Cybersecurity in the healthcare space is a prominent topic as cyberattacks continue to assault healthcare organizations daily. Worse, cybercriminals are constantly changing how they operate and execute their attacks, making adapting to their methods difficult.

The biggest change in their tactics is the increasing use of ransomware, according to Errol Weiss, chief security officer at Health-ISAC. Not only that, but Weiss says healthcare organizations are also becoming more vulnerable to cyberattacks due to a lack of investment in cybersecurity and IT in general.

“I think there’s a perfect storm in healthcare where we’ve got an already cyber vulnerable population out there because of the lack of cybersecurity investment,” says Weiss.

With an underfunded IT department, organizations may have systems that are not properly protected or backed up. This could lead to a ransomware actor taking a healthcare facility completely offline because the organization can’t restore from a backup. In situations like this, organizations may feel compelled to pay the ransom in order to get their systems back online and not compromise care.

Different levels of threats

Ransomware can be used to extort healthcare organizations on multiple levels. Double extortion, where cybercriminals not only take systems offline and hold the data for ransom while also stealing data and threatening to release it to the public, has become more commonplace, Weiss says. Then there’s triple extortion, where the cybercriminals use distributed denial of service (DDoS) attacks to take an organization’s main website offline and keep it that way unless the victim pays.

It doesn’t end there, though, as Weiss says there is an additional type called quadruple extortion.

“Within the last year, we’ve seen many more instances of what they will call quadruple extortion, where they’re going after the patients themselves,” says Weiss. “So, they steal the data, and they know which patients are in the records they have access to. They may even have their e-mail addresses. Now, they go back to the patients and threaten to release their personal information unless that patient victim pays the attackers directly.”

However, there are ways for healthcare organizations and facilities to protect themselves from these sophisticated attacks.

Weiss says there are three key areas for healthcare organizations to focus on: staying up to date on patches, backing up systems and using multifactor authentication (MFA).

The Cybersecurity and Infrastructure Security Agency (CISA) has created a catalog called the Known Exploited Vulnerability List.  The resource determines the areas that are being exploited, what vulnerabilities there are and how cybercriminals are taking advantage of these weaknesses to attack. Weiss says to pay attention to this list when prioritizing what to patch and to stay ahead of the network vulnerabilities.

When backing up systems, facility managers need to ensure that connections are valid and reliable so that the organization can quickly rebuild the system from the ground up if something goes astray.

“One of the challenges that we’ve also seen is they think they’re backing up, but they’ve got some corruption, or the bad guys broke in already, meaning the backups have been tainted ever since,” says Weiss. “So, make sure the backups were done on a regular basis.”

Jeff Wardon, Jr., is the assistant editor for the facilities market.