The Ryuk Ransomware Threat and What Hospitals Should be Aware of

Federal officials have warned that there is an imminent blitz of cyberattacks pointed towards healthcare data. Providers should step up their game when it comes to defense tactics.

Hospitals should be ready for an approaching surge of ransomware cyberattacks, U.S. government agencies warn. Patient care could be compromised and personal information exposed.

The FBI, the Cybersecturity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services, collectively circulated a warning, urging providers to protect themselves against these threats. These attacks involve malware being deployed to collect data from a victim in order to hold it ‘hostage’ and demand a payment.

The botnet Trickbot from Russia is most probably using Ryuk, an extremely contagious ransomware. Ryuk enciphers network files and deactivates Microsoft Windows System Restore. An executive from Microsoft corroborated to CNN that Ryuk’s actions result in the inability of recovering the data that has been stolen without the use of external backups.

A U.S. system involving 250 care sites suffered a gigantic Ryuk ransomware attack and as a result, ambulances and surgical patients had to be redirected. Just a few weeks later, California, Oregon and New York hospitals also received attacks, which are presumed to be part of the movement.

A security analyst told the New York Times that the amounts of money demanded by the ransomware criminals on healthcare provider attacks are now significantly larger than before and they can even request millions of dollars from unsuspicious victims. This will result in additional costs, such as loss of revenue, downtime costs and breach restitution.

Ransomware’s ramifications, however, are not only financial. An anonymous doctor, from one of the afflicted targets, confided to Reuters that the hospital is now unable to use paramount technologies, sick patients cannot be transfered, nor can health records electronically be updated, as officials cope with the situation.

The doctor said that they can still get imaging done and observe vitals, however, paper is the only mean available to document the results.

The Reason Ransomware Attacks Are Currently On The Rise

Ransomware was a massive issue, even prior to the pandemic. Bryan Ware, the assistant director for cybersecurity at CISA, mentioned that from the period of 2017-2019, 50% of ransomware attacks targeted the healthcare sector.

The reason for this is straightforward.

Earlier this month, HealthTech interviewed Ware. “When time is paramount and lives are at stake, the viewpoint of a malevolent criminal suggests that that someone is more likely to pay the demanded ransom”, Ware stated. Ware added that the websites which partake in research for the COVID-19 vaccine are a crucial target for ransomware threat actors.

The Healthcare Information and Management Systems Society were the host of two webinars recently, in which the panelists mentioned that although we are in the middle of a global pandemic, hackers have not backed off. In addition, hackers have increased their efforts and are even using facilities which are known to have less security defense as targets.

Proofpoint’s managing director of the healthcare industry pratice, Ryan Witt, told the audience of a webinar that the attacks which incur emotional manipulation have the most impact and are prefered by cybercriminals.

The exchanges could include emails from impersonators of the World Health Organization, fake notices involving a ”vaccine ID” from the Centers for Disease Control and Prevention, or even bogus orders for PPE (protective personal equipment).

Healthcare Ransomware Attacks and How to Prevent Them

No specifications were offered by Federal officials, as to how the recent ransomware attacks are being administered, however, they have intensified a message of alertness.

CISA and the Multi-State Information Sharind & Analysis Center cooperated in issuing a ransomware guide in September, that includes the greatest practices needed in order to regulate the risks of ransomware and various cyberthreats.

The newest advisory includes further guidance for IT teams, such as:

Be up to date on operating systems, firmware, software and patching upgrades, setting anti-virus and anti-malware solutions to automatically update.

Guard delicate data through network segmentation, therefore important information and the email environment are not on the same network segment or server.

Create secure passwords not to be reused within other systems or accounts, using strong and tactical word combinations.

Carry out systematic backups and execute a recovery plan, with the aim of maintaining and retaining, servers in physical locations, secure and separate, and numerous copies of proprietary and sensitive data.

Limit illegitimate use, implement application and remote access to solely authorize systems to perform programs known and approved by the official security policy.

Offer education on cybersecurity for all members of staff, including ransomware training and provide how-to knowledge on reporting a suspected breach, to accelerate an effectual response.