Healthcare providers, already struck by the COVID-19 pandemic, were recently put on high alert by major government agencies. Recent warnings issued by the U.S. Department of Homeland Security Cybersecurity Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services stated an imminent threat of highly sophisticated Trickbot malware and Ryuk ransomware were targeting the sector.
The healthcare sector is becoming an ever-increasing target of nefarious cybercrime offenders. These latest attacks, as well as the United Health Systems malware attack in early October, resulted in significant disruptions across 400 hospitals. They are unprecedented in magnitude for the U.S., given their timing in the heat of a contentious presidential election and the worst global pandemic in a century.
Critical targets are under siege
Organizations in the health sector and critical infrastructure have been particularly attractive targets for cybercriminals in 2020, as revealed in our 2020 Vulnerability and Threat Trends Mid-Year Report. One reason for this is that cybercriminals are aware of the importance of the work being done by health professionals to treat people during the COVID-19 pandemic and develop a vaccine as quickly as possible. They know that organizations will pay through the nose to decrypt critical data and are unsympathetic to make financial gains.
Earlier this year, the U.S., UK and Canadian security agencies circulated an astonishing joint statement.2 It alleged that the cybercriminal group known as Cozy Bear, on behalf of Russian intelligence, was on a mission to steal vaccine research from health tech firm IQVIA. It is not clear whether this was a nation-state attack or profit-driven. What matters most is that it happened and could happen again. Given this attack’s context, health organizations should have had heightened awareness that an attack such as this was bound to occur.
We have also witnessed the horrific ransomware attack that struck Dusseldorf University Hospital earlier this year, which made evident that it is not just data but also human lives at stake when it comes to effective cybersecurity. The attack shut down the entire A&E department, which led to a patient dying when moved to another facility 20 miles away.
With foundational industries at such risk, protecting against malicious activity must take priority. Yet, when under pressure, it is incredibly challenging to build an understanding of what threats might be on the horizon. Therefore, context awareness needs to be grounded in establishing the right preventative measures to mitigate future attacks.
How to establish more resilient and preventative cybersecurity measures
To address the rising volume of vulnerabilities and increasingly sophisticated hackers, it is clear that healthcare security and risk management teams need to have the full context of their attack surface to efficiently identify and remediate risks that pose the greatest threat to organizations. The only way to achieve this is to move beyond merely scanning and patching towards taking a full life-cycle unified vulnerability management approach. Here are five steps to building a more resilient cybersecurity program.