David Trossell, Bridgeworks CEO, speaks to Health Tech World about the growing threat of ransomware to healthcare organisations around the globe – including Ireland.
April 5, 2022
In May 2021, the country’s health system suffered a devastating Conti ransomware attack. This year, in 2022, it is spending $100m to recover from the crisis. The attacks impacted on radiology appointments, which were cancelled due to COVID-19 test result reporting, as well as affecting the issuing of birth, death and marriage certificates. It also impacted paediatric, maternity services and outpatient appointments. The ransom to release their healthcare IT systems and data: $20 million ransom in exchange for the decryptor. However, Ireland’s Health Service Executive (HSE) refused to pay. Alicia Hope also writes in her article, of 4th March 2022, about the new investment for CPO Magazine: “Ireland has already spent $48 million to recover from the attack.”
“The expenses include $14.2 million for ICT infrastructure, $6.1 million for external cybersecurity support, $17.1 million for vendor support and $9.4 million for Office 365 subscriptions.” “Additionally, the Conti ransomware attack crashed the HSE’s payment system, affecting 146,000 people working in the healthcare system. Similarly, the attack shut down 85,000 computers and plunged the healthcare system into threat hunting mode.” Hope also revealed that CISA’s cybersecurity alert found that Conti ransomware attacked more than 1,000 times globally.
“Operated by the Wizard Spider group, based in St Petersburg, Russia, Conti ransomware is among the most dangerous advanced persistent threat actors,” she writes, before commenting that the “the group employs social engineering tactics like spearphishing to harvest credentials from its victims.” More forward to this year, Jennifer Gregory writes for Security Intelligence and cites ‘Cybersecurity Trends: IBM’s Predictions for 2022’: “After the challenging year of 2021, we look forward to what’s next in 2022.” Over the past two years, we’ve seen a tremendous shift in how consumers and businesses accomplish tasks with the continued shift to digital and cloud. “As a result of disappearing perimeters and increased digital data, cybersecurity attacks have, not surprisingly, increased. How did cybersecurity trends change in 2021, and what will they do in 2022?”
Cyber-security landscape evolves
“In 2022, we will continue to see the cybersecurity landscape evolve. To help you get ready for what’s ahead, we talked to four experts at IBM X-Force to get their predictions about what to expect in 2022 in terms of cybersecurity.” Nick Rossmann, Former Global Threat Intelligence Lead at IBM X-Force, also presents a stark warning, claiming that ransomware attacks will become increasingly “relentless in their quest to scale up revenue and do so fast.” He believes that 2022 will see a tripling of extortion ransomware, and that the attackers won’t stop at extorting a victim organisation: “Instead, they will also extort its business partners whose data it holds, or business partners who cannot afford the supply chain disruption…”
Healthcare organisations need to, therefore, constantly review their cyber-security budgets, technologies, processes and procedures to ensure that they aren’t impacted by any kind of ransomware or even another form of cyber-attack. This will inevitably involve training staff to avoid phishing emails. They particularly need to keep a watch on the disappearing perimeters, and how the digital data shift could make them more vulnerable to attack. This could lead to significant disruption, downtime and potential financial loss from either paying a ransom of a fine, either under the UK’s or the EU’s General Data Protection Regulations, if the data stored is personal to individuals residing in those parts of the world.
Closing the cyber-security gaps
With the change to hybrid working in healthcare, where once the digital perimeter was defined as the facility itself, (apart from offline remote backups), the move to Working From Home (WTF) for non-frontline staff has provided openings in the digital perimeter for cybercriminals to exploit. With the difficulty of remembering a considerable number of differing passwords for remote logins and applications, like many of us, people have resorted to a small number of easy passwords to remember. This opens so many opportunities for exploitation by cyber criminals.
How well have healthcare organisations, particularly those migrating to the cloud and increasing their dependency on it, improved their cyber-security? Well, there is that adage “never put all your eggs in one basket.” In fact, for service and business continuities sake, it would be wise to take heed of its meaning to make life harder for any cyber-criminals that may wish to attack you. A multi-level hybrid strategy is therefore required to keep some data on premise, and some data inside a cloud provider. The data should ideally be stored at more than one cloud provider and, with GDPR in mind, where possible this should be in another country to obfuscate the cybercriminal.
There are also facilities with object files: healthcare organisations should set these files to read only. This is a halfway house; they can still read the files, and while they can’t corrupt them, they can still delete them. Factor in, too, that the cyber-security landscape will continue to evolve during the rest of 2022 and beyond. Supply lines and suppliers to large companies are moving the threat up the supply chain. A larger company may even pay ransoms to open up the supply chain, as the larger enterprises have the most to lose.
The potential response from the attackers might be to continue to attack the backup dataset first, before turning their attention to the live data. Without backup, services and the ability to maintain uptime will inevitably be impacted.
Hiding behind cryptocurrencies
Ransomware will become more relentless because the attackers often hide behind cryptocurrencies. Although working from home is not an absolute phenomenon, except with certain members of the medical staff, such as consultants, ‘WFH’ and weak passwords can make it easier for the cyber-attackers to do their worst.
Healthcare organisations should therefore work on the basis that prevention, as always, is better than a cure. There are some exceptionally good artificial intelligence (AI) driven malware detectors and preventers. That is the way to go. We have got to give the WFH user a better system than remembering a password. The banks have done a lot of work on this with chip and pin cards and readers with pins and challenges. Make it easy and the user will want to use it – make it difficult, and they will find a way around it.
The role of WAN Acceleration
WAN Acceleration can help to prevent ransomware attacks, or at the very least ensure that healthcare organisations can keep operating when one occurs. WAN Acceleration is a technology that utilises parallelisation techniques, coupled with AI, to move all sorts of data at high speed across high latency Wide Area Network (WAN) links.
Whilst this does not prevent ransomware attacks, it can mitigate its effects by one, moving your back up offsite to the cloud or another site rapidly. This allows for a reduced Delta time between backups. It also aids high speed recovery of backup data from the cloud. By giving the user a massively reduced time to transmit the data, duplicates of data can be deployed in multiple locations to increase the difficulty of the cyber-criminals to corrupt all the dispersed backups – which these days is their first point of call.
WAN Acceleration can prevent fines under GDPR, the UK or EU equivalent, too. With GDPR in place for many citizens, keeping these records up-to-date can be a major issue for organisations. Moving and protecting these whilst in transit is a major concern of many CSOs. WAN Acceleration is one of the very few products that can transmit encrypted data and accelerate it without requiring the keys to do so. This, combined with the “no-storage of data”, means there is no sensitive data residing on a Local Area Network (LAN) or WAN device – meaning that another worry is removed.
he earlier you can detect the malware the better, and that is why the new generation of antivirus software using AI to system monitor behaviour, rather than looking for signatures, is an exciting development. After that, it is about protecting the data that will helps healthcare organisations to recover. There is the 3-2-1 rule: if having 3 copies of your data, on 2 different media forms and 1 offsite copy, the last ‘1’ should be expanded if possible, to more than one offsite location – preferably on tape, as this is the best air-gapped technology.
They should then test their recovery capabilities and test them often – every time something changes. Taking action will reduce the amount of time new data and storage has been lost because someone never included it in the backup regime. However, with the right investment in cyber-security and the right cyber-security plan, ransom attacks can be prevented and beaten off when they occur.