Sometimes, things just don’t go your way. It matters not what preparations you’ve made or what precautions you’ve taken, an ingenious enemy has the capability of countering your defenses. That is certainly true in the context of the modern healthcare facility. Bad actors (and, here, we’re not talking about B-movie role players) are always present and looking for an in. They would like nothing more than to breach a hospital’s security shield in order to carry out their nefarious intentions—whether that be stealing patient data or shutting down vital systems for ransom purpose or causing general havoc for nothing more than kicks and giggles.
<strong>Unmasking the Bandits</strong>
Recently, Becker’s Health IT compiled a list of the latest threats now underway against the American healthcare system. These hack-happy organizations were originally identified in a June 8 briefing given by the Health Sector Cybersecurity Coordination Center. The current threats are as follows:
- LockBit 3.0. This is group that operates as a ransomware-as-a-service model. It is financially motivated and is alleged to have ties with individuals or entities in Russia. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA):
LockBit 3.0 attempts to spread across a victim network by using a preconfigured list of credentials hardcoded at compilation time or a compromised local account with elevated privileges. When compiled, LockBit 3.0 may also enable options for spreading via Group Policy Objects and PsExec using the Server Message Block (SMB) protocol. LockBit 3.0 attempts to encrypt [T1486] data saved to any local or remote device, but skips files associated with core system functions.
- Clop. This ransomware gang claimed to have breached Community Health Systems, headquartered in Franklin, Tennessee. This is the same organization that is believed to have been behind the recent MOVEit Transfer data-theft attacks, where a so-called “zero-day” vulnerability was exploited to breach servers belonging to "hundreds of companies" and to steal their data. Interestingly, the ransomware gang confirmed to representatives at BleepingComputer that they have yet to initiate the extortion process. Instead, they are likely to take some time to review the compromised data and determine what is valuable and how it could be used to leverage a ransom demand from breached companies. In their previous computer caper, there was a one-month interval between the data theft and the ransom demand.
- Royal Ransomware. The group, which has been one of the most active ransomware organizations attacking the healthcare industry, claimed responsibility for a cybersecurity incident affecting Morris, Illinois Hospital & Healthcare Centers on May 25. Royal Ransomware has clearly been a royal pain in the behind. Writers for SC Media point out that the criminal operation has been leveraging the newly emergent BlackSuit ransomware encryptor in limited attacks amid ongoing intrusions against enterprises.
It may be remembered that it was another Illinois-based hospital that was crippled by a cybersecurity onslaught just two years ago. St. Margaret’s Health in Spring Valley, Illinois, is scheduled to permanently close its doors on June 16 of this year. The facility is believed to be the first hospital in the United States to close because of a ransomware attack. The facility has simply been unable to recover from the 2021 hack attack that hampered the hospital's ability to submit claims to payers for several months.
- BianLian Ransomware. Healthcare is one of the most targeted industries for this group, which, like other ransomware-based groups, seeks to obtain a financial advantage at the expense of its victims. On May 16th, the U.S. Federal Bureau of Investigation (FBI), as well as CISA, released an advisory identifying certain tactics and techniques that indicated illicit activity being undertaken by the BianLian ransomware group.
<strong>Mitigating the Risks</strong>
We have seen how devastating some of these cyberattacks have been, causing at least one hospital to shut down permanently. This, alone, points to the absolute priority of bolstering your facility’s defenses against the never-ending assaults on your ability to operate. It will be imperative for your chief information officer, as well as others in charge of data security, to keep abreast of the latest threats, such as those listed above. One of the best ways to do this would be to monitor the leading websites that keep track of such threats. In addition, regular monitoring of the CISA website is strongly recommended. The site not only informs the consumer of the current threats but also offers valuable guidance on how to better prepare your defenses against these onslaughts.
When it comes to securing your data and critical systems, hospitals will need to invest in the right resources to safeguard their castle wall. The enemy is coming. Hire the best. Do your best. The consequences of defeat are unthinkable.
With best wishes,
Chris Martin
Senior Vice President—BPO