Ransomware in the global healthcare industry 

The World Health Organization (The WHO) hosted a webinar on the 18 July to discuss the critical importance of cybersecurity in the healthcare sector, highlighting the severity of the situation the industry is currently facing. Healthcare organizations are increasingly relying on digital systems to facilitate their daily workflow, but the prevalence of outdated legacy technology in the sector is rendering it vulnerable to cyber-attacks with severe consequences.  

As has been demonstrated with recent high-profile attacks on healthcare organizations, such as the US’ Ascension and Change Healthcare incidents, and the UK’s NHS attack, the healthcare industry must review its priorities, the threats it faces, and its security measures, without delay. 

Investing in data availability 

Healthcare organizations store valuable personal and health information within Electronic Health Records (EHR). These records contain data that are hot commodities on the black market: from full names, birth dates, and health monitoring information to social security numbers, billing and insurance details. Storing data digitally allows healthcare organizations to share important information quickly between staff and across borders, facilitating faster, more comprehensive patient care, but it also carries risk.  

Employees often have access to more information than they need to see. Should an employee accidentally click a phishing link or be exposed to malware, a bad actor can potentially access an organization’s entire system. Further, storing data digitally makes healthcare organizations dependent on their systems, meaning that in the event of a cyber-attack they can be brought to a standstill. For example, the Ascension Healthcare Incident resulted in ambulances being diverted, and staff resorting to writing information on paper, slowing essential operations. 

Immediate access to accurate patient data is not just a convenience; it’s a matter of life and death. However, this urgency for data accessibility must be balanced with stringent security measures. The vulnerability of confidential medical data to malware and ransomware attacks necessitates unwavering vigilance and robust security controls. 

Relying on legacy systems 

Many medical facilities and clinicians operate on outdated systems and devices, often running obsolete software versions and lacking adequate security measures. A single compromised legacy system can serve as a gateway for major data breaches, highlighting the critical need for modernization and security upgrades. The risk for such an event is high as legacy systems are often unsupported by their original developers, leaving them without essential security patches and updates. 

Unfortunately, it’s not just the resilience of their own systems healthcare organizations should be considering. An emerging trend that is quickly gaining traction in the threat landscape is supply-chain attacks: which is when an organization is subjected to a cyber-attack, and it travels to their partners and customers. The UK's NHS fell victim to a ransomware attack on its third-party partner, Synnovis. This can result in considerable impacts on healthcare services, and potentially life-threatening delays. In this particular instance, blood testing at two NHS hospital trusts is still only operating at 54 percent of normal levels, 6000 outpatient appointments and 1500 operations have been cancelled. 

This places healthcare organizations in a precarious position, as these attacks can be inserted at any point in the supply chain. To mitigate this risk, they must understand the cybersecurity posture of their partners, and establish a collaborative relationship that emphasizes sharing threat intelligence. This will improve the cybersecurity posture of the entire supply chain. 

Integrating modern assets 

Another challenge the healthcare industry faces is that while they embrace new technologies to enhance efficiency and patient care, like IoT medical devices and EHR applications, they also expand and complicate their attack surface. This exposes sensitive data to a myriad of threats and makes it hard to monitor for threats and anomalies. The intersection of innovation and security presents a daunting challenge for healthcare organizations striving to embrace progress without compromising patient privacy and safety. 

This puts the healthcare industry in a difficult position. Shying away from adopting new technologies can cause organizations to sacrifice the quality of their care, and lead to them having outdated technology and security measures, which increases the risk of a cyber-attack. However, integrating new technologies and driving innovation in their sector can create numerous challenges that their security teams struggle to keep pace with.  

Ransomware is becoming democratized 

From a risk perspective, valuable, easily accessible data with outdated cybersecurity measures, and an industry with a low tolerance for downtime, creates the perfect target for cyber-attacks. Bad actors are economic with their attacks: often valuing low-risk, high-reward targets that are likely to acquiesce to their demands. According to a recent Sophos State of Ransomware 2024 Report, ransomware attacks within the healthcare industry are not only on the rise, but over half the victims would pay up to 111 percent of the original ransom. 

The threat landscape is also evolving, with ransomware quickly becoming a democratized industry. New developments such as Ransomware-as-a-Service (RaaS) and Ransomware-for-Hire Services enable anyone to launch a ransomware attack, even if they lack technical skills. Gen AI-based attacks are also increasing; resulting in more sophisticated attacks and phishing campaigns that can be more difficult to identify.  

Combating the Threats 

To combat the threats outlined above, a threat intelligence platform can be a robust solution that helps simplify cybersecurity efforts and support digital transformation. By aggregating all sources of threat intelligence and vulnerability data into a central repository, healthcare organizations can gain a holistic view of their cybersecurity landscape, enhancing visibility and informed decision-making. They can also enable an organization to prioritize threats based on their impact on the health system environment. This means that teams can filter out noise and focus on critical assets and vulnerabilities, ensuring that resources are allocated where they are most needed.  

Additionally, they can automate the dissemination of threat intelligence, empowering healthcare organizations to quickly share information against cyber adversaries. Armed with intelligence, teams can proactively hunt for malicious activity, swiftly identifying and neutralizing threats before they can wreak havoc on patient records and organizational integrity. A threat intelligence platform accelerates analysis and response to attacks, enabling rapid mitigation against evolving threats. 

Through assessing and understanding its current cybersecurity posture, and the threat landscape, the healthcare industry will be able to update its cybersecurity infrastructure in a more comprehensive fashion. Threat intelligence platform solutions enable healthcare organizations to improve the overall security of their supply chain, and patch its existing cybersecurity issues, whilst maintaining its daily operations. 

Image credit: AndreyPopov/depositphotos.com

Leon Ward is VP, Product Management, ThreatQuotient.