WHILE THIS CAN ALL HELP TO REDUCE THE CHANCES OF A SERIOUS BREACH , CISOS MUST ALSO ACKNOWLEDGE THAT SUCH EVENTS ARE INEVITABLE .
U N D E R T H E M I C R O S C O P E medical and financial information they hold on patients , and you have a sector that will always come under intense scrutiny from threat actors .
Continuous threat actor improvement
The challenge is that our adversaries continue to innovate , tapping an underground economy said to be worth trillions of pounds annually . The share of recorded attacks on HCOs globally have roughly doubled from 34 % in 2021 to 60 % today , with double extortion increasingly the norm . Sophos claims data was stolen in 37 % of cases where it was also encrypted . Unlike HCO network defenders , one thing threat actors do have is a surfeit of skills . ‘ As-a-Service ’ offerings readily available on the cybercrime underground have lowered the bar to entry for many budding groups , and initial access brokers ( IABs ) queue up to offer network access .
Threat actors are also developing increasingly powerful ways to detect and delete backups , to increase their leverage in ransom negotiations . In some cases , these capabilities are built into the malicious code itself . And they are targeting cloud environments in greater numbers , in attacks where data is stolen and then deleted from AWS buckets , rather than encrypted .
The cost of ransomware
The EU security agency ENISA reckons that ransomware now accounts for over half ( 54 %) of threats to the sector . In the UK , HCOs are frequent breach victims . All of this can have a potentially devastating associated cost .
WannaCry disrupted 81 out of 236 trusts in England ( 34 %) and 603 primary care and other NHS organisations , including 595 GP practices . It led to an estimated 19,000 cancelled appointments and operations , with many patients directed to A & E departments further afield . Across the Irish Sea , the Ireland Health Service Executive ( HSE ) has spent tens of millions of euros managing the fallout from a major 2021 ransomware breach . One report claims that , on average , HCOs of up to US $ 500 million in revenue lose an estimated 30 % of operating income if hit by a serious ransomware attack .
Another potentially serious cost is erosion of patient trust and real-world physical risk to patient safety . Studies show a connection between mortality rates and cyberattacks . One even claims a link between data breaches and heart attack fatalities . Ransomware also forces victim organisations to take critical systems offline in order to avoid the spread of malicious code , which in itself can cause serious risk to safety .
Building a better plan
The best thing healthcare CISOs can do in response is to build resilience now in the likely event that an attack
WHILE THIS CAN ALL HELP TO REDUCE THE CHANCES OF A SERIOUS BREACH , CISOS MUST ALSO ACKNOWLEDGE THAT SUCH EVENTS ARE INEVITABLE .
strikes in the future . A comprehensive cybersecurity audit is a good place to start , by documenting internal and external risks , vulnerabilities and threat exposure . It can also check for compliance with industry standards ( like ISO 27001 ) and best practice certifications ( like Cyber Essentials Plus ). And suggest remediation actions such as training and awareness programmes for staff and breach response plans .
Depending on the results of such an audit , the organisation may need to roll-out risk-based patch management programmes to ensure critical assets receive security updates in time . A continuous cycle of vulnerability and penetration testing will also help to establish where there are holes in security posture that need filling . Exploited vulnerabilities accounted for 29 % of healthcare ransomware breaches last year , according to one study .
While this can all help to reduce the chances of a serious breach , CISOs must also acknowledge that such events are inevitable , especially when the attack surface is so broad and stolen credentials are so plentiful .
This is where detection and response comes in . Ensure the organisation has effective and continuous logging and monitoring of events – at least at a network level . This can help accelerate incident response to contain threats before they have the chance to make a serious impact .
It can provide a stronger bargaining position for the HCO if negotiation with the threat actors is necessary . Being able to answer critical questions like which systems and data have been impacted , and how attackers got in , alongside maintenance of recent backups , will help to streamline incident response . It will also reduce the chances of a miscalculation in breach disclosure which could impact reputation unnecessarily .
Data was encrypted in 75 % of healthcare ransomware attacks over the past year . It ’ s time to keep calm , work through security best practice and build resilience . You never know when the next attack is around the corner . �
www . intelligenthealth . tech 61