Ransomware's Grip on Healthcare

Until C-level executives fully understand potential threats and implement effective mitigation strategies, healthcare organizations will remain vulnerable and at risk of disruption.

Claudio Gallo, Lead Security Engineer, C4HCO

December 3, 2024

4 Min Read
Padlock on a keyboard, with the word "Ransomware" on a large red key
Source: Olekcii Mach via Alamy Stock Photo

COMMENTARY

Ransomware attacks keep increasing day to day, and healthcare systems are one of the prime targets. Despite ongoing efforts to patch vulnerabilities, the problem persists. Patching, long considered a cornerstone of cybersecurity defense, is no longer enough. The consequences of the attack for healthcare organizations go far beyond reputational and financial damage — they are a matter of patients' lives.

The reason is that all healthcare organizations are treasures of highly critical information: Medical records, personal information, and financial details all command a high price in the black market. What's more important, healthcare services cannot afford any downtime, and because these systems need to be online and working at all times, victims usually pay the ransom.

The growing sophistication of ransomware, combined with the complex IT environments in healthcare, means that traditional defenses like patching fall short. Meanwhile, attackers are finding a way to expose the open gaps that patching alone cannot close, even with regular updates.

The Patching Problem

Many believe patching is a line of defense that stops ransomware in its tracks, but patching has gradually reached its threshold of limitations. Most healthcare IT systems are amalgamating old legacy technology, critical life-supporting medical devices, and modern infrastructure, making it very difficult to implement patching. For instance, most medical devices run operating systems that are no longer supported by vendors. Patching is very risk-prone and might involve downtime, which affects patient service.

Patching covers only the known vulnerabilities. On the other side, ransomware attackers are increasingly leveraging zero-day vulnerabilities, those that have not yet been discovered, or do not have any patch available for them. Even fully patched systems can be vulnerable to such an attack, leaving the organization at risk for ransomware.

Then, we need to think about a lateral movement problem. Once inside a network, ransomware can easily cross over into unpatched or misconfigured systems. One more factor in the case of ransomware attacks is that there are no more single-entry points; the attackers simply use stolen credentials and/or unprotected routes of access to move across the network, infecting multiple systems and amplifying resultant damage.

Expanding the Scope of Defense

With such challenges, health organizations really do need to rethink their approach toward ransomware defense; patching, though necessary, represents only one piece of a much larger jigsaw puzzle.

The first recommended strategy is implementing advanced threat protection (ATP) solutions to provide an extra layer of security. These utilities use artificial intelligence and machine learning to detect suspicious activities and block ransomware before they actually cause serious damage. Instead of waiting for a patch that will fix a vulnerability, ATP systems can detect emergent threats in real-time, offering a proactive approach to defense.

Segmentation of a network can prevent ransomware from spreading; this is where healthcare organizations isolate the network into smaller segments. This is important, as once a part of the network is compromised, then the rest of it will always be safe. This is a very crucial tactic in containing ransomware and limiting its damage.

Phishing remains one of the most common methods for deploying ransomware, and healthcare staff are often targeted. Training employees to recognize phishing attempts, combined with multifactor authentication (MFA), adds an essential layer of protection. Even if attackers manage to steal credentials, MFA can stop them from gaining access to critical systems.

Incident response planning is also essential. Organizations need to be prepared for the worst-case scenario. Regularly updated backups, stored separately from the main network, are important for recovery after an attack. These backups ensure that healthcare services can be restored without paying a ransom. These plans should be tested periodically to make sure they work when needed most.

Healthcare Can't Afford to Ignore the Need for a Broader Defense

Ransomware is not just a technical issue; it's most definitely a business problem that no healthcare organization can afford to dismiss. Recent high-profile attacks have proved how vulnerable the providers of healthcare are; while patching remains an essential process, it only forms one part of the much larger total solution.

Security in healthcare must go beyond patching and involve a more strategic approach. This can be shown by the ever-increasing pressure placed by regulatory bodies, such as DHHS, to even further restrict cybersecurity guidelines for providers. Patch management falls under compliance, but it seems obvious that a more encompassing proactive approach to security must be enacted if patient data and operations are to be secured.

Healthcare leaders need to take this into consideration and invest a larger focus on enterprise-wide risk management. Until C-level executives fully understand potential threats and implement effective mitigation strategies, healthcare organizations will remain vulnerable and at risk of disruption.

About the Author

Claudio Gallo

Lead Security Engineer, C4HCO

Claudio Gallo is a lead security engineer of the Colorado Marketplace Exchange, dedicated to protecting critical information in the healthcare and insurance industries. With expertise in application security, cloud architecture, and compliance, Claudio designs innovative strategies to safeguard sensitive data and ensure trust in important services. Passionate about making a meaningful difference, he is equally committed to mentoring aspiring professionals in the information security industry, sharing knowledge, and fostering the next generation of cybersecurity talent.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights