into revealing passwords or downloading a bug. They’ll also look for weaknesses in network security to gain unauthorized access to data. Once inside, they can steal or encrypt information and demand hefty ransoms. They may also use it to steal banking information and transfer funds to their accounts.

The ramifications of such breaches are costly. They compromise patient confidentiality by accessing their information, leading to financial fraud and identity theft. Exposures like this can erode the trust between clients and therapists. Although cyberattacks steal a significant amount of business profits, their impact is even greater due to the damage they cause to businesses’ reputations.

Cyberattacks are a great threat to mental health professionals, calling for individuals in this field to adopt the latest cybersecurity measures.

Tips for Implementing Cybersecurity in the Mental Health Care Industry

Professionals can implement several cybersecurity best practices to guarantee the protection of mental health services and clients.

1. Use Secure Communication Platforms

Adopt secure communication tools by choosing servers that use end-to-end encryption. They should also comply with health care privacy standards like HIPAA so all conversations remain confidential. Whether communication is via text, voice or video, mental health practitioners must conduct their research before investing in a platform.

2. Educate and Train Staff on Cybersecurity

Keep staff informed of cybersecurity best practices. Training sessions should be routine to familiarize team members with the latest phishing scams and hacking techniques. This will also empower employees to recognize threats and respond appropriately. Teaching and training about cybersecurity protocols helps health care professionals greatly reduce the chances of a successful cyberattack.

3. Implement Strong Password Policies

Mental health professionals should use unique passwords, as many password-creation techniques are weak. They also change them too infrequently. One way to guarantee strong password creation is through Google Password Manager.

At least 60% of people in the U.S. use Google Chrome, and this tool makes it convenient for users to save all their passwords in one place. Additionally, they should adopt two-factor authentication to protect the information even if a password is compromised.

4. Regularly Update Software

Software updates often include security patches that address vulnerabilities discovered since the last version. Regularly updating all systems and applications is crucial for reducing exposure to cyberthreats. Staff can ensure they implement this best practice by setting reminders and checking for updates. They can also set up the software so it updates automatically. This will ensure it maintains the highest level of security and data safety.

5. Secure Physical and Digital Access

Physical security involves controlling access to offices and file storage areas. This is often done through keycard systems and locks. On the digital side, mental health professionals should implement access controls on electronic health records and other sensitive systems. Employ user-level permissions to decrease the risk of data exposure. Tailoring access rights to each staff member’s role helps mental health practitioners prevent unauthorized user access and enhance security.

6. Implement a Cybersecurity Framework

Mental health care professionals should create a structured approach to managing and mitigating cyber-risks. Frameworks — such as the NIST Cybersecurity Framework — have guidelines that cover the steps to managing cybersecurity risks. Following these best practices enables professionals to assess their security posture and identify gaps within their systems. From there, they can take corrective action to make improvements.

7. Create an Incident Response Plan

An incident response plan is an essential strategy needed to manage a cyberattack. It outlines the steps taken after detecting a breach. These include identifying and isolating affected systems, notifying affected individuals, and reporting the incident to authorities.

It also details communication strategies, recovery processes and more. A well-defined incident response plan ensures a quick response to security incidents, reducing damage and upholding responsibility.

Prevent Cyberattacks With Best Practices

Cybersecurity is fundamental to providing safe and reliable mental health services. As cyberthreats evolve, so must mental health practitioners’ defenses. Beyond implementing best practices, the best approach requires continuous learning and improvement. This guarantees the protection of client data, maintaining trust and confidentiality in mental health care.

By Zac Amos, rehack.com

The post How Cybercriminals Are Attacking Mental Health Practitioners appeared first on .

With NHS budgets stretched to breaking point, under-resourced and under-equipped NHS cybersecurity teams are struggling to protect existing systems from an ever-increasing range of threats.  And, with new digital apps and services rolling out at pace for patients, the risks of breach are increased even further. Unfortunately, cybersecurity skills and modern tools are also in short supply.

It is therefore not surprising that NHS trusts are attractive targets to cyber criminals looking to gain access to highly confidential information of millions of patients and employees. In June, Barts Health NHS Trust, which runs five London hospitals and serves 2.5 million patients, was one of these casualties. The APLPHV ransomware gang, also known as BlackCat, claimed to have stolen 70 terabytes of sensitive data from the Trust in an incident it proclaimed to be the largest-ever breach of healthcare data in the UK. Also in June, a ransomware attack on the University of Manchester compromised the data of more than one million NHS patients.

TURNING POLICY TO ACTION

Thankfully, the challenges facing the NHS have not gone unnoticed, with the Department of Health and Social Care (DHSC) publishing the Cybersecurity Strategy for Health and Adult Social Care in March last year. The policy aims to achieve cyber resilience across the UK health sector by 2030, specifically “reducing the cyber security risk to health and social care organisations, protecting patient, service user and staff data, and implementing measures to ensure organisations are able to recover quickly from cyber-attacks when they do occur.”

