How Health Facilities Can Prevent, Mitigate Ransomware in 2021

The healthcare industry continues to battle a surge in ransomware and cyber-attacks, which have increased in recent years and spiked since the start of the COVID-19 pandemic.  

Ransomware is defined a type of malicious software (also called malware) with a specific characteristic of seizing and encrypting a user’s data with the threat to steal/destroy/publish it unless a ransom payment is made, according to the US Department of Health and Human Services.

Typically, the criminal hacker requests payment by cryptocurrency in order for the user to receive access to the stolen data.  

A total of 560 healthcare providers experienced a ransomware attack in 2020, according to a Sophos survey. 

And in October 2020, threats to the healthcare sector were so prevalent that the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued a joint cybersecurity advisory.  

That advisory described the “tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health (HPH) Sector to infect systems with ransomware, notably Ryuk and Conti, for financial gain.”  

The three agencies had credible information of increased and imminent cyber threats to the US hospitals and healthcare providers.  

The advisory warned healthcare providers to take “timely and reasonable precautions to protect their networks from these threats.” 

In June, the FBI issued a statement in response to the recent surge in ransomware attacks in the United States. 

“With the recent rapid increase in ransomware attacks against private sector companies, the FBI has made these investigations a top priority,” the statement notes. “The FBI has a long-standing history of confronting unique challenges in the cyberspace and imposing risk and consequences on our nation’s cyber adversaries. Through trust-based relationships with our private sector partners, we are indispensable in the fight against cyberattacks.” 

Ransomware on The Rise  

Those threats, unfortunately, are not allowing the healthcare sector to find relief from hackers and cybercriminals.  

According to a report released in July 2021, the medical industry saw a spike in healthcare data breaches due to increased cyber vulnerabilities. 

The 2021 Identity Breach Report, “PII Fuelling the Threat Economy: How Crisis Creates Targeted Vulnerabilities for Individuals, Executives, and Brands,” published by Constella Intelligence, found that the healthcare industry saw a 51% increase in breaches/leakages compared to 2019.  

“Companies in the healthcare sector saw a 51% increase in the proportion of breaches and leakages in which their corporate credentials were exposed, as compared to last year’s report,” the report states. “Due to their essential role, it has been well documented that healthcare companies and organizations are facing increased vulnerabilities amidst the global pandemic.”   

Constella detected over 8,000 breaches containing over 12 billion records in 2020.  

A second study reinforces the growing challenges that the healthcare sector is facing when it comes to battling cybercriminals.  

Data breaches in the first six months of 2021 increased slightly in the United States and healthcare data breaches continue to remain at the top of the most-breached sector list, according to Risk Based Security’s 2021 data breach and vulnerability reports.  

The 2021 Mid Year Data Breach QuickView Report studied 1,767 publicly reported data breaches in the first half of 2021.    

Another recent survey published by IT security company Sophos reveals that 63 percent of healthcare organizations that weren’t impacted by ransomware last year expect to be the target of a ransomware attack in the future. 

Approximately one third of surveyed healthcare organizations were impacted by ransomware in the last year alone. 

Asking the Government for Help in Healthcare’s Fight Against Cybercrime 

In July 2021, top cybersecurity and healthcare experts brought the growing cybersecurity issue to Washington. 

Several expert witnesses testified before a US Congressional committee on the cyber-threats that are impacting the healthcare sector in the United States. 

Dr. Christian Dameff, MD, a practicing emergency medicine physician, assistant professor and the Medical Director of Cybersecurity for UC San Diego Health testified on the first-hand impacts of ransomware on US healthcare.  

Dameff testified that “healthcare is not prepared to defend or respond to ransomware threats.”   

Charles Carmakal, Senior Vice President and Chief Technology Officer of FireEye Mandiant, also shared insights into the ransomware issue impacting healthcare with the congressional committee.  

Carmakal said the cyber threat in the United States reached an unprecedented level in October.  

