Mt. San Rafael Hospital thwarted a ransomware attack on one of its sister facilities earlier this year before anything could be compromised. The organization is still working through the details of the hack, says CIO Michael Archuleta, whose hospital is part of the BridgeCare Health Network, which includes five hospitals in Colorado.
“It could have been a bad issue if we didn’t have the automation and intelligence to catch and stop it,” says Archuleta.
The vast majority of ransomware stems from a malicious email attachment that employees open and unwittingly propagate across a network. Attackers can use this exploit to lock up systems and demand payment to release them.
Not every organization has been so quick to catch malicious behavior. Just ask the victims caught in the 2020 SolarWinds dragnet, which infiltrated the software supply chain and spread like wildfire across thousands of businesses and government agencies, including the US State Department. The global pandemic has proved to be a fertile opportunity for perpetrators to unleash cybersecurity attacks against every industry grappling with impacts of COVID-19 on their businesses.
Healthcare is ripe for cyberattack
Perhaps no sector has grappled with ransomware — among other digital attacks — than the healthcare industry, whose wealth of connected computers, medical devices, and patient information make it a treasure trove for attackers. In 2020 alone, 18 ransomware families infected 104 healthcare organizations, including hospitals, pharmaceutical firms, and biomedical companies, according to cybersecurity vendor CrowdStrike’s 2021 global threat report.
“Healthcare organizations tend not to be as ready from a cybersecurity perspective as others,” in defending against attacks, according to Gartner analyst Paul Proctor, who says he has fielded several calls from hospital CIOs and security leaders about threats during the pandemic. Some want to know what they can do to better stop the attacks; others have already experienced the “transformative moment” of being breached.
What surprises Proctor is the continued resistance of executive decision-makers to acknowledge the importance of the technology they rely on to support their organization. Many healthcare execs continue to view cybersecurity as a compliance concern rather than as an existential business risk. As a result, many healthcare organizations still underinvest in technology and fail to educate staff in basic cyberhygiene, such as how to identify phishing attacks.
Mt. San Rafael’s Archuleta agrees, noting that industries such finance and energy practice better cybersecurity than healthcare organizations. And despite seeing more “attacks of opportunity” during the outbreak, Archuleta says, many organizations still bolt on cybersecurity rather than integrate it as part of their core IT strategies.
“Cyber has been seen as cost center rather than as strategic revenue contributors,” he says. “We need to drive innovation.”
To defend his hospital, Arculeta has deployed Cylera software to monitor an internet of things (IoT) network that spans radiology machines, computers, and other equipment. “It provides that hawk-eye view,” of everything from IP addresses and operating systems to printers and virtual local area networks, Archuleta says. The software, which IT staff can watch categorizing threats by risk on a dashboard, disconnects devices or systems from the network if it detects anomalies.
Mt. San Rafael’s defense strategy also includes software and hardware from Dell, Cisco, and Splunk. Archuleta also provides cybersecurity education to ensure a “strong human firewall.”
The rise of ransomware and other cyberthreats during the pandemic is gaining the attention of other healthcare facilities as well. Cedars-Sinai Hospital, for example, has “deployed a bunch of things,” to protect the organization against ransomware and various threats, according to CIO Darren Dworkin.
For instance, the IT department expanded the hospital’s virtual desktop infrastructure to account for more employees working from home and deployed monitoring tools on home computers.
“At the core, more of everything, including reliance on SOCs [security operations centers] and tools to manage incidents,” Dworkin tells CIO.com.
Ransomware reigns as chief concern
Dr. Sam Amirfar, CIO of The Brooklyn Hospital Center, says the the number of bots trolling for weaknesses has increased expotentially since he joined the organization in 2014. The bots uncover vulnerabilities and relay them to human perpetrators, who can then drop targeted payloads into facilities for ransomware. “You’d be in awe of how sophsticated some of the attacks have been,” Amirfar tells CIO.com.
Amirfar attributes this increase in attacks on healthcare systems to the rise of sophisticated hacking tools and cryptocurrencies such as Bitcoin, which make it easier for perpetrators to accept payments anonymously. He is especially worried that perpetrators will trick healthcare workers perpetually fatigued and stressed out from the pandemic to click on malicious links in emails and text messages.
Although the Center is small — a single facility with around 200 beds — its proximity to the Barclays Center arena, which hosts professional basketball games and concerts among other events, makes it a potential target.
Amirfar offered the following hypothetical: Suppose a popstar injured a leg while performing at Barclays Center and was taken to the Center for treatment. If publicized, it would make the hospital a ripe target. Amirfar fears a hacker could drop a ransomware attack on the hospital, locking up its computers with encryption software and demanding payment in Bitcoin to release the decryption keys.
Such plausible scenarios make it hard for Amirfar to sleep comfortably at night, even though he pays Cisco Systems to manage a SOC for the hospital, which operates more than 2,200 PCs and 500 servers. If Cisco detects something suspicious, it shuts it down and immediately alerts Amirfar’s team.
“Cisco set up a big safety net,” Amirfar says. In one month, the Center logged over 148 million security events that were analyzed and either dismissed or investigated by Cisco. Of those 148 million, 248 were further investigated by Cisco, less than a third of which were elevated to Amirfar’s team for final resolution.
Even so, Amirfar acknowledges that hospitals are “pawns in a great digital war.”
“If the State Department can’t protect itself, I don’t see how we can protect ourselves,” Amirfar adds, alluding to the SolarWinds attack.
Continue reading for free
Create your free Insider account or sign in to continue reading. Learn more