Prioritising cybersecurity for the NHS through policy is a welcome step forward, but it is vital that this new strategy results in decisive action and deliverable plans – quickly. Without a doubt there is a long road ahead, but by working together healthcare organisations and the government can build cyber resilience across the NHS.

VISIBILITY WITHOUT COMPROMISING CYBERSECURITY

Cyber resilience starts with visibility, yet vast amounts of detailed information on the health and clinical histories of patients are routinely scattered across a wide range of back-end systems, in different formats, both structured and unstructured. This highly sensitive information includes electronic health records, lab results and medical images, as well data gathered from a growing range of newer digital services and devices. To compound the issue, cybersecurity teams are faced with a plethora of disparate security tools which can only ever provide siloed and disconnected visibility of the overall IT estate. These complex environments make protecting sensitive data and monitoring from suspicious activity difficult.

To detect and react to threats in real time, visibility is key. Security teams need to be able to see the bigger picture and take a consolidated approach which allows wide-ranging oversight across the entire healthcare infrastructure, not just elements in silo.  Only then can they effectively analyse user behaviour and pinpoint anomalies in events and end-user activities.

Gaining this kind of visibility without compromising cybersecurity is typically achieved by implementing an appropriate SIEM (security information and event management) solution. The best of these will incorporate significant automation, helping to relieve some of the strain on cybersecurity teams by enabling real-time detection and swift resolutions.

AUTOMATION NOW AND IN THE FUTURE

It goes without saying that fast detection leads to more rapid response and it’s here that NHS cybersecurity teams need to focus now before it’s too late. AI is enabling increased attacks at greater speed and sophistication than ever before, but it’s also improving cyber defences. Automation in rules based SIEM technology can detect suspicious activity when key parameters are breached. Where possible, machine learning can resolve incidents independently, alerting security analysts to more complex situations using severity and risk scoring.

This type of technology does not have to add unnecessary burden to already strained budgets. Cost-efficient and reliable solutions exist. The Elastic SIEM solution, is one such example which provides security teams with visibility, threat hunting, automated detection and Security Operations Centre workflows. It already has a proven track record in helping organisations from all sectors, including healthcare, to eliminate blind spots and protect data and infrastructure, while simultaneously boosting efficiency and reducing costs.

Cyber-attacks are a real threat and can strike at any moment, so it’s crucial that organisations are equipped to minimise impact and time needed to recover from any incident, something which was also highlighted in the government’s strategy for cybersecurity resilience by 2030. However, this cannot be achieved unless action is taken today. By taking steps towards better visibility and supporting cybersecurity teams with automation, healthcare organisations can shore up their defences and mitigate risks from the ever-evolving threat landscape.

By Samantha Glutz, Head of Healthcare at Elastic

The post Building Better Cybersecurity Resilience in the NHS appeared first on .

While other industries mainly face financial and reputational damages from cyberattacks, in healthcare the consequences can be devastating. Any attack on a hospital could put patient care and even human lives at risk, so having a robust cybersecurity strategy is mission critical.

Cybersecurity vulnerabilities in the supply chain

Research indicates that nearly half of all healthcare professionals experienced disruption in patient care due to ransomware attacks. And while the UK government has outlined a strategy to safeguard the NHS from cyberattacks, a comprehensive implementation plan is still yet to be distributed. Cyberattacks on the healthcare sector show no signs of slowing down. In fact, IBM’s Cost of a Data Breach Report 2023 indicates that the average expense of healthcare breaches surged to almost $11 million in 2023, marking a 53% rise since 2020.

But despite the risks, NHS trusts are still placing too much implicit trust in suppliers to safeguard data, systems, and operations. Our recent Freedom of Information request uncovered that more than a quarter of those that responded have yet to audit third-party suppliers’ cybersecurity measures. At a very minimum, all trusts should be doing some form of cybersecurity audit on their supply chain and taking steps to mitigate risk against supply chain attacks.

The financial provisions for cybersecurity are equally concerning. The same FOI data revealed that 47% of trusts have no dedicated funds allocated for cybersecurity, while another 43% have committed less than 1% of their annual budget to this crucial area.

In a sector where the stakes are immeasurably high and the delivery of exceptional patient care is critical and lifesaving, a lack of cyber readiness and resiliency can have catastrophic consequences. Anything less than continuous, comprehensive scrutiny is synonymous with leaving the door open for attackers, which in 2023, treads dangerously close on malfeasance.

From prevention to survival

For healthcare organisations to truly build cyber resilience, remain compliant, and proactively ensure continuous and consistent patient care, we need to see a paradigm shift in cyber strategy. It’s no longer sufficient to focus solely on preventing attacks; with attacks happening daily, the focus needs to be on survival and maintaining operations even when under active attack.

The starting point is moving to an “assume breach” mentality. An approach that emphasises preparedness, with the focus being on proactively implementing countermeasures to reduce initial risk exposure and mitigate the extent of a breach when it occurs.

