In late October 2020, multiple hospitals across the United States were hit by ransomware attacks. The escalating series of attacks were quickly identified and linked to earlier cybercrimes against other healthcare facilities. The healthcare industry was already grappling against constraints brought on by the COVID-19 pandemic, but IT teams acted quickly and fought to keep systems running.
The United States Cybersecurity and Infrastructure Security Agency (CISA) released an ominous and urgent advisory warning. “There is an imminent and increased cybercrime threat to U.S. hospitals and healthcare providers," CISA said in a statement. They warned healthcare providers to “ensure they take timely and reasonable precautions to protect their networks from these threats.”
This was not some random cybercriminal looking to steal a few EHRs, but a planned incursion from an Eastern European financially-motivated actor, according to Charles Carmakal, SVP and CTO of Mandiant cybersecurity firm.
"We are experiencing the most significant cyber security threat we've ever seen in the United States," he said.
“In terms of ransomware it's the biggest attack we've ever seen,” said Allan Liska, intelligence analyst for Recorded Future. He reported there were at least six attacks in 24 hours and maybe more.
“We’re aware of multiple hospitals that have had to reroute patients to other hospitals,” said Charles Carmakal, CTO of FireEye Mandiant in an interview with CRN. “And so you think about it from a human perspective, the ramifications are tremendous here. You’re potentially dealing with real impact to human lives or at least patient care to people that really need it, especially during this pandemic.”
Traditional Security Can’t Protect Healthcare
FireEye helps companies augment and automate cybersecurity needs. They called the October attacks brazen.
“This group is the one that tends to escalate privileges,” Carmakal said. “Once they have access to that first system, they move laterally and escalate privilege some more. They look for critical infrastructure, or critical servers, within the organization. They look for backup systems. They deliberately destroy backup systems in an effort to make it more difficult for your organization to recover from the incident. And what they’ll do is very broadly deploy and encrypt your system across as many servers, workstations and laptops as they possibly can.”
This ongoing large-scale cyberattack against U.S. health organizations mark a crucial point, according to Cheryl Rodenfels, CTO of Americas Healthcare for Nutanix. Castle-and-moat security strategies don’t adequately protect healthcare networks or valuable electronic health records (EHRs).
“Health systems can no longer rely on traditional security approaches when it comes to protecting highly sensitive patient data,” Rodenfels said. “It’s time to redefine what it means to run a secure, reliable healthcare IT ecosystem. It’s time to take the steps toward modern, hybrid cloud operations.”
Pointing to the Frost & Sullivan Executive Brief on Healthcare cybersecurity, Rodenfels said recent attacks combined with the pandemic crisis means cybercriminals have a better chance of finding system vulnerabilities. This means there are more reasons for healthcare organizations to quickly adopt new technologies and services that support fluid data movement, flexible but secure access, interoperability and swift scale-up of innovative applications to support patient interactions.
“These new hybrid cloud technologies make it easier for IT teams to manage and update multiple systems from almost anywhere,” Rodenfels said. “And they provide powerful tools to automate or microsegment systems, which can quickly identify and stop the spread of cyberattacks.”
According to Frost & Sullivan, over 50% of healthcare IT workloads are deployed in the cloud, which shows many healthcare IT leaders are already comfortable placing crucial data and analytics in the cloud. The shift from on-premise data centers to hybrid and multicloud systems enables IT teams to address evolving needs, new trends and challenges caused by the COVID-19 crisis.
Mitigating Healthcare IT Risk
As healthcare IT teams rely on cloud services to run applications and manage data, their organizations are learning new skills, said Rodenfels. To prepare teams and protect against security breaches, IT leaders need to focus on three things. First is the creation of ‘application maps’ to visualize and track apps and networks in case of a security incident. Second is using application tiers to segment traffic to prevent the spread of malware. Finally, consistent employee training, and changes to how people think about things like archiving that can prevent an attack from ever happening.
“To mitigate the potential risk, hospital IT leaders must increase visibility by creating accurate application maps that visualize application and network interactions,” said Rodenfels. “This allows them to identify and mitigate incidents quickly and accurately, before data is stolen or daily operations are compromised.”
Rodenfels also recommended using automation and tools that regularly access the performance of IT systems, so weaknesses can be identified before they become opportunities for attacks.
Fast Counter Attack
After a cyberattack occurs, panic ensues and everyone begins to scramble. Shutting down the whole system is not an option. That’s when the application map comes in handy. Having a visual framework of the IT ecosystem helps locate the incursion and plan an effective response.
“You create that map so you don't have to waste time identifying every single component and every single touch point tracing that application,” said Rosenfels. “All of a sudden, you know what's happening.”
Using a segmentation strategy to sanction off individual applications to block unwanted actors from penetrating the whole system.
“If an attack does go unnoticed, microsegmentation can be used to create protected application tiers, aiding in the prevention of malware spread throughout the organization,” she said.
Training and Culture
Since the October ransomware attacks were accomplished through phishing schemes, Rodenfels said healthcare organizations must diligently train hospital system users to avoid suspicious emails.
In addition to better training, IT teams can create a system for archiving online activity so it’s easier to find the path and proliferation of the problem.
Then it’s important to manage role-based access so that access to online resources are given only to those who need it and are authorized.
“To achieve all of this requires a huge technology and social change inside an organization,” she said. A team with a plan and the right tools is the best way to keep cybercriminals away.”
Brian Carlson is a contributing writer. He is Founder of RoC Consulting and was Editor-in-Chief of CIO.com and EE Times. Follow him on Twitter @bcarlsonDM.
© 2021 Nutanix, Inc. All rights reserved. For additional legal information, please go here.