Getty Images/iStockphoto

Security Firms Offer Ransomware, Security Assistance During COVID-19

Healthcare providers combating the Coronavirus are being offered ransomware assistance and other security tools to ensure care continuity during the pandemic.

EmsiSoft, Awake Security, and CynergisTek, among others, are offering additional ransomware and security assistance to healthcare providers combating the Coronvirus to ensure care continuity during the pandemic.

On March 18, EmsiSoft announced it would be offering completely free ransomware assistance to critical care hospitals and other healthcare providers, in partnership with Coveware, an incident response vendor. The goal is to provide the service for the duration of the crisis, subject to their own capacity.

The services will include technical analysis of the ransomware and development of the decryption tool when possible. If those items fail, the vendors will provide last resort ransom negotiation, transaction handling and recovery assistance, such as replacement of the decryption tool provided by the hackers, with a “custom tool that will recover data faster and with less chance of data loss.”

“Without a global pandemic, a ransomware attack on a critical care facility can cause grave danger to patients,” officials explained. “With COVID-19, a ransomware attack on an overwhelmed hospital could tip the balance and result in a significant loss of life.”

“Our aim? Get affected healthcare providers operational in the shortest time possible so they can minimize disruption to patient care,” they added.

EmsiSoft predicts that ransomware attacks will spike in the coming weeks, as there’s typically an increase in these attacks during the spring and summer months.

Several security firms have warned hackers to avoid targeting healthcare during this crisis. And according to BleepingComputer.com, several notorious hacking groups have pledged to stop targeting the sector, including Ryuk and Maze, among others.

However, given supply chain attacks and other criminal behavior, there’s no guarantee. Not to mention that ransomware attacks on healthcare jumped 350 percent during the last quarter of 2019, compared with the previous year.

Meanwhile, Awake Security is offering hospitals and other healthcare facilities responding to the COVID-19 pandemic 60 days of free access to its security platform. The offer will be extended as necessary.

The security platform detects potential threats on the network and on health IT devices, as well as remote users logging in through the virtual private network (VPN). The free offer also extends to its Managed Detection and Response tool, which provides threat monitoring, proactive threat hunting, and access to Awake’s research team.

Awake has also offered to provide remote deployment assistance, customized threat models, and customer service, at no charge to these healthcare organizations. Like EmsiSoft and other researchers, Awake has also seen an increase in threat actors attempting to profit off of the pandemic.

In fact, its researchers detected more than 2,000 suspect Coronavirus related domains and malware samples using more than 20 different file types. Awake created adversarial models and managed network and detection response to detect and respond to these types of campaigns.

“It’s vital IT and security professionals protecting healthcare networks are not distracted by attacks, especially as the response effort to the COVID-19 pandemic is at a critical stage,” Awake Security CEO Rahul Kashyap, said in a statement.

“As more IT and security workers have to operate remotely, we feel strongly that it is our moral duty to ensure the security of the infrastructure they protect,” he added. “We are glad to see many in the security industry step up to tackle this global crisis, and we hope others will join us in the #FightCOVID19 pledge.”

On March 13, CynergisTek announced it had updated its patient privacy monitoring services to better support detection of insider snooping related to the pandemic. Officials explained that information related to Coronavirus cases is extremely valuable during this crisis.

“As [providers] scale, they are opening up access to medical records for staff and vendors that are working remotely, turning up temporary facilities, and deploying telemedicine solutions,” said Caleb Barlow, CEO of CynergisTek, in a statement.

“Each of these initiatives comes with inherent security and privacy risks,” he added. “We started scaling our Privacy Operations Center in November of last year and we are leveraging that additional capacity to handle inbound requests for privacy monitoring related to COVID-19.”

Next Steps

Dig Deeper on Cybersecurity strategies