“Assume breach” is a fundamental part of a larger shift towards Zero Trust – a modern practice and a security model that operates on the “never trust, always verify” principle. With Zero Trust, every attempt for access is treated as a potential threat, requiring both devices and users to undergo stringent authentication before gaining access to medical resources.

A critical pillar of Zero Trust is Zero Trust Segmentation (ZTS) which reduces the attack surface and ensures that an intruder, once inside, remains cut off from vital systems and sensitive data. For example, in a healthcare scenario, ZTS ensures that an initial entry point with a vulnerable third-party provider doesn’t result in the entire hospital (along with life-saving resources) being shut down.

When it comes to implementing a Zero Trust strategy, healthcare organisations must first identify their most critical assets and determine where potential vulnerabilities or communication risks may exist. Especially with the proliferation of medical IoT devices in a hospital setting, knowing what assets are connected in the environment is essential for assessing risk exposure.

From there, institutes can begin to action on minimising their attack surface. With tools like ZTS, they can limit access to vulnerable systems and block attackers from using common communication protocols by adopting an allow-list approach. They can also utilise context and status information to isolate infected systems, quarantine them during remediation to maintain services, and restore all services once they are verified clean.

A way forward

Along with moving towards a more proactive, “assume breach” approach, regular internal and third-party cyber defence testing is essential in cybersecurity strategies to determine cyber preparedness. This ranges from healthcare providers regularly testing their own security stack to regularly evaluating the efficacy of their software providers, particularly for hospitals that have a diverse range of suppliers, from catering to cleaning and ambulance services.

While it would be ideal for all suppliers to undergo comprehensive cybersecurity assessments, the reality is that full evaluation of every supplier is simply not feasible. Suppliers with direct access to hospital systems should face more stringent testing, and at the most basic level, mitigation and least privilege access measures should be in place for any others.

While the goal is to make hospitals as open and accessible as possible, it’s essential that not everyone is granted access to the operating theatre. The same is true with cyber resilience, we need to provide services to everyone but control who can access the most critical assets.

As the healthcare sector continues to undergo massive digital transformation overhauls, the attack surface inevitably expands, encompassing new medical devices and systems. But while technology evolves, cybersecurity best practice remains the same – the best way to reduce risk is through the practice of good security hygiene and implementation. At the very minimum this means regular patching, limiting access to systems and services with tools and technologies like ZTS, and imposing a larger overarching strategy of least privilege.

With methodologies like Zero Trust in place, healthcare institutions will be better prepared to prevent everyday breaches from resulting in devastating operational impacts and ensure that the risks posed by a vulnerable and ever-widening software supply chain don’t continue to result in widespread disruption to critical health services.

By Trevor Dearing, Director of Critical Infrastructure at Illumio

The post Closing the Cybersecurity Gap: Reducing Supply Chain Risks appeared first on .

However, cybersecurity has become a critical concern as these systems become more widespread. Ensuring the security of these devices is vital to protect sensitive patient data, and maintain trust between medical providers and patients. Failure to do so could lead to unauthorized access, data breaches and other serious risks.

The Need for Remote Patient Monitoring

Remote patient monitoring systems offer incredible benefits that reshape the health care industry. By reducing the need for in-person visits, these systems can significantly reduce costs for providers and patients. They also allow doctors to make timely and accurate medical decisions, enhancing patient comfort by letting people receive quality care without leaving their homes.

The COVID-19 pandemic further accelerated the adoption of these systems. Social distancing measures and overloaded medical facilities made remote monitoring a practical solution for ongoing care. In 2021, over a third of U.S. adults used a telehealth monitoring system. This technology has proved invaluable in tracking symptoms, administering treatment plans and reducing the strain on health care systems.

The Cybersecurity Risks

As technological innovations become more integral to the industry, it’s crucial to recognize the cybersecurity risks of this shift. These vulnerabilities can compromise sensitive patient data and impact the effectiveness of medical treatments.

Unauthorized Access

One of the most pressing cybersecurity risks is the threat of unauthorized users gaining access to sensitive patient data. When institutions do not adequately protect this data, it becomes a target for hackers looking to exploit vulnerabilities for financial gain or malicious intent.

Such unauthorized access can result in the leaking of personal information, medical records and financial data. It violates privacy laws and severely undermines patient trust in infrastructure systems. Thus, securing against unauthorized access is a top priority for health care IT professionals.

Data Interception

Another critical cybersecurity risk is the danger of cybercriminals intercepting data during transmission between the patient’s device and the provider’s system. Data interception occurs when an unauthorized entity taps into the data stream.

Hackers can collect sensitive material, modify it or inject malicious software. Doing so jeopardizes the integrity of medical information, and could lead to incorrect diagnoses or treatments in worst-case scenarios. Preventing interception is essential for ensuring patient safety and data integrity.

Software Vulnerabilities

Using out-of-date or unpatched systems presents another substantial risk in remote patient monitoring with telehealth. Older software versions often contain vulnerabilities hackers can exploit to gain access or execute malicious activities.

Failing to update or patch telehealth monitoring systems can make it easier for attackers to compromise the entire health care network. Thus, keeping all software up to date is instrumental in mitigating risks and ensuring the highest level of security for sensitive patient data.

