Ransomware attacks and other types of cyberattacks in healthcare are growing, not only in amount, but in sophistication as well.
The recent State of Ransomware in Healthcare report released by Sophos highlighted a 94 percent increase in ransomware attacks in 2021, with 66 percent of healthcare organizations hit by ransomware – up from 34 percent the prior year.
Healthcare organizations a prime target for ransomware attacks
Not only is healthcare a lucrative target for hackers financially, with large operating budgets and insurance policies, but it is also a low-hanging target with complex, legacy systems. Threat actors know that organizations across the healthcare sector are driven by a need to rapidly restore operations to ensure the health and safety of patients and continued delivery of services – whether in a hospital, across the medical supply chain, or even health insurance plans.
Lisa J. Pino, Director of the Office of Civil Rights (OCR) wrote a letter earlier this year encouraging healthcare organizations to strengthen their cyber security posture, noting that “more than one health care provider was forced to cancel surgeries, radiology exams, and other services, because their systems, software, and/or networks had been disabled.” This pressure to restore operations is leading to higher ransom demands, with the average demand up 144 percent.
Federal agencies are urging healthcare organizations to take action against the growing threat of ransomware. A recent Cybersecurity Advisory from the Cybersecurity and Infrastructure Security Agency (CISA) warned that the healthcare industry was being increasingly targeted by North Korean state-sponsored cyber actors with the Maui ransomware. Subsequent research indicated this operation was opportunistic, compromising low-hanging targets – which, unfortunately, is often healthcare organizations. As with other ransomware attacks, these incidents were disrupting services for prolonged periods.
A similar advisory went out this August from the Office of Information Security warning healthcare organizations against threats from the Karakurt ransomware group. In this advisory, details specifically outline that the group is gaining access with stolen or compromised credentials.
How healthcare organizations can break the cyberattacks in healthcare cycle
By blocking the most common routes of access ransomware attackers use to invade the network: credentials and phishing, healthcare organizations can break the cycle. What’s common across both of these is the user: poor user practices in combination with legacy authentication can oftentimes make it easy for attackers to gain access to the enterprise.
While ransomware is a daunting challenge to fix, the first step can be very simple: prioritizing the human layer by securing user access to critical systems and data using phishing-resistant multi-factor authentication (MFA).
President Biden’s Executive Order 14028 and the follow-up OMB M-22-09 specifically mandate phishing-resistant MFA to defend against sophisticated attacks, including ransomware. Phishing-resistant MFA, provided by smart card or a FIDO2 security key such as YubiKey, is an authentication method that is immune from attempts to compromise or subvert the authentication process. Better yet, phishing-resistant MFA offers the potential to address some of the challenges with legacy MFA such as passwords that lead to poor user experience when authenticating in healthcare settings and the security gaps associated with password sharing.
How Yubico supports the prevention of cyberattacks in healthcare
The YubiKey is designed to meet healthcare organizations where they are on their journey to strong authentication – seamlessly supporting legacy infrastructure as well as modern, cloud-based systems. To learn more about how easy it is to deploy phishing-resistant MFA, download our whitepaper, “Modernizing MFA and going passwordless across the healthcare sector.”