The NHS is the country's largest employer, and ransomware has been a major problem for them. Ransomware is a type of malware that encrypts your files and forces you to pay a ransom to regain access. When the Wannacry Ransomware struck in 2017, the NHS was severely impacted. Ransomware is not simply a problem for big businesses; smaller companies who struggle with limited budget often lack the resources or ability to access security solutions to implement the relevant measures to prevent and recover from these attacks. In this post, we'll look at how ransomware affects healthcare providers such as hospitals and clinics, what they can do about it and why monitoring network traffic and more broadly, visibility, is so essential when defending against these types of cyber threats.
Why is Ransomware such a threat in Healthcare?
Due to the sensitive nature of their data and devices that are linked with other systems, healthcare is quite unique when it comes to ransomware. Hospitals are particularly susceptible since they often use outdated technology which can, in many cases, be on devices that are unmanaged from a security perspective. As a result, this usually means they aren't properly maintained or secured. The added impact for organisations in healthcare is that it’s not just data or money that is lost. When disruption is made to medical devices or infrastructure it can also be human lives that are at stake.
Ransomware is usually spread via phishing emails designed to trick you into clicking a link or downloading a file. Doctors and medical support staff are humans too, capable of making the same mistakes as everyone else and given the busy, high pressure nature of their work, cyber criminals have identified them as potential targets who may inadvertently click a malicious link. Ransomware is also frequently distributed through tainted pre-installed applications on mobile devices, such as smartphones and tablets. we’ve even heard of an example where malware was found to have infected medical equipment including an infusion pump. Ransoms (if they’re paid) are normally done so in cryptocurrency, making it difficult to trace the payments by law enforcement agencies.
The impact of Ransomware in UK healthcare sector
The NHS was brought to a halt for several days in May 2017 as a result of the WannaCry ransomware outbreak, which afflicted hospitals and general practitioners across England and Scotland. Despite the fact that the NHS was not specifically targeted, the worldwide cyber-attack exposed vulnerabilities in security and triggered thousands of cancellations of appointments and procedures, as well as chaotic transfers of sick patients from emergency departments. Staff were forced to revert to pen and paper after systems such as phones were damaged, forcing them to utilise their own mobile phones.
According to CIO, Department of Health and Social Care, (2018), The WannaCry ransomware exploited a known Microsoft Windows vulnerability, not an unsupported software application. Because the malware affected mostly NHS devices running a compatible but unpatched Microsoft Windows 7 operating system, most of the cyber-attack's extents were caused by this element. The National Audit Office, (2018) detailed that the ransomware also spread via the internet, including via N3 (the broadband network connecting all NHS sites in England), but there were no reports of it spreading through the NHSmail email system.
According to NHS England, at least 80 of the 236 hospitals had been hit, as well as 603 primary care and other NHS organisations, including 595 GP clinics. Although no NHS organisation paid the ransom, according to the Department of Health (DoH), NHS England and the National Crime Agency, the costs have been estimated to be in the region of £92m.
What can healthcare providers do about ransomware?
Healthcare providers need to protect their network from ransomware attacks with solutions such as:
- Next-generation firewalls (NGFW) which offer high performance protection against cyber threats including malware, viruses, ransomware etc.
- User behaviour analytics software to detect suspicious activity before data loss occurs
- Advanced threat prevention features using cloud intelligence to block ransomware, targeted attacks and advanced malware
- Advanced web filtering for safe internet access to only the sites that are needed
- Endpoint security software to protect their endpoints with solutions designed to provide multi-layered protection against ransomware, spyware, viruses etc
- Data Loss Prevention (DLP) software to prevent unauthorised data sharing by users or devices connected to your network .
It's worth mentioning not just healthcare providers need this type of technology, but all businesses.
Why is visibility so important to controlling the impact of ransomware?
Visibility into your network is crucial, you can't protect what you cannot see and with the increase in IoT, BYOD and shadow IT, it's not always clear what is on your network and if it should even be there.
Network visibility into behaviour patterns in real-time can help you control user activity on your network before it leads to ransomware infections. With proper controls in place, you can detect suspicious behaviours and ransomware infections early.
With the right network visibility software, you can even detect ransomware infections on your endpoints before data loss occurs protecting valuable business information.
Key Takeaways
Ransomware has become one of the most common cyber threats impacting businesses throughout all industries around the world including healthcare providers. Ransomware is typically delivered through spam emails or infected apps downloaded onto mobile devices like smartphones or tablets that are then used to infect other systems on a network.
The impact of ransomware in healthcare is greater due to the nature of the data they hold, the speed it can spread as a result of outdated equipment and a lack of security measures in place. The main cause for concern is clearly the fact that any serious disruption, reduces the quality of care and in extreme cases, lives can be put at risk.
Many ransomware attacks have been successful because people within organisations do not update their operating system with security updates which leaves them vulnerable to this type of attack, thus creating an environment where it's difficult for law enforcement agencies to track payments made by criminals in order to decrypt files on infected systems. Ransomware can also spread like a virus through connected devices such as printers, medical devices, smart TVs and even video conferencing equipment.
To prevent ransomware, you need to know exactly what is in your environment and what activity is taking place. Equipped with this information, you can take steps to secure, monitor and plan for a ransomware attack with the relevant technology, people, and processes.