Legal Implications

Navigating remote patient monitoring systems’ cybersecurity landscape involves technical challenges and legal implications. Failure to secure these systems adequately can result in violations of privacy laws, hefty fines and lawsuits from affected patients.

HIPAA Compliance

Cybersecurity lapses in remote patient monitoring systems can directly lead to privacy law violations, such as the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. When unauthorized users gain access to or intercept patient information, it constitutes a breach of these laws.

Such violations expose health care providers to regulatory scrutiny and financial penalties. Adherence to privacy laws is paramount to maintaining patient trust and avoiding costly legal repercussions.

Legal Penalties

Potential fines for cybersecurity breaches in the medical industry can be staggering, sometimes reaching millions. Regulatory bodies like the Department of Health and Human Services can impose these fines based on the severity and duration of the violation.

Besides monetary penalties, medical providers may also face legal repercussions such as mandatory audits or corrective action plans. In extreme cases, criminal charges could be filed, tarnishing the reputation of the health care facility and its staff. Given these severe consequences, addressing cybersecurity risks is an IT and legal imperative.

Patient Lawsuits

In addition to regulatory fines and penalties, medical providers also face the risk of legal actions from patients affected by a data breach. Individuals can sue for damages — such as emotional distress or financial loss — if third parties expose or misuse their sensitive data.

These lawsuits can be financially draining and reputation damaging for medical institutions. Moreover, a high-profile legal battle could result in lost trust among current and potential patients, impacting the provider’s bottom line for years. Thus, safeguarding against breaches is crucial for compliance and maintaining patient trust and institutional integrity.

Tips for Health Care IT Professionals

Cybersecurity risks and legal implications seem daunting. However, there are proactive steps IT professionals can take to secure remote patient monitoring systems.

Multi-Factor Authentication

One highly effective way to bolster security is through multiple layers of authentication, often called multi-factor authentication (MFA). It requires two or more verification steps before granting access to sensitive information. Implementing it could help you avoid becoming one of the over 3,000 cybersecurity complaints the FBI receives daily.

Typically, it could be something the user knows — like a password — combined with something the user has, like a mobile device for a verification code. By implementing MFA, health care IT professionals can add an extra layer of defense, making it more challenging for unauthorized users to gain access to secure information.

Regular Updates

Keeping all software up to date is paramount in securing remote patient monitoring systems. Outdated software often contains vulnerabilities cybercriminals can exploit to gain unauthorized access.

By regularly updating or patching the telehealth monitoring system, health care IT professionals can close these security gaps and protect against potential breaches. Staying current with software updates is fundamental to maintaining a secure and reliable medical system.

Employee Training

Regular cybersecurity training for staff is essential for creating a secure environment. Human error is often a weak link in cybersecurity, so educating workers on best practices can drastically reduce the risk of breach.

Training should cover topics like recognizing phishing attempts, safe internet usage and adequately handling sensitive data. By making cybersecurity training a regular part of employee development, health care IT professionals can cultivate a culture of vigilance and preparedness.

Securing the Future of Remote Patient Monitoring in Telehealth

As the health care industry continues to embrace digital transformation, the integrity and confidentiality of patient data must be a top priority. Failing to secure telehealth monitoring systems puts sensitive information and the reputations of fundamental institutions at risk.

Medical organizations must prioritize cybersecurity. They can protect patients and providers by staying vigilant, adopting solid security measures, and fostering a culture of awareness.

By Zac Amos, rehack.com

The post Remote Patient Monitoring Systems Are a Possible Attack Vector appeared first on .

Lucrative RaaS models make cyberattacks even easier

The rise in eCrime activity has been an ongoing issue for years. Ransomware-as-a-Service (RaaS) models have exacerbated the situation, as cybercriminals no longer necessarily need to have the technical know-how themselves to put their machinations into action, but can simply contract for ransomware services. A whole range of revenue and business models now exist in the RaaS sector. In the so-called ransomware affiliate model, ransomware operators receive a predetermined percentage of the successfully extorted ransom amount from affiliates. It’s a lucrative business model, especially considering that an increase in double extortion ransomware models continues to be on the rise. Here, attackers demand a ransom to decrypt the data, and an additional ransom not to share or sell it. Medical data in particular is an attractive commodity on the dark web. They often form the basis for further criminal machinations by cyber actors, for example in the area of identity theft, medical fraud or tax fraud. That’s because data managed by the healthcare system provides virtually everything an attacker needs to build a digital profile of a patient. The value of a data set, which typically includes date of birth, place of birth, social security number, address as well as e-mail address or, in some cases, credit card information, is estimated at up to $1,000.

