D I G I T A L D I A G N O S T I C S
The omnipresent ransomware threat is changing how healthcare organisations approach cybersecurity – from formalising practices to obtain cyberinsurance coverage to improving their ability to restore encrypted data after attacks . But as cyberattackers lean heavily on third-party vendors and suppliers to extort ransoms , remaining gaps across healthcare security frameworks are coming into focus , including a lack of identity security controls for securing and managing privileged accounts and third-party access .
Healthcare is ransomware attackers ’ top target
According to the FBI , healthcare remains the most targeted industry by cyberattackers and based on the findings of the CyberArk 2022 Identity Security Threat Landscape Report , the average healthcare organisation faced two or more ransomware attacks over the past year .
While ransomware is far from new to the sector , attacks continue to grow in sophistication and scale .
Cybercriminal organisations have increasingly been heading toward the ‘ As-a-Service ’ model for some time . The Dark Web is now teeming with darknet marketplaces , such as AlphaBay , and underground forums where threat actors can sell or lease malicious tools and services . It is through these marketplaces that cyberattackers with little malware development experience can find virtually anything they need directly off the shelf , paying anonymously with cryptocurrency .
The most lucrative ‘ Cyberattack-as-a-Service ’ model is ransomware . Threat actors develop Ransomware-as-a-Service ( RaaS ) affiliate models either to be sold to profit off extortions or to hire others to do their dirty work .
Taking a broader view across the healthcare supply chain
Derrick Leau , Country Manager of Singapore , CyberArk , highlights the importance of securing the healthcare sector , discusses recent ransomware attacks on organisations in the industry and solutions to prevent these types of attacks .
In the healthcare field , it ’ s common to view ransomware and other cyberthreats as they relate to the electronic health record ( EHR ). However , healthcare organisations should consider a more comprehensive approach that includes everything from software to connected devices , legacy systems and anything across the network .
Maintaining healthcare service continuity involves better assessment and management of cybersecurity risks associated with third-party vendors
PROTECTING THE HEALTHCARE SECTOR AGAINST CYBERTHREATS
www . intelligenthealth . tech 63