Evolving Ransomware Threats on Healthcare

Evolving Ransomware Threats on Healthcare

According to an article by Adam Mansour in Govinfo Security, more recently, analysis and reports from the U.S. Department of Health and Human Services Health Sector Cybersecurity Coordination Center (HC3) have revealed that the ransomware threat is not declining — and worse, it is evolving.

“Ransomware stays a major threat to the health sector worldwide, with many healthcare institutions operating legacy technology with limited security resources,” the HC3 stated in late 2021.

While healthcare as an industry is most chosen by ransomware, health or medical clinics are the most formidable hit. Not surprising, given these are the institutions that are most likely to lack the in-house security resources or to have created a significant investment in their security stance.

Settling Ransomware Only Makes Matters More harmful

Healthcare institutions can’t afford to disrupt their systems, slipping back to 20th-century pen and paper (not just owing to the doctor’s handwriting). This is just what top ransomware parties — gangs — like Conti, REvil, and Hive are counting on.

That may cause some healthcare organizations quick to pay ransomware needs, not guaranteeing that the information locked up or intimidated with release won’t still be made public or sold on the dark web.

Ransomware Threats Targeting Healthcare Resume to Evolve

In 2022, threat actors developed the tactics, techniques, and procedures (TTPs) utilized in their healthcare ransomware attacks.

One prolific ring targeting healthcare, FIN12, typically takes less than two days to achieve its file-encrypting payload. It does this by bypassing the data exfiltration stage most ransomware gangs use to increase their probabilities of getting paid. FIN12 goes straight for the jugular to sidestep the chance of detection with a longer dwell time.

One healthcare financial services company breach associated with Quantum Locker Ransomware recently affected 657 providers and leaked more than 1.9 million patient records.

Institutions must act fast and rely on automated defenses, AI, and human defenders. Automated detection tools alone struggle with the emerging human-at-keyboard threat.

A protection-first managed detection and response (MDR) service uses agents at the endpoint to detect and block attacks and forward logs to threat hunters, but that alone is not enough. Machine learning is used as the first line of defense, continuously monitoring for abnormal behavior and providing the analysis and data that human threat hunters need to act on.

In the case of ActZero’s MDR, we have highly trained threat hunters investigate each detection — because, in a human-at-keyboard attack, bad actors will change their tactics once blocked. Our threat hunters are there to react and continue thwarting them when they pivot. Then it becomes human versus humans, hacker versus a well-equipped team of defenders.

The Need for Greater Security Investment in Healthcare

Security frequently gets deprioritized for solutions that affect patient care more directly. Investment in security comes piecemeal and reactively.

That’s just bad medicine. Investing proactively in the health of your organization’s cybersecurity is akin to the proactive steps one must take to avoid illness. Isn’t it better for patients with high blood pressure to take their meds proactively than to need bypass surgery eventually? Cybersecurity is no different; prevention is better than cure.

And like fighting living parasites, one needs the guidance and actions of experts to achieve a healthy defense against the growing ransomware epidemic.