IT | Security

How Canada’s Healthcare Overhaul Led to a 15% Increase in Security Breaches

By: Christopher Liew | 3/11/2020

In 2019, Canada’s healthcare system underwent an overhaul. Taking place in Canada’s most populated province Ontario, the changes have been described as the most significant health system update in 50 years.

Ontario was attempting to merge its health agencies to create local coordination organizations and maximize efficiencies. Combining the systems brought complications however and resulted in a 15% increase in the number of cybersecurity breaches. Hacker’s targeted three Ontario hospitals in October and paralyzed its operations using the Ryuk ransomware – now the most profitable ransomware family in the last six years. Ryuk is a common culprit known for shutting down local governments, school systems, and most recently, oil and gas facilities.

Ryuk Ransomware

Ransomware is commonly used in healthcare due to the sensitive and valuable nature of the information organizations hold. Hackers will often first use ransomware to gather information about a hospital's finances, to figure out how large of a ransom to ask for. Then, hackers will use the ransomware to lock up a hospital’s information, effectively holding it hostage until a payment is given.

In October, the Canadian Centre for Cyber Security issued a nationwide alert for Ryuk ransomware. One security company stated that almost 50% of all breaches by the ransomware was targeted towards healthcare. One of its hospital clients reported over 3,200 exploit attempts in October alone.

Across healthcare, Ryuk isn’t limited to only Canadian hospitals. Last October, three Alabama hospitals had access to its patient lists blocked. Several hospitals in Australia also had a similar ransomware attack that crippled its systems.

Prevention is the best defense against ransomware

If ransomware has infected your organization’s systems, there's a good chance that it won't be easily removed. System administrators have attempted to reimage computers to reset them to their previous configurations before the attack, only to have the ransomware come right back shortly after the systems returned.

Rather than waiting until its too late and being forced to make the choice of paying a hefty ransom or not, a better approach is to start by taking preventative measures to protect your systems.

Typical points of entry for healthcare attacks

Here are a few common points of entry that hackers often try to exploit:

  • Endpoints via outdated or unpatched applications
  • Medical Internet of Things (IoT) devices
  • Unknowing users who click on malicious links on a webpage or in an email

Ways to help prevent ransomware attacks

To secure and manage your sensitive healthcare devices, data and applications, start by staying in control with a resilient connection to all your endpoints.

  1. Block TCP port 3389 on the firewall if possible.
  2. Employ content filtering and scanning on mail servers.
  3. Scan incoming and outgoing emails for threats.
  4. Educate employees on how to recognize suspicious links and attachments, even if it seems to be coming from someone they know.
  5. Minimize the number of users with admin privileges who can install software.
  6. Ensure systems and software are updated regularly with up-to-date patches.
  7. Have daily backups of all critical systems with offline and offsite copies.
  8. Disable Remote Desktop Services if not required.
  9. Disable macros for documents received via email.
  10. Respond to incidents quickly with automatic location and deletion of data when needed

Conclusion

In 2020, to stay ahead of hackers and ransomware attacks like Ryuk and others, endpoint resilience is increasingly important. Because you can’t secure what you can’t see, uncompromised visibility into every device, whether it’s on or off the network is the first step. And because security tools inevitably degrade and fail over time, as research has proven, you also need a persistent, self-healing connection that will alert you to potential problems.

To find out how Apria Healthcare uses Absolute to gain visibility into device location and activity, secure patient data and improve access to patient care in the field, check out the case study or read up on Absolute healthcare solutions.