Q&A: Emsisoft Threat Analyst Brett Callow

Healthcare Firms Ripe for Ransomware Attacks During COVID

By Patrick W. Dunne

Healthcare companies long have been a prime target for hackers and scammers.

Last year’s Verizon Data Breach Investigations Report found that healthcare companies comprised 15% of breaches. The coronavirus now has only made such companies even more vulnerable to malicious outsiders.

Emsisoft threat analyst Brett Callow said that as many as 764 healthcare providers were affected by ransomware attacks last year.

Why do hackers love targeting healthcare companies?

Healthcare providers and hospitals, in particular, deliver critical services and consequently cannot afford downtime.

This makes them an appealing target for ransomware groups — as they may, out of necessity, be more likely to pay than other organizations and to pay quickly.

This is especially true at this particular point in time, as hospitals are already stretched to their limits.

That said, most ransomware attacks are “spray and pray” in nature, rather than being specifically targeted, so it’s often that case of healthcare providers accidentally coming into the crosshairs.

The Maze ransomware attack earlier this year involved hackers impersonating government agencies or security vendors. How can someone tell the difference between a fraud and the real thing?

Email is a common vector for ransomware attacks and accounts for about 45% of all incidents.

While a reliable filtering solution to screen out spam is important, it will not provide complete protection — especially in the case of spear-phishing emails — and so security-awareness training is critical.

Security training shouldn’t be a one-off, never-repeated event; it should be conducted on a regular and ongoing basis.

Additionally, endpoint protection is vital. Even with the best training, employees may still open malicious attachments.

Healthcare providers are likely overwhelmed in dealing with the coronavirus. Is this the perfect time for hackers to strike?

The fact that healthcare providers are stretched to their limits and, in some cases, implementing new work arrangements, means they may be susceptible to attacks that they otherwise wouldn’t be and that attackers may seek to exploit any weaknesses.

Consequently, providers must continue to pay attention to security.

A ransomware attack during the pandemic could very well result in lives being lost.

What can healthcare companies do to protect themselves?

Healthcare providers should adhere to the same best practices as any other company or organization: use multi-factor authentication everywhere it can be used, including on internal admin accounts; limit admin rights; patch on time; train staff to identify threats; disable PowerShell (a configuration management framework), when possible — and, when not possible, update it to the latest version.

Patrick W. Dunne is a San Francisco writer.

Photo of Brett and Rhonda Callow used with permission.

Sources (external links):

Filed under: