How healthcare can tackle ransomware like they treat diseases

By CyberArk

The healthcare industry is increasingly vulnerable to cyber threats as it embraces digital transformation. CyberArk shares how they can ramp up their cyber defences.

Cancer typically starts in one location. If left untreated, the cancerous cells begin to spread to other parts of the body. At this stage, the cancer is much more difficult to treat and can eventually overwhelm the body.

Ransomware acts the same way. They start by exploiting a small vulnerability in an organisation’s IT system, and slowly find ways to infiltrate deeper into the network. Eventually, they gain enough foothold to inflict damage.

But ransomware can be tackled if caught early and weeded out, much like cancer in its early stages. CyberArk shares how.

How ransomware infiltrates the system

Doctors begin cancer treatment by first identifying where the disease originated. Cybersecurity teams likewise need to first understand where the ransomware attack started.

Most ransomware attacks begin in devices such as laptops, desktops, mobile phones, or tablets. The process usually starts with the delivery of a malware virus which will disable IT security systems and monitoring at the entry point.

Cybercriminals will maximise the impact of their attacks by accessing valuable data to extort a larger ransom. This makes the healthcare sector particularly vulnerable as the personally identifiable information and health records they hold are very valuable on the black market.

The healthcare sector also cannot afford to have their systems down while negotiating a ransom since they deal with life and death. Cybercriminals can exploit this to demand higher ransoms of healthcare institutions.

Additionally, cybercriminals have more opportunities to infiltrate the healthcare industry as it digitalises. For example, medical staff use computers to administer drugs, perform scans, or obtain lab results. Medical facilities also have computers in patient rooms and operating theatres to monitor patients and allow staff to easily access health information.

These devices are all potential avenues for cybercriminals to exploit. The WannaCry Decryptor ransomware attack on Britain’s National Health Service, for example, infected 1200 diagnostic devices and forced many others offline to contain the spread.

Early detection of and response to ransomware

Healthcare organisations can protect themselves by monitoring user devices to detect and respond to ransomware threats early. This can be done through Cyberark’s detection software which continuously monitors these devices in near real time.

This programme allows organisations to identify potential breaches and suspicious activity early and stops evasive attacks and breaches once detected. It also alerts organisations automatically once breaches are detected, improving the efficiency of security response.

Healthcare organisations can also use AI and machine learning to defend against ransomware. For example, they can block known ransomware attacks based on past records, and even sieve out new threats.

Prevention of cyberthreats through safeguarding admin privileges

Early detection, however, does not tackle the root of the problem – attackers stealing credentials and gaining admin privileges to infiltrate the system.

It is common in healthcare for many individuals to have privileged user access to ensure smooth day-to-day operations. This includes third party vendors who provide maintenance or IT support to healthcare organisations, making the industry more vulnerable to potential cyber attacks.

Managing these privileges without impacting productivity is difficult as it may involve more hoops for users to jump through before accessing an account or system.

CyberArk’s privilege manager system makes this easier by automatically removing unauthorised admin accounts on user devices and blocking attempts to steal credentials.

The system also controls how accounts with different security clearance are used by setting boundaries on each account’s ability to read, write, or modify information. Additionally, movement across different departments or functions are limited by automatic prompters for multi-factor authentication.

These measures limit the extent of attacks that do evade detection and the damage they can cause.
Information on how attackers are abusing privileges from the manager can also improve detection to mitigate future attacks. This reduces the chances of cyber attackers leaving backdoors in the system to launch attacks in the future.

Ransomware attacks can cause catastrophic damage to healthcare organisations if not addressed, much like how cancer can wreak havoc on a patient’s body. Doctors combine prevention, early detection, and response to treat cancer; IT teams can do the same.