Healthcare particularly at risk from ransomware

To obtain the valuable data sets, the cybercriminals must first gain access to the victim organization’s network. A common gateway for ransomware-affiliates, for example, is to exploit vulnerabilities or credentials. However, it is also not uncommon for attackers to use the services of access brokers who sell targeted network access to other cybercriminals, who then use RaaS toolkits, for example, to carry out ransomware attacks. According to the latest Global Threat Report, the popularity of access broker services increased in 2022, with more than 2,500 advertisements identified – a 112% increase compared to 2021. Once eCrime actors have gained access to a network, they don’t have much time: on average, it takes them just 1 hour and 24 minutes to move laterally from the point of origin. Attackers recognize that healthcare has limited budgets for IT and security. Add to that limited resources and the fact that each ransomware attack impacts the efficiency and effectiveness of the healthcare system in delivering care to patients. When you look at this from an extortion standpoint, the willingness to pay healthcare organizations whose mission is to save lives is significantly higher compared to other sectors. Combine this with the limited budget for investment in personnel and technology, and you get what is known as a soft target. On the other hand, the fact that attackers are becoming more sophisticated and dangerous makes the healthcare sector even more vulnerable.

Healthcare organizations must therefore be able to reduce the number of attack vectors in their IT systems if they are to minimize the severity and frequency of cyberattacks. Healthcare IT systems are vulnerable to cybercrime, but there are measures that can be taken to protect them:

1. Protect Workloads Comprehensively

Endpoint and workload security, data and identity protection, and data storage are just a few of the critical aspects that must be considered to keep healthcare organizations safe from cyberattacks and ransomware. Extended detection and response (XDR) is the next step toward threat-driven security prevention. XDR is a holistic approach that streamlines security data collection, analysis and workflows across an organization’s security solution to provide better visibility into and unify response to hidden and sophisticated threats. XDR collects and correlates data from endpoints, cloud workloads, networks, and email, analyzes and prioritizes it, and delivers it to security teams in a normalized format from a centralized console.

2. Implement Zero Trust

According to the CrowdStrike Global Threat Report 2023, healthcare is among the top 10 sectors advertised by access brokers. In 2021, nearly 80 percent of cyberattacks use identity-based attacks to compromise legitimate credentials and use techniques such as lateral movement to evade quick detection. Therefore, a zero trust approach should also be implemented in the healthcare industry to prevent identity-based attacks in real time.

3. Proactive Protection: Threat Hunting & Threat Intelligence

Threat data helps healthcare organizations prepare a defense against the most likely attackers and enables threat hunters to spot the signs of an intrusion and remove the intruders from the network. Only then can IT security teams be properly and effectively deployed. In many cases, in addition to threat intelligence, it is recommended to employ an external, fully managed cybersecurity services team that can perform not only threat intelligence, but also incident response, threat hunting, endpoint recovery services and proactive monitoring to close security gaps.

4. Machine Learning and Artificial Intelligence 

Healthcare organizations must never forget that hackers are always evolving their attack techniques. Therefore, they must also continue to develop their protection. Modern attacks can no longer be successfully defended against with technologies that are now outdated. Signature-based antivirus software has long since ceased to be sufficient. Machine learning and classification techniques that can determine whether something is malicious based on behavior or other observable characteristics are now standard for any company’s defense.

5. Exercising the case of emergency 

Tabletop exercises are an efficient way to train the right response in an emergency. After all, even the best security solution in the world is no use if organizations don’t know who to turn to in the event of danger, what needs to be done and who all is involved in the defense process. Regular drills can train all personnel and ensure that the right response is taken in a dangerous situation.  In addition, these exercises can help IT, clinical, administrative, and security personnel also continue to identify and address cybersecurity and business continuity vulnerabilities.

By Drex DeFord, Executive Healthcare Strategist, CrowdStrike

The post Ransomware in the Healthcare Sector – Five Tips on how Healthcare Organisations can Better Protect Themselves appeared first on .

Knowing how to respond to a ransomware attack is essential for data recovery and patient protection. An organization’s first steps determine how well healthcare systems bounce back following a breach and can progress with upgraded security measures.

Here are the most common ransomware attacks in healthcare, the essential steps for emergency ransomware response and how to prevent future cybercrimes.

Prevalence of Ransomware Attacks on Healthcare Systems

Ransomware attacks in healthcare have been on an upward trend in the last decade. One study from January 2016 to December 2021 revealed 374 ransomware attacks on U.S. healthcare organizations, exposing 42 million patients’ personal information.

Annually, the attacks doubled from 43 to 91, while 44.4% caused delayed care due to electronic system downtime. Some of the attacks also diverted ambulances and impacted appointment scheduling.

There were already 15 healthcare system ransomware attacks in the U.S. this year as of May 2023. Cyberattackers stole data from 12 of the 15 organizations.

In August 2020, a ransomware attack on Universal Health Services affected nearly 400 locations nationwide, making it the most extensive cyberattack in U.S. history.

Although UHS could restore much of its pharmacology records within days due to its 24-hour backup protocol, the damage was done. The breach cost $67 million in recovery costs, labor and operating revenue.

7 Steps for Emergency Ransomware Response

The first steps are essential when responding to an emergency ransomware attack. Healthcare organizations should take the following measures to secure their systems, restore data, and protect patients and customers.

