Insights for Chief Information Security Officers (CISOs) from recent medical cyber disruptions

Insights for Chief Information Security Officers (CISOs) from recent medical cyber disruptions

The global ransomware landscape has seen a significant player emerge over the past year - the Black Basta ransomware group. According to recent reports, the group has infected over 500 organizations worldwide as of May 2024 [1]. This group has been a cause for concern, particularly in the healthcare sector, as it has shown a preference for targeting this industry due to the extensive amount of Personal Identifiable Information (PII) patient data at risk.

Last month, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory note regarding the activities of the Black Basta ransomware group [2]. CISA has warned that ransomware gangs, such as Black Basta, are increasingly targeting the healthcare sector, a trend that has been on the rise since 2021.

In 2023, CybelAngel, a European Advanced Threat Protection (EASM) tool, identified and tracked 62 active ransomware groups involved in over 5,000 known and reported attacks across 132 countries [3]. This data underscores the growing threat of ransomware attacks, not just in the healthcare sector, but globally.

Impact of Ransomware Attacks on Healthcare

Ransomware attacks on healthcare systems have resulted in severe operational impacts. According to CISA, 74% of cases involving Black Basta result in successful data encryption, and 58% of computers within affected organizations are impacted [2]. This is higher than the general sector average, highlighting the attractiveness of healthcare organizations as targets for cybercrime actors.

The operational impacts of these attacks are significant. In various locations, including London and 140 hospitals across 19 states in the U.S., ransomware attacks have led to the cancellation and rescheduling of procedures [4].

Mitigation Strategies

Despite the growing threat, there are strategies that healthcare organizations can employ to mitigate these risks. Allocating funds towards proactive services that pinpoint vulnerable data points could represent a mere fraction of the average annual recovery expenses, costing less than 8% [4].

Moreover, organizations that rely on physical backups have a notable edge. According to reports, 45% of organizations that suffered attacks were able to rebound within a week [4].

CISA recommends several strategies to improve cybersecurity in healthcare organizations. These include installing updates for operating systems, software, and firmware as soon as they are released, requiring phishing-resistant multi-factor authentication (MFA), implementing recommendations, including training users to recognize and report phishing attempts, securing remote access software, making backups of critical systems, and securing device configurations [2].

In the face of these growing threats, healthcare CISOs must remain vigilant and proactive. They must address phishing risks, improve staff cybersecurity training, harden supply chain security, and prepare for sophisticated ransom extortion tactics amid a highly active ransomware threat landscape with substantial operational and patient safety implications [1][2][3][5].

[1] CISA. (2024). 2024 Ransomware Threat Trends in Healthcare. Retrieved from https://www.cisa.gov/ransomware-threat-trends-healthcare

[2] CISA. (2024). Advisory: Black Basta Ransomware Group. Retrieved from https://www.cisa.gov/uscert/ncas/alerts/aa24-224a

[3] CybelAngel. (2023). State of Ransomware 2023 Report. Retrieved from https://www.cybelangel.com/state-of-ransomware-2023-report/

[4] Healthcare IT News. (2024). Ransomware recovery: The cost of prevention vs. the cost of recovery. Retrieved from https://www.healthcareitnews.com/news/ransomware-recovery-cost-prevention-vs-cost-recovery

[5] Healthcare IT News. (2024). Why ransomware attacks on healthcare organizations are slowing. Retrieved from https://www.healthcareitnews.com/news/why-ransomware-attacks-healthcare-organizations-are-slowing

1. The Black Basta ransomware group, a significant player in the global ransomware landscape, has shown a preference for targeting the healthcare sector due to the extensive amount of PII patient data at risk.
2. In the wake of rising ransomware attacks, particularly in the healthcare sector, the Cybersecurity and Infrastructure Security Agency (CISA) has recommended strategies to improve cybersecurity, such as installing updates, requiring multi-factor authentication (MFA), and implementing recommendations including training users to recognize and report phishing attempts.
3. While ransomware attacks on healthcare systems have resulted in significant operational impacts, organizations that rely on physical backups have a notable edge, as 45% of organizations that suffered attacks were able to rebound within a week.
4. Concerned about the growing threat of ransomware attacks, healthcare CISOs must address phishing risks, improve staff cybersecurity training, harden supply chain security, and prepare for sophisticated ransom extortion tactics amid a highly active ransomware threat landscape with substantial operational and patient safety implications.
5. As the threat of ransomware attacks continues to evolve, the science of cybersecurity and technology play a crucial role in the health-and-wellness industry, with medical-conditions data being at risk, necessitating a proactive approach to cybersecurity measures.

Read also: