domingo, 19 mayo 2024
Visitas totales a la web: 89656485

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

Ransomware attacks grow more menacing during the pandemic, creating headaches in health sector

Sean Lyngaas

Steve Giles was having dinner in the Los Angeles area on Friday, Feb. 5, 2016, when he received an ominous phone call.

The computer networks of Hollywood Presbyterian Medical Center, the 434-bed hospital where Giles was the chief information officer, were seizing up. “This created panic, to some degree, within the nursing and physician staff,” Giles told the California Senate weeks later. “We immediately reverted to downtime procedures.”

His staff ended up running to an ATM across the street, twice, to withdraw $17,000 to convert to cryptocurrency and pay off the hackers who were holding his hospital’s computers hostage. There were no reports of patient harm from the incident.

Giles’ team averted a serious medical crisis, but the attack exposed vulnerabilities in one of the first high-profile ransomware incidents at a hospital. Nearly five years on, numerous health care organizations have endured their own version of that jarring experience.

“I equate Hollywood Presbyterian to the accidental revelation that these hospitals are prone and they’re prey, they just lacked sufficient predator interest,” Josh Corman, senior adviser for COVID and safety critical issues at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said in an interview in September. “And it was a feeding frenzy after.”

There have been more than 80 publicly reported ransomware attacks on health care providers in 2020 — more than in all of 2019, according to Allan Liska, a ransomware specialist at threat intelligence company Recorded Future. Health facilities large and small have been affected by the ransomware scourge as the sector’s longstanding cybersecurity challenges, including resource constraints and managing software updates, have come to a head during the pandemic.

A lesson from SamSam

The pandemic has created fresh IT security challenges in the health sector while exacerbating old ones. For example, health care organizations have in recent months relied more on telehealth services to treat patients remotely. If not configured properly, that IT infrastructure can introduce new vulnerabilities that attackers can exploit, according to Justine Bone, CEO of health security company MedSec.

“That became a real challenge for our customers during the pandemic as hospitals scrambled to stand up telehealth platforms without going through the normal checks and balances,” Bone said.

In other cases, deep-rooted cybersecurity issues are taking on more urgency as health care facilities are stretched to capacity by the coronavirus. Managing software updates, for example, in sprawling hospital IT networks has always been difficult for some organizations. But in the face of heightened ransomware threats, the ability of hospitals to promptly update buggy software has perhaps never been more important.

“Vulnerability management [in the health sector] is hard,” said Ron Pelletier, founder of Indianapolis-based security company Pondurance. “Not only do you have to stay on top of it, find the issues and patch them, but you have to constantly do it.”

Pelletier vividly remembers his own “Hollywood Presbyterian” moment: Hancock Regional Hospital in Indiana called him in to help recover from a SamSam ransomware attack in January 2018. The hospital’s careful logging of network traffic made it easier to trace and recover from the attack, he said.

Pelletier and other experts said that health care organizations have made security improvements in the last few years. There is better sharing of threat data in the sector, and more awareness of the network monitoring, security configurations and vulnerability management processes needed to protect networks.

“If you do those things, it lessens the attack surface, and the attackers will move on,” Pelletier said, echoing a pep talk he gives clients.

Corman emphasized the need to have offline-backup for data and the ability to restore networks after an attack. “Because you’re unlikely to prevent a motivated and well-financed campaign, but if you can get back up really quickly the total impact to patient care or patient care delivery is reduced,” he said.

A renewed threat from Ryuk

The economics of ransomware attacks in the health sector are an enduring problem. Despite having security protocols in place, Hancock Regional Hospital opted to pay roughly $45,000 to the attackers to unlock their computers. Many other organizations have coughed up money to retrieve their data.

“We as an industry have been paying too much, and we’ve fueling the R&D for them to come back at us harder and better,” said Corman, who cautioned that he was not referring to a specific incident. “To use a medical analogy, it’s almost like we’re creating drug-resistant bacteria. And it’s not going to be sustainable in the current course and speed.”

The issue has only magnified in the last two weeks as there have been a wave of suspected Ryuk ransomware attacks on U.S. health care facilities. The Eastern European criminal gang behind the attacks is known for demanding tens of millions dollars from large organizations, according to security company FireEye. Federal agencies issued an advisory about an “imminent” cybercriminal threat to U.S. hospitals and held private briefings for health care executives.

It’s a stiff test for a U.S. health sector that, on the one hand, has more awareness of cybersecurity issues and support from the government than before, but on the other is knee-deep in a pandemic. The goal is to bring back computer systems quickly, and not let ransomware crooks affect patient care.

“This latest threat is unique due to its immediacy, severity and potential for broad impact,” said John Riggi, senior adviser for cybersecurity and risk at the American Hospital Association. “Fortunately, the field has taken this [government] advisory very, very seriously and has rapidly bolstered cybersecurity defenses around medical devices and phishing emails, reinforced backups and tested incident response plans.”

Fecha de publicaciónnoviembre 04, 2020

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos


Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

El amor de Macarena Olona por la Guardia Civil empieza por su pareja, un joven oficial condecorado

El padre de su hijo llegó a la Benemérita como militar de carrera y, los que le...

Responsable Servicio de Prevención Propio

Fundación SUMMA HUMANITATE Madrid (España)

Últimas noticias


Con este primer artículo, queremos iniciar una serie sobre la seguridad de los Juegos Olímpicos y Paralímpicos de “Paris 2024”. En dicha serie, vamos a analizar la naturaleza del evento, para entender su dimensión y la complejidad de dotarle de unas condiciones adecuadas para las tres situaciones que pueden darse en un evento.

La empresa privada que investiga el incendio de Valencia avisa sobre los peligros de las fachadas ventiladas

Se trata de Synthesis, la misma que indagó sobre el colapso de la Torre Windsor de Madrid, en 2005, o el fuego...

Lecciones del incendio de Valencia

El reciente incendio del edificio de Valencia ha hecho que se ponga el foco de atención en este tipo de riesgos, y en las medidas preventivas y reactivas para la protección frente a ellos.

El país más bello y triste jamás inventado

David Jiménez retrata el mundo de los reporteros en la novela 'El Corresponsal', inspirada en hechos reales y ambientada en el totalitarismo...

¿Sabes cuáles son las diferencias entre la Guardia Civil de la Policía Nacional?

Ambos cuerpos se dedican -en esencia- a velar por la protección de los ciudadanos. Sin embargo, cada uno de ellos tiene unas...