#Stories To Watch

The Rising Tide of Ransomware in Healthcare: An Urgent Call for Action 

As 2024 unfolds, the healthcare sector is grappling with an unprecedented surge in ransomware attacks. These cyber onslaughts are disrupting critical services and endangering patient data and, consequently, lives. With attacks becoming more frequent and sophisticated, healthcare organizations must urgently reassess their cybersecurity defenses. 

A Wave of Attacks 

Change Healthcare’s Dual Crisis 

Change Healthcare, a cornerstone in the US healthcare system has endured two significant ransomware attacks this year. The initial breach in February by the BlackCat group led to a hefty $22 million ransom payment. Despite this, Change Healthcare soon became under siege again, this time by the RansomHub group, which threatened to leak previously stolen data if additional demands were not met​.

Such relentless targeting raises critical questions about the effectiveness of paying ransoms. One cybersecurity expert notes, “Paying a ransom does not guarantee the end of the ordeal; it often marks the beginning of a prolonged vulnerability.” 

Ascension Healthcare Network’s Emergency Diversions 

In a separate incident, Ascension, another major healthcare network, was forced to divert ambulances and faced extensive system outages following a ransomware attack. The disruption affected multiple hospitals, highlighting the dire consequences of cyberattacks on healthcare operations.

Current Status of Ascension Hospitals 

Despite the attack, Ascension’s hospitals, doctor’s offices, and other care locations in Florida remain open and operational. However, many systems, including the electronic records system and the MyChart online patient portal, are still offline. As a result, providers have had to revert to paper-based records, leading to longer wait times and delays in some services.

Gary Nevolis, a spokesman for Ascension Florida, stated, “Due to the transition to manual systems for patient documentation, patients may encounter longer-than-usual wait times and some delays. To help with delays, patients should bring notes on symptoms and a list of current medications, including prescription numbers or bottles.” Additionally, Ascension retail pharmacies are unable to fill prescriptions, prompting patients to use alternative pharmacies​​. 

The CrowdStrike 2024 Global Threat Report underscores the urgency of the situation. It notes a dramatic increase in the speed and sophistication of cyberattacks, facilitated in part by the rise of generative AI, which lowers the barrier to entry for less-skilled adversaries​​. 

Key trends identified in the report include: 

  • Data Exfiltration: Cybercriminals are increasingly focusing on stealing data, not just encrypting it, to exert additional pressure on their victims. 
  • Professionalization of Cybercrime: Ransomware groups operate with a level of sophistication akin to professional businesses, using advanced tactics to maximize their impact​.

Responses and Mitigation Strategies 

Law Enforcement and Sanctions 

Efforts by international law enforcement agencies have seen some success. For instance, the FBI and Europol have identified and sanctioned key figures within the LockBit ransomware operation. These actions aim to disrupt the group’s activities and deter similar future attacks​.

Proactive Cybersecurity Measures 

To counter these growing threats, healthcare and medtech companies must implement a multi-faceted cybersecurity strategy. Here are some key recommendations: 

  1. Regular Data Backups: Ensure data is backed up frequently and securely. Backups should be stored offline and tested regularly to ensure data integrity and quick recovery in case of an attack. 
  1. Employee Training: Continuous education and training for employees on recognizing phishing attempts and other common cyber threats are crucial. A well-informed staff is the first line of defense. 
  1. Advanced Security Protocols: Implement comprehensive cybersecurity frameworks, including the use of multi-factor authentication (MFA), endpoint detection and response (EDR) systems, and regular vulnerability assessments. 
  1. Incident Response Plan: Develop and routinely update an incident response plan. This plan should outline specific steps to take in the event of a ransomware attack, ensuring a swift and organized response. 
  1. Zero Trust Architecture: Adopt a Zero Trust security model, which operates on the principle that no entity, inside or outside the network, is trusted by default. This helps to minimize the risk of lateral movement within the network. 

Mistakes to Avoid: 

  • Paying the Ransom: While it might seem like a quick fix, paying the ransom often leads to further attacks and does not guarantee data recovery. Instead, focus on robust prevention and recovery strategies. 
  • Ignoring Regular Updates: Failing to keep software and systems updated can leave vulnerabilities exposed. Regular patch management is essential to close security gaps. 
  • Neglecting Insider Threats: Not all threats come from outside. Regularly monitor and audit internal activities to detect and mitigate insider threats. 

“Cybersecurity in healthcare is no longer optional; it’s a necessity,” emphasizes a cybersecurity analyst. “The stakes are incredibly high, and the time to act is now.” 

The surge in ransomware attacks against healthcare institutions is a clarion call for enhanced cybersecurity measures. As cybercriminals refine their tactics, healthcare providers must stay ahead with robust defenses to protect their operations and patient data. The future of healthcare security depends on the actions taken today. 

For more Cybersecurity and MedTech updates, subscribe to our newsletter today! 

By Guillaume Viallaneix

Founder, President at MedTech Momentum, Inc and the Editor-in-Chief (EIC) of The MedTech Digest.