1.    Contain the Attacked Systems

Organizations may want to delete information following a security breach. However, saving evidence is vital to understand how the hack occurred and who did it.

First, identify the compromised servers so more devices do not become infected. Disconnecting the internet, turning off remote access and changing all passwords are some of the more immediate measures organizations can take.

2.    Assess the Breached Data

Healthcare organizations can tell whether their systems are infected with ransomware because attackers will give notice. A ransom note on the screen informs users of locked files with payment instructions to decrypt them. Strange filenames or a “Lock” prefix on affected extensions also indicate a virus.

It’s important to assess who was breached — customers, employees or vendors — and the severity, including what information the attackers targeted. This could be credit cards, email or mailing addresses, or birthdays.

3.    Back up the Affected Data

Organizations can lose important information during a ransomware attack if it’s not backed up. Backing up data allows healthcare groups to restore it once they’ve cleared the virus from all affected systems.

Organizations that did not previously use cloud storage or another backup system should do so in the event of future attacks.

4.    Report the Attack

Law enforcement can assist organizations in locating the perpetrator following an attack and recover lost data and assets. Companies should also contact the Cybersecurity and Infrastructure Security Agency to report the issue.

Filing a complaint with the FBI’s Internet Crime Complaint Center can be done online. The IC3 will ask for the victim’s name and contact details, financial information and other information regarding the incident. Organizations should contact local law enforcement for time-sensitive emergencies.

It is also best for the organization to contact its cyber insurance carrier to provide additional resources and guidance.

5.    Inform Affected Parties

Organization leaders must contact staff through email to inform them of the security breach and implement comprehensive procedures and authorizations.

Healthcare organizations should err on the side of transparency regarding patients. They should set up a customer service hotline to field calls and answer questions about the breach. The more honest an organization is in its communication, the better its chance of maintaining positive and professional relationships.

6.    Restore Data

If company technicians cannot decrypt the affected files, restoring data is the only way to preserve it — but only after removing ransomware from the computer systems.

Organizations must know the type of ransomware used in the attack for decryptor tools to work. These can be challenging to find.

Of course, data recovery backups will only work if healthcare companies have backup systems in place. Otherwise, the information could be lost forever.

7.    Upgrade Security Measures

Once systems have been recovered, organizations must implement upgraded security measures to prevent future attacks. For example, they should upgrade software or integrate more stringent security controls.

IT departments should review and update security protocols to improve response efficiency to future threats.

Preventing Future Ransomware Healthcare Breaches

The healthcare industry can take several measures to prevent future ransomware attacks and other security breaches, including the following:

• Develop an organizational plan for identifying and containing ransomware attacks. This should include steps for reporting the issue to officials and notifying patients about potential data exposure.
• Offer regular cybersecurity training to employees so they are equipped with the tools and best practices to prevent cyberattacks and phishing scams.
• Automate software updates and review system securities.
• Utilize a cloud system to back up files and ensure data recovery during future threats.
• Segment crucial medical devices from broader networks to prevent ransomware from spreading.
• Add security controls like firewalls, multifactor authentication, intrusion detection systems and data loss prevention solutions.

Organizations should always avoid paying the ransom to retrieve the encrypted data and allow law enforcement to assist.

Improve Healthcare System Recovery During Ransomware Attacks

How an organization responds to a ransomware attack is critical in healthcare. The faster the response time, the better it is for protecting organizational data, assets and patient privacy. Companies should upgrade their protocols and security measures to prevent cybercriminals from disrupting services.

By Zac Amos, rehack.com

The post Crucial First Steps After a Healthcare Ransomware Attack appeared first on .

Navigating the Competitive Market

In an environment where everyone is searching for the same skilled individuals, it becomes essential to explore alternative avenues for talent acquisition. Collaborating with HR departments, partnering with recruiting companies, tapping into military bases, engaging retirees and connecting with schools can help broaden the pool of potential candidates. By diversifying our recruitment efforts, we increase our chances of finding individuals with the right attitude and aptitude for cybersecurity.

Emphasising the Right Attitude

While technical skills are undoubtedly important, hiring for attitude is paramount. The right attitude encompasses a mindset that values training and a willingness to learn, as cybersecurity is a rapidly evolving field. By prioritising candidates who demonstrate a hunger for continuous growth, we ensure that our team remains adaptable and capable of handling emerging threats.

Hiring as a Relationship

Hiring is not just about skills and qualifications; it is about finding a mutual fit. Just as in a relationship, it is crucial to assess whether the candidate’s attitude complements the existing team. Building a cohesive unit involves assembling individuals who bring diverse perspectives, strengths and values. This collaborative spirit fosters innovation and resilience in the face of cyber challenges.

Retaining and Nurturing Talent

When we come across exceptional talent, it is important to hold onto them, even if there isn’t an immediate job opening. Good talent with the right attitude is difficult to come by. By bringing in talented individuals and providing them with training and growth opportunities, we invest in the long-term success of both the team and the organisation. We should also consider giving newbies a chance, as experience isn’t always a prerequisite for success. A fresh perspective can invigorate the team and bring new insights to the table.

Developing Effective Leadership

Building the right team also entails fostering effective leadership. As leaders, we must adopt an open-door policy and actively connect with our team members. Creating a culture of continuous learning and improvement involves teaching leaders to be better leaders themselves. Sharing knowledge and empowering team members through a “manage-up” approach, where everyone is encouraged to teach and learn from each other, cultivates a sense of ownership and drives professional growth within the team.

Fairness and Inclusion

A strong team is built on fairness and inclusion. Every team member requires a different style of leadership, and it is important to provide equal opportunities for growth and development. Encouraging open communication, embracing feedback and treating every team member with respect and fairness fosters a positive work environment and strengthens the team member bond.

Cybersecurity team talent acquisition

In the competitive realm of cybersecurity talent acquisition, hiring for attitude is vital for building a resilient team. By valuing the right mindset, prioritising continuous learning and fostering effective leadership, we create an environment where talented professionals can thrive. Embracing alternative recruitment channels, such as HR departments, recruiting companies, military bases, retirees and schools, can expand our talent pool and increases the chances of finding individuals who possess the necessary skills and attitude required to excel in the ever-evolving field of cybersecurity. By investing in the right attitude, we lay the foundation for a strong and cohesive team that can successfully navigate the challenges of the cybersecurity landscape and protect our organisations.

Article by Anis Trabelsi

The post Building a Resilient Cybersecurity Team: Hiring for Attitude in a Competitive Market appeared first on .

The sensitive data contained in medical records makes them an appealing target for cyber criminals who are then able to sell this information or hold it for ransom, and as a result 43% of healthcare organisations have experienced a ransomware attack in recent years.

Learning from the past

A lot can be learnt from the WannaCry attack, a ransomware attack that impacted a significant number of major healthcare providers in May 2017. Thousands of appointments and operations were cancelled, and in some places patients had to travel further to accident and emergency departments.

No healthcare organisation paid the ransom, but the level of widespread disruption was significant, and dangerous. A cyber researcher ultimately activated a ‘kill switch’ so that WannaCry stopped locking devices to enable data to be stolen.

Since this attack, the healthcare organisations that were impacted have written to every major health board to ensure that they have implemented all alerts and taken action to secure local firewalls. It was a wake-up call for a sector with teams largely underfunded and compromised by legacy systems, with investment and upgrades needed and cybersecurity suddenly a priority.

Cybersecurity Risks

Sharing data online opens up the possibility of being hacked, which is why it is important for security teams within organisations to know where the potential risks are. Good cybersecurity practices are essential across the healthcare sector, due to the sensitive nature and value of its data – methods of prevention should therefore be in place.

The main risk is often through emails, a primary means of communication, but also an obvious potential entry point for attackers to target. All employees need to be aware of phishing emails that may look genuine but are from unreliable sources, while strong passwords should also be used to ensure that hackers are unable to break into emails.

It is also important to remember that healthcare establishments, such as hospitals and GP surgeries, are public places.  If physical devices are left unattended then anyone can potentially have access to them. Laptops, tablets and mobile phones could easily fall into the wrong hands if they are not correctly looked after, and again, strong passwords and security precautions should be used on these devices.

These spaces also often offer free Wi-Fi, meaning anyone can potentially access these networks. IT teams need to ensure there is a clear separation between the public Wi-Fi and any network that links through to sensitive data or operational systems, and that appropriate passwords and security measures are in place.

Adopting good practices for healthcare cybersecurity

Healthcare organisations need to have a well-developed plan to prevent cyberattacks from taking place, and a well-defined plan in place to tackle this issue and implement solutions if one does happen.

Organisations should establish a security culture which involves regular risk assessments and employees receiving regular cybersecurity education and training. There are constant developments in healthcare, with new medications and trials going ahead to find the cure to aliments. The same applies to cybercriminals finding new ways of targeting people and organisations to make their attacks more convincing, meaning awareness also needs to continually evolve.

Well-developed incident response plans need to be prepared and developed in case of attacks taking place. Organisations must be proactive rather than reactive, which will ensure that there is a solution to the problem before it has even occurred. In this way, organisations can get ahead of an attack and deal with it head on, before it becomes a bigger problem.

The key way to ensure an organisation limits the possibility of a cyberattack, is to use security solutions that include the best possible firewalls. The use of these alongside the installation of antivirus software means that getting hacked is less common.

What healthcare organisations can do now

There are a few vital effective methods of improving an organisations security posture. First and foremost is foundationally integrating security into the business practice. Even when a business wants to quickly adopt new technologies or clinical workflows, security needs to be embedded into those workflows across IT, networking, etc. The convergence of networking and security is important. And then adopting a mesh-type architecture approach to security. It’s important to have a comprehensive, integrated approach to security that includes zero trust as well. Securing remote and online care is paramount in healthcare.

Right now, we’re seeing much higher adoption of multifactor authentication and having zero-trust solutions embedded into networks to minimise the impact of an attack. Healthcare organisations are doubling down on security because they’re starting to understand it better. The health systems that have become more mature within security operations to get in front of or limit the damage of attacks are being successful, and that information is spreading through the industry.

By Chris Parker, Director of Government Strategy, Fortinet

The post The Crucial Role of Cybersecurity in Healthcare appeared first on .

The healthcare industry has always had a reliance on technology to help deliver the best possible treatments and services. However, the digital transformation journey is leaving this industry vulnerable to cyberattacks.

We only have to be reminded of the significant attacks that have plagued the NHS, from WannaCry in 2017 to the more recent attack that successfully took offline various health systems and badly affected ambulance dispatch, prescriptions and the 111 helplines. During the pandemic, the NCSC even issued warnings to the healthcare and pharmaceutical industry on staying vigilant due to the increased threats against the sector.

One of the most common threats posed to the healthcare industry is phishing and such a threat can result in data being stolen or deleted, systems crashing and even medical devices harming patients.

Phishing is effective because it plays on our curious and inquisitive nature. For instance, when we get a letter, we open it quickly, often not knowing what it contains or who it’s from. This exact behaviour is what hackers hope to trigger when sending phishing emails and is why it is such a successful attack – it has already reached an all-time high in 2022.

Healthcare vs Phishing: the stats

As we delve deeper into healthcare and how it is coping with the phishing pandemic, research shows those working within the sector are among the most susceptible to being deceived by phishing threats. This was calculated by testing an organisation’s employee susceptibility to simulated phishing attacks over 3 phases which then provided a Phish-prone Percentage (PPP).

The stats showed large healthcare organisations (1000+ employees) had a Phish-prone Percentage score of 45%, a significantly higher percentage than the baseline average score of 32.4% across all industries and all sizes. This highlights healthcare employees currently have a lower base of security awareness and are more likely to click a phishing email link or open an infected attachment.

With this information, we can act and begin the process to make effective changes both immediately and in the long run with the end goal to ensure everyone’s behaviours, attitudes, and culture – relating to security – is being improved.

Creating a healthy environment for secure behaviours to flourish

To build an effective security culture within the company, the first thing you want to do is avoid investing large amounts in the latest cybersecurity tools on the market. This is considered a superficial response to a psychological problem within the workforce. Technology certainly has a place and there will always be a need for it but in this instance, we need a different approach to rectify this deep-rooted issue in order to change these habits.

As such, it is up to the security leaders at healthcare organisations to implement dedicated security awareness programmes that:

• Provide clear processes and mandates
• Meet the organisation’s security policies
• Aim to synchronise with and improve the overall security culture
• Create an environment that enables the workforce into being security-ready
• Have the unwavering backing of the board level and senior management

The last point is critical because you need every member of staff to sing from the same hymn sheet and if the general worker doesn’t see the heads of the company following security procedures, they will begin to think why they should.

Communication is powerful in this instance and by educating the workforce as to why they should care about protecting the company, and themselves against cyber threats, will go a long way in getting them on side.

Champion those who take security seriously

Showing examples of what ‘good security practises’ looks like is another important element to emphasise. You need role models who will ‘lead by example’ and drive security awareness across the company. They will participate in the same training requirements as their colleagues no matter their level of seniority so having these individuals be the torch bearers will lead to others following their safer cyber habits.

You’ll quickly notice natural changes in awareness and culture.

Moreover, you can spot the staff members that are more security aware, and these can be ‘security champions’ who can help reinforce the messages around improving the security culture.

The success of the security awareness and culture programme is also linked to the content used. Having mundane, boring and stagnant training material will instantly turn people away. In order to create a positive learning experience, incorporate learning materials that are tailored to your organisation, industry and come in a variety of mediums and languages which can be viewed through interactive modules, presentations, videos, tv-shows, games, newsletters and assessments.

Content is king and there are several methods to suit different learning styles and they will help your staff absorb your security ethos.

You want to avoid vendors that apply a one-size-fits-all approach to security awareness training. Additionally, you can’t expect your internal security or IT department to create these learning materials. Doing either will only lead to failure, wasted resources, a workforce lacking in true security knowledge and a weak security culture.

Human layer of defence

Those within healthcare ultimately want to deliver the best care for their patients. What they must understand is that this care is not only physically or mentally, but also digitally. Collectively, they have a duty and responsibility to protect that patient’s data and privacy and to do this adequately, knowing the steps to prevent social engineering threats like phishing being successful is vital.

You want your staff to make the right security decisions at the right moment. Therefore, continuously test the workforce with phishing simulations and training while also utilising behavioural reinforcement to build a strong human defence layer that remains vigilant. This can then be measured to see where the company is in its phishing proneness and give you a better understanding of strengths and weakness in the security culture. By following these steps, you will see an improvement in the security awareness of each employee, the security culture of the entire organisation and a significant reduction risk to the company.

By Javvad Malik, lead security awareness advocate at KnowBe4

The post Understanding the Cure to the Healthcare Phishing Problem appeared first on .