“Hospitals across the U.S. were disrupted by a group of eastern European threat actors,” he testified. “Hospital technology systems were taken offline, and medical professional and administrative staff had to rely on paper and pen to record data. Many hospitals had to divert patients and ambulances to emergency departments at other hospitals. The impact of cyber intrusions to human lives has never been more dire.”  

He told the committee this dire problem should be considered a threat to global security. The ransomware attacks affecting healthcare are increasing in frequency, sophistication and their disruptive potential, he stated.  

Dr. Dameff told Congress that these cyberattacks impact the infected hospitals and the surrounding “healthcare ecosystem at large.”  

“Two months ago, a ransomware attack disabled five large hospitals in the San Diego area for an entire month,” he stated. “Adjacent hospitals were quickly overwhelmed with unprecedented numbers of emergency room patients, many of whom had serious, time-dependent illnesses. Wait times skyrocketed. Hospital beds rapidly filled. Clinicians caring for very sick patients lacked vital medical records from the infected hospitals. I saw firsthand the ‘spill-over’ effects and understood that the vulnerability of one hospital is the vulnerability of many hospitals.” 

He called for preparing hospitals to combat these cyberattacks.  

“The ability to rapidly deploy backup manual patient care systems is key to reducing harms to patients. Such contingency planning takes resources and expertise,” Dameff stated.  

Ransomware Prevention Tips 

In May 2021, the National Institute of Standards and Technology (NIST) published advice on how to prepare for and prevent ransomware.  

Those ransomware prevention tips include:  

Use antivirus software: NIST suggests that antivirus software is used at all times. Be sure to set up the software so that it scans emails and removable media for both ransomware and malware.  

• Patch all computers with security updates. 
• Use proper security services/products to block access to known ransomware sites on the internet. 
• Correctly configure computer operation systems, or employ third-party software, to only allow authorized applications to run on computers and devices. This will prevent ransomware from working. 
• Restrict use of personal devices on the organization’s networks. For remote access, increase security steps.  

Additional NIST tips for workplace computers include: 

• Use standard user accounts instead of administrative accounts which allow for administrative system privileges.  
• Avoid personal email, chats and social media applications on work devices. 
• Avoid opening files and clicking on links from unknown sources. Check them first with an antivirus scan on the file first to be certain it is safe.  

HIPAA and Ransomware  

The US Department of Health and Human Services states that HIPAA compliance can assist businesses when recovering from a ransomware attack. Much of the NIST ransomware prevention tips mirror the HIPAA Security Rule requirements. 

“The HIPAA Security Rule requires covered entities and business associates to implement policies and procedures that can assist an entity in responding to and recovering from a ransomware attack,” the HHS factsheet on ransomware and HIPAA states.  

“The HIPAA Security Rule requires implementation of security measures that can help prevent the introduction of malware, including ransomware,” HHS states.  

Recovering From Ransomware 

NIST also provides resources on how to recover from a ransomware attack. It recommends that organizations follow their recommendations in order to speed up their recover from a cyberattack.  

• Create an incident recovery plan and implement it in case of an attack. The plan should have defined roles and strategies and be practiced regularly.  
• Create a data backup and restoration strategy. Be sure to test the plan on a regular basis and be certain there is a secure backup for all data. Also, keep the backup isolated so “ransomware can’t readily spread to them.”  
• Create and maintain an updated contact list of both internal and external contacts in case of a ransomware attack. Keep law enforcement contacts readily available and understand the appropriate role for each contact in recovery response efforts. 

How To Respond to Ransomware 

The FBI does not support any healthcare institution or business in the paying of ransom demands in response to a computer ransomware attack.  

“Paying a ransom doesn’t guarantee you or your organization will get any data back,” the FBI states in an advisory on ransomware, scams and safety.  

Paying the cybercriminals, the ransom “encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity,” the FBI states.  

For those who are victims of ransomware, the FBI suggests contacting the local FBI field office to request assistance, or submit a tip online.  

Victims of ransomware attacks can also file a report with the FBI’s Internet Crime Complaint Center (IC3).