Threat actors are taking full advantage of today’s uncertain times by launching a wave of new cyber-attacks, leveraging tactics such as phishing, ransomware, and credential stuffing. Ransomware attacks alone — in which hackers take over an organization’s computer systems and demand ransom payments to return them — have seen a dramatic uptick amid the COVID-19 pandemic. Cybersecurity Ventures estimates that organizations will fall victim to a ransomware attack every 11 seconds by 2021, up from every 40 seconds in 2016.
Ransomware has a major impact since encrypting and blocking access to sensitive data can shut down an organization’s entire business operations, causing major financial damages. According to IBM's Cost of a Data Breach Report 2020, the average cost of ransomware attacks is about $4.44 million, which is higher than the average cost of a traditional data breach ($3.86 million) or malicious breach ($4.27 million).
The impact of these type of attacks is even bigger for healthcare organizations, as they are dealing with a vast amount of highly sensitive data which needs to remain current and accurate, as life or death decisions may depend on it. Thus, it is not surprising that according to the US Healthcare Cybersecurity Market 2020 - Frost Radar Report more than 90% of all healthcare organizations reported at least one security breach over the last three years in the United States. Threat actors see healthcare providers as prime targets because their systems (e.g., virtual care platforms, remote patient monitoring devices, diagnostic systems, and ICU ventilators) are crucial to patients' wellbeing, making them more likely to pay a ransom.
A good example for this is last year’s ransomware attack on Universal Health Services (UHS), a Pennsylvania-based healthcare provider operating about 400 facilities. The ransomware attack forced the company to shut down its IT network at multiple hospitals across the country and divert patients to other facilities. However, such actions can prove fatal, as another security incident in Germany illustrates. A female patient died after Düsseldorf University Clinic's servers were encrypted, which necessitated that she be relocated to a hospital 20 miles away.
The following fundamental measures can help healthcare organizations minimize their exposure to ransomware attacks:
- Implement cybersecurity training to educate employees on how ransomware is being deployed and how to recognize and avoid spear-phishing attacks.
- Regularly update anti-virus and anti-malware with the latest signatures and perform regular scans.
- Back up data regularly to a non-connected environment and verify the integrity of those backups.
Beyond these generic preventive measures, organizations must pay special attention to the state of their endpoints, as those devices are often the launchpad from which ransomware spreads across the network. Thus, it is essential to assure that all endpoints on a healthcare organization’s network are healthy and that all applied security controls persist. In doing so, healthcare organizations can significantly reduce a threat actor’s attack surface and in turn minimize the cyber risk exposure.
In this context, Absolute helps healthcare organizations provide the necessary visibility, defense, and response tools to protect against and respond to ransomware attacks. Leveraging the power of Absolute technology, healthcare organizations can:
- Monitor for Unusual Activity:Absolute provides IT and security staff with granular insight into all the endpoints on their network. Once they have visibility over all the endpoints on the network, they can look for suspicious behavior or spikes in connections on devices that are usually quiet.
- Control Endpoints from Anywhere: Absolute empowers IT and security staff to lock devices and restrict device network access to halt the spread of malicious software.
- Harden Existing Endpoint Security Controls: It is imperative to keep endpoint security software like anti-virus, anti-malware, VPN software, and/or disk encryption active and up to date on all devices. Absolute allows healthcare organizations to make their endpoint security controls resilient against software decay or malicious actions by self-healingthese critical applications whenever needed. This keeps endpoints secure and compliant with an organization’s security policies without the need to constantly intervene.
- Respond to Ransomware Attacks: Absolute helps orchestrate remote device actions via its Absolute Reach scripting, which is resilient to ransomware attacks. IT and security staff can also inform end users of the incident status and provide instructions while their devices are under attack.
Ultimately, selecting an endpoint resilience solution like Absolute is one of the most critical technology investments a healthcare organization can make to minimize their cyber risk exposure. To check out more details, please visit our healthcare solutions page.