What Healthcare CISOs Can Do Differently to Fight Ransomware

Ransomware attacks cost the healthcare industry over $20 billion in 2020 and show no sign of slowing down. “The current outlook is terrible,” says Israel Barak, CISO of Cybereason. “We are seeing the industry experience an extremely sharp increase in both the quantity and level of sophistication of these attacks.”

It's no wonder healthcare providers have experienced a surge in ransomware attacks over the past two years. Because of the critical services hospital and health systems provide, the extent to which their businesses are digitized, and the amount of sensitive information they store and process, ransomware actors have identified healthcare providers as easy and lucrative targets that are highly likely to pay a ransom in order to restore operations or prevent patient data from being exposed. Statistics bear this out: in 2021, 61% of targeted healthcare organizations paid the ransom.

What’s interesting is the data attackers are after, when they’re motivated by more than a quick payout: more often, they’re compromising patients’ personally identifiable information (PII) as opposed to their protected health information (PHI) and medical records. The 2022 Verizon Data Breach Investigations Report showed that personal data was compromised more often than medical data, with 58% of affected healthcare organizations reporting theft of personal information during a ransomware attack, compared with 46% reporting compromised medical records.

Given the high risk of ransomware, what should healthcare CISOs do differently to fight it, especially considering the limited human and financial resources they have available to put toward it?

  1. You’re providing patient care 24/7, you need security solutions that can keep up: Consider a Managed Detection and Response (MDR) strategy.
    Given limited human and financial resources, it’s challenging to keep the security team fully staffed days, nights, weekends, and on holidays. Whether you need to augment your existing security operations center (SOC), or don’t have a SOC, an MDR service can ensure your systems are always being closely monitored. 

  2. Preventative intervention is key to stopping ransomware before it metastasizes: Implement Next-Generation Antivirus (NGAV) technologies.
    When defending against sophisticated ransomware, the single most important factor is time. Ransomware attacks occur in stages, with malicious activity often starting weeks or even months before data gets encrypted. Adept NGAV solutions stop attackers in their tracks, as early in their malicious operation as possible, thereby ensuring that attackers will not be able to exfiltrate PII or PHI or capture enough machines to bring operations to halt.

  3. Use the symptoms to identify the root cause: Invest in an Endpoint Detection and Response (EDR) solution.
    Healthcare technology environments are diverse and expansive, providing camouflage for attackers’ clandestine activity. Leading EDR solutions are built to watch over sprawling attack surfaces and uncover subtle anomalous activities occurring in the environment. Seemingly minor, innocuous activity can prove to be the markers of a much larger malicious issue when meticulously pieced together by an effective EDR solution. Because resource-constrained security teams lack the time to investigate every symptom, EDR solutions can uncover attackers’ stealthy patterns for them.

Healthcare is an over-attacked and under-resourced sector, but healthcare CISOs can leverage advanced technology and professional services to dramatically reduce their organization’s risk exposure while optimizing the efficiency and effectiveness of their existing staff.

Cybereason Team
About the Author

Cybereason Team

Cybereason is dedicated to partnering with Defenders to end attacks at the endpoint, in the cloud and across the entire enterprise ecosystem. Only the AI-driven Cybereason XDR Platform provides predictive prevention, detection and response that is undefeated against modern ransomware and advanced attack techniques. The Cybereason MalOp™ instantly delivers context-rich attack intelligence across every affected device, user and system with unparalleled speed and accuracy. Cybereason turns threat data into actionable decisions at the speed of business.

All Posts by Cybereason Team