Magazine

FM College ~ News & Articles

Defending Healthcare Facilities Against Ransomware Attacks

Sep 18, 2024 | Public | 0 comments

As ransomware attacks and tactics evolve, healthcare facilities must be aware of what threats exist and how to stay secure.

Cybersecurity in the healthcare space is a prominent topic as cyberattacks continue to assault healthcare organizations daily. Worse, cybercriminals are constantly changing how they operate and execute their attacks, making adapting to their methods difficult.

The biggest change in their tactics is the increasing use of ransomware, according to Errol Weiss, chief security officer at Health-ISAC. Not only that, but Weiss says healthcare organizations are also becoming more vulnerable to cyberattacks due to a lack of investment in cybersecurity and IT in general.

“I think there’s a perfect storm in healthcare where we’ve got an already cyber vulnerable population out there because of the lack of cybersecurity investment,” says Weiss.

With an underfunded IT department, organizations may have systems that are not properly protected or backed up. This could lead to a ransomware actor taking a healthcare facility completely offline because the organization can’t restore from a backup. In situations like this, organizations may feel compelled to pay the ransom in order to get their systems back online and not compromise care.

Different levels of threats

Ransomware can be used to extort healthcare organizations on multiple levels. Double extortion, where cybercriminals not only take systems offline and hold the data for ransom while also stealing data and threatening to release it to the public, has become more commonplace, Weiss says. Then there’s triple extortion, where the cybercriminals use distributed denial of service (DDoS) attacks to take an organization’s main website offline and keep it that way unless the victim pays.

It doesn’t end there, though, as Weiss says there is an additional type called quadruple extortion.

“Within the last year, we’ve seen many more instances of what they will call quadruple extortion, where they’re going after the patients themselves,” says Weiss. “So, they steal the data, and they know which patients are in the records they have access to. They may even have their e-mail addresses. Now, they go back to the patients and threaten to release their personal information unless that patient victim pays the attackers directly.”

However, there are ways for healthcare organizations and facilities to protect themselves from these sophisticated attacks.

Weiss says there are three key areas for healthcare organizations to focus on: staying up to date on patches, backing up systems and using multifactor authentication (MFA).

The Cybersecurity and Infrastructure Security Agency (CISA) has created a catalog called the Known Exploited Vulnerability List.  The resource determines the areas that are being exploited, what vulnerabilities there are and how cybercriminals are taking advantage of these weaknesses to attack. Weiss says to pay attention to this list when prioritizing what to patch and to stay ahead of the network vulnerabilities.

When backing up systems, facility managers need to ensure that connections are valid and reliable so that the organization can quickly rebuild the system from the ground up if something goes astray.

“One of the challenges that we’ve also seen is they think they’re backing up, but they’ve got some corruption, or the bad guys broke in already, meaning the backups have been tainted ever since,” says Weiss. “So, make sure the backups were done on a regular basis.”

Jeff Wardon, Jr., is the assistant editor for the facilities market. 

The post "Defending Healthcare Facilities Against Ransomware Attacks" appeared first on Healthcare Facilities Today

0 Comments

Submit a Comment

Are Scents a True Indicator of Cleanliness?

Editor’s note: FM Perspectives are industry op-eds. The views expressed are the authors’ and do not necessarily reflect...

The Impact of Lighting on Aesthetics and Atmosphere in Healthcare

Lighting manufacturers discuss how lighting affects the look and feel of healthcare facilities. While not usually talked...

IFMA publishes accessible guide for leveraging AI

The International Facility Management Association (IFMA) released a publication for understanding and leveraging AI in the...

Hidden dangers

Conor Logan, Technical Director, Colt International on the hidden dangers of neglecting smoke control system maintenance In...

How to Improve Facility Operations with Visual Management Strategies

Visual management enables businesses to communicate important information about processes and procedures. Where...