A large US hospital chain’s digital equipment was the target of a ransomware assault in 2020. A large number of patients had to be transferred to other hospitals after all the hospital’s computers abruptly shut down, losing medical records in the process.
The healthcare industry is increasingly vulnerable to ransomware hacking, which is a common occurrence in cyberspace. Throughout the COVID-19 pandemic, the hackers did not even cease their attacks.
Highlights
-
These assaults largely share characteristics. They frequently start up at night or on the weekends when there are fewer teams on call. To learn more about ransomware, though, let’s travel back in time.
-
Healthcare cyberattacks can mean the difference between life and death. Even in Germany, a woman passed away from delayed medical care after hackers broke into the hospital’s computer system. It was the first ransomware-related death.
Malware will limit access to your data during a ransomware attack and threaten to erase it or make it public unless you pay a ransom. Then, your content is fully or partially encrypted so that anyone without the decryption key cannot use it. Typically, the hacker demands payment in a cryptocurrency like Bitcoin.
In 2017, a large global ransomware assault affected about 130,000 people in more than 100 countries. The British National Health System, the Spanish telecommunications firm Telefonica, the French automaker Renault, and the German railroad corporation Deutsche Bahn were all compromised by the WannaCry cyberattack. The attack’s purpose was to encrypt the target’s data and hold it hostage until a ransom was paid. This attack is one of the first to highlight ransomware, a fresh cyberthreat.
They are the product of criminal groups. Investigators believe LockBit, one of the biggest organisations specialising in the use of ransomware, is responsible for the attack on the French hospital. Similar operations have been carried out by them in the past.
Criminals used to focus their attention on digital industries like eCommerce enterprises, but today they are more interested in industrial targets.
The primary objective of an assault is often to target a crucial business procedure and have the greatest impact in the shortest amount of time. If thieves are able to influence business-critical procedures, they can trigger a cascade of events that spread to several other parts of your company, including supply chains, amplifying the impact and producing ripple effects. Additionally, the wider the threat surface you need to defend is, the more dependent your business is on technology. You need to think about how you will protect the technology before integrating any new software or hardware into your mission-critical business processes. The businesses that deploy new technologies without properly safeguarding them beforehand are those that give cybercriminals the finest possibilities.
An IT supply chain attack tries to harm the targeted companies by targeting the weakest links in their application supply chain, such as by sneaking a Trojan horse into their vendor software. This tendency is accelerating as businesses use more and more different software from different vendors. Undoubtedly one of the most well-known recent incidents is the SolarWinds attack. In September 2019, an undiscovered cyberattack on the Texas-based software company SolarWinds resulted in hackers getting access to Orion, the company’s main product. The issue was that hundreds of companies and organisations all over the world utilise the programme. As a result, hackers were able to sneak into Orion’s computer networks and infect its users. 250 of the 18,000 affected clients were compromised, including government organisations.
All cyber assaults are centred on inadequately secured security systems and human elements. Many of them also make use of social engineering, a collection of deception tactics designed to persuade someone to act maliciously without intending to. To safeguard your assets from frequent threats, you must be aware of them. Password attacks, malware (including ransomware, spyware, Trojan horses, and viruses), phishing, denial-of-service attacks, man-in-the-middle attacks, SQL injections, fake president fraud, zero-day exploits, and assaults via suppliers are the attacks you are most likely to encounter (attacks on the IT supply chain as mentioned above).
There are other external options, such as using a virtual patch, having an external SOC, and utilising bug bounties. The bug bounty strategy involves exposing yourself to assault in order to improve your defence. This proactive American cybersecurity strategy has been used since the 1960s. But it’s starting to catch on in Europe.
The best practises call for frequent password changes, Endpoint Detection Response implementation, data backups, regular programme updates, and encryption. Whether a SME or a larger firm, there are best practises to implement to improve security.