Last week, the US government warned hospitals and healthcare providers of an increased and imminent ransomware threat, linked directly to Eastern European hackers. The FBI, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) have all received credible information that threat actors are targeting the healthcare sector with the TrickBot malware, before deploying Ryuk, a particularly aggressive piece of ransomware, into their networks. Both TrickBot and Ryuk have been previously linked to threat actors operating in Russia.
Hitting Healthcare
Hitting the healthcare sector during a global pandemic and in the final days before the presidential election, Charles Carmakal, SVP and CTO of security firm Mandiant described the attacks as “the most significant cybersecurity threat we’ve ever seen in the United States.” By deliberately targeting US hospitals, the threat actor forces patients to be diverted to other healthcare providers, prolonging the wait time to receive critical care. “Multiple hospitals have already been significantly impacted by Ryuk ransomware and their networks have been taken offline. UNC1878 is one of most brazen, heartless, and disruptive threat actors I’ve observed over my career”, Carmakal explained.
US healthcare organizations have been among some of the most high-profile victims of data breaches over the last few years, with 89% of healthcare organizations experiencing a breach in the past two years. Their huge volumes of highly monetizable patient data makes them particularly attractive to attackers, and as digital transformation brings more systems to the attack surface like MRI scanners, smart drug infusion pumps, and patient identification systems, the threat only continues to grow.
Taking this information, Centripetal’s team immediately began countering the cyber threat by collecting, curating, and operationalizing relevant intelligence from all available sources and started working hand-in-hand with healthcare customers to ensure safe and stable operations in the face of this targeted credible threat. The Centripetal team consistently performs cyber threat hunting for all clients, and in this case, approximately 75% of the IoCs that was curated by Centripetal were not available in high-confidence threat intelligence.
New Challenges
Healthcare also has the highest data breach costs at $429 per record, and because of the highly sensitive patient data at risk, and the threat to patient welfare if key systems are offline, 23% of healthcare organizations suffering a breach offered some form of payment to attackers.
As healthcare organizations have evolved, they now use a wide spread of heterogeneous cloud and on-premise IT systems, introducing new security challenges. This is complicated by the large number of mobile staff that make up healthcare organizations, and their need to share data and access records urgently.
Our cyber threat intelligence solution, CleanINTERNET®, aggregates and leverages over 3,500 threat intelligence feeds to deliver comprehensible, actionable findings to prevent network infiltration and data exfiltration. With CleanINTERNET, you can alleviate the burden on your security team, increasing the overall efficiency of the security stack.
Find out how healthcare providers can greatly benefit from Centripetal’s CleanINTERNET by speaking with one of our team.
