Can ASM help healthcare organizations reduce risk of RaaS?

The State of Ransomware in Healthcare 

A huge wave of ransomware attacks has plagued the healthcare sector amid the Covid-19 pandemic. In 2021, at least 100 new breaches have been reported in the Department of Health and Human Services HIPAA Breach Reporting Tool. Ransomware attacks have increased two-fold in recent years. Additionally, the growing popularity of Ransomware as a Service (RaaS) has contributed significantly to the increased rate of attacks. RaaS is where ransomware developers lease developed malware, encryption tools, communication channels, and ransom collection solutions, all for a percentage of a ransom that the affiliates collect. 

The Department of Health and Human Services had tracked 82 ransomware incidents globally as of May 2021. However, many more attacks have occurred since then. Here are some of the reported 2021 ransomware attacks:

1. Patient information lost in Apex Laboratory 

On 31^st December, New York-based Apex Laboratory published a data breach notification announcing a ransomware attack. Although the attack occurred on 25^th July 2020, the organization did not announce it till five months later. Initially, Apex’s forensic investigation concluded the attack did not compromise patient information. However, the responsible threat actors uploaded at least 10,000 files containing personally identifiable information and protected health information. The leaked data included patient Social Security numbers, Medicaid, Medicare, and insurance information. Apex did not reveal if it paid a ransom.

2. Ransomware gang affects hundreds of hospitals. 

The Ryuk ransomware gang targeted not less than 235 hospitals in 2021. Ryuk operates one of the most notorious RaaS affiliate campaign programs. For example, King of Prussia, Pa.-based Universal Health Services lost more than $65 million to a Ryuk ransomware attack. However, the loss was not a result of paying the demanded ransom. Instead, UHS incurred labor expenses in network restoration. The attack also caused computer system downtime, interrupting operations in 250 US-based facilities. 

3. REvil strikes UnitingCare Queensland. 

REvil is another ransomware gang that operates RaaS campaigns. For example, a REvil attack on April 2021 targeted UnitingCare Queensland, causing network and system disruption. Although the attack did not compromise any patient information, it caused the healthcare organization to shift to paper-based workarounds. As a result, the hospital took almost two months to bring affected systems, networks, and applications back online. 

What is Attack Surface Management (ASM)?

An attack surface comprises all potential exposures to cybersecurity risks. Also, it is all known, unknown, and possible vulnerabilities across organizational software, network, and hardware components. For most modern health institutions, complex digital landscapes result in massive attack surfaces. Therefore, it is a challenge to identify and manage all attack surfaces because of two primary reasons. Firstly, the attack surface expands constantly due to increased reliance on digital technologies. Also, security threats keep changing as attackers adapt to match emerging defensive capabilities.

That said, organizations require ASM – a continuous process for securing their digital assets. ASM is an ongoing process used to monitor, discover, prioritize, and mitigate security threats to IT assets that process, store, or share sensitive information. However, for the process to be effective, organizations must continuously analyze their networks and systems to detect and alleviate security flaws. 

Why healthcare organizations need ASM

There are three primary reasons why institutions in the healthcare industry require ASM. These are:

1. Identifying and prioritizing digital assets 

An organization can only protect what it knows. Through an ASM process, determining all attack surfaces is critical to achieving robust protection. Therefore, identifying and prioritizing all internet-enabled assets is mandatory in managing the attack surfaces. In this case, healthcare institutions require to obtain an inventory of all deployed assets. They must then classify the assets based on the organizational risk level. Prioritization assists in identifying assets with higher risks and, therefore, require higher protection.

2. Determine the security ratings 

Security ratings consist of quantifiable measurements of an organization’s cybersecurity posture and performance. As such, the ratings enable real-time monitoring of the security health of assets deployed within a network ecosystem. Also, security ratings can assist healthcare organizations in monitoring the cybersecurity posture of third-party digital assets. Hence, ASM security ratings allow easy identification of external and internal cybersecurity risks in real-time. As a result, they are critical to reducing threats to attack surfaces. 

3. Network segmentation 

Healthcare facilities often have multiple departments with different access needs to internal networks. With ASM, they can segment the networks to facilitate easy control and monitoring of network traffic. More importantly, network segmentation provides an extra security layer since an attack can be restricted to the affected network. 

Can ASM Help Healthcare Organizations Manage RaaS?

Ransomware is one of the most dangerous threats to the healthcare industry today. In the wake of the COVID-19 pandemic, healthcare institutions worldwide have launched new digital services and applications to support treatment and vaccine research. The increased use of digital services prompted CISA to issue a warning on rising ransomware activities targeting the health sector. Furthermore, a recent analysis of data related to healthcare breaches found that ransomware accounted for 55%of all attacks.

Undoubtedly, RaaS affiliates have contributed immensely to the rising ransomware attacks. However, with ASM, the healthcare industry has a better shot at managing ransomware attacks. Ransomware attacks pose a significant threat to devices and networks. However, attackers use various methods to deliver ransomware to a target healthcare facility. Using ASM can protect against ransomware by mitigating the following risks:

• Outdated and vulnerable assets 
• Vulnerable vendor-managed assets
• Human errors, such as phishing and data leakage 
• Vulnerable IT obtained through acquisition and mergers 

Cynergy ASM

ASM with Cynergy can enable healthcare organizations to constantly monitor and manage vulnerabilities identified in physical and digital attack surfaces. Also, the Cynergy risk-driven platform facilitates risk assessments to prioritize attack surface challenges based on organizational vulnerabilities. Besides, Cynergy’s continuous asset discovery assures full control of all externally exposed devices, cloud, infrastructure, and web assets. It also identifies surfaces leaking sensitive data. In a nutshell, the continuous asset discovery solution provides complete visibility of organizational threats. Furthermore, with Cynergy ASM procedures, healthcare organizations can objectively plan and implement programs for managing all attack surfaces.