Nearly 106 million records were exposed in the 14 months to February 2021, from 293 publicly disclosed breaches in the healthcare sector
The COVID-19 pandemic has placed unprecedented strain on global healthcare infrastructure, and as vaccine rollouts commence and healthcare services continue to battle the virus, this is being proliferated further. The knock-on effect of this strain is that cyberattackers are finding what was already an attractive target now even more enticing.
Recent analysis from Tenable revealed that nearly 106 million records were exposed in the 14 months to February 2021, from 293 publicly disclosed breaches in the healthcare sector. And with 56 breaches already disclosed in 2021 as of February 28, it’s clear the threats aren’t disappearing anytime soon.
In a bid to reduce the growing number of threats and the risk of compromise, there is a two-pronged approach healthcare organisations can take.
Prioritise vulnerabilities in the system
According to our analysis, ransomware accounted for 54.95 percent of breaches tracked – or 161 breaches. When it came to healthcare, Ryuk stood out above the rest, accounting for 8.64 percent of ransomware-related breaches, followed by Maze (6.17 percent), Conti (3.7 percent), and REvil/Sodinokibi (3.09 percent).
Ransomware groups tend to favour leveraging certain attack vectors. Ryuk ransomware, for example, is known to favour a number of vulnerabilities, including CVE-2020-1472, a critical vulnerability in Netlogon also dubbed “Zerologon”. Zerologon was probably one of if not the most serious vulnerabilities of 2020 which resulted in Microsoft rolling out a planned second patch for it in February 2021 to enable Enforcement Mode by default.
With this in mind, healthcare organisations must identify and remediate vulnerabilities most likely to target and impact their organisation. Whether this is Remote Desktop Protocol (RDP), which has a history of critical vulnerabilities, or certain CVEs, like vulnerabilities in VPNs that continue to be targeted as they go unpatched, healthcare organisations must assess where their vulnerabilities lie and resolve them.
Patch & patch again – address the root cause
It’s incredibly important that healthcare organisations reduce the impact that ransomware attacks can have on their systems. The impact of ransomware goes much further than just financial. In healthcare, it can mean that critical processes are slowed or may even become inoperable and the resulting impact can be devastating.
Whether threat actors leverage email compromise, through phishing, or vulnerabilities to gain an initial foothold in healthcare sectors, it’s highly probable that vulnerabilities will be the root cause of compromise.
While the human element is a factor in some instances, the majority of breaches can be prevented (or at a minimum their impact reduced) by patching target vulnerabilities. In most instances, the vulnerabilities that are leveraged by ransomware groups are due to a lack of patching. Organisations must therefore ensure that available patches are implemented immediately, to help mitigate risks.
Keep the focus on security in 2021
There are no signs that cyberattacks against healthcare organisations will slow down in 2021, especially as vaccine rollouts continue across the world. Healthcare organisations need the resources and tools necessary to understand and reduce their risk.
It’s critical that steps are taken now to minimise the potential damage in order to protect the systems that have kept us safe in an incredibly trying year. Doing so will enable healthcare organisations to spend more time on what matters most: protecting lives.