Expert Analysis: Scripps Health Possible Ransomware Attack

Expert Analysis: Scripps Health Possible Ransomware Attack

Scripps Health, a San Diego-based healthcare provider, disclosed suffering a cyber-attack that carries the signs of potential ransomware.

The attack appears to be ongoing, and it has already caused major IT downtime. The Scripps website was down, patient portals did not work, and appointments were forced to be canceled as a result. In fact, it also forced ambulances to be diverted from Scripps health-affiliated hospitals. 

To learn more about the Scripps Health Possible Ransomware Attack, we spoke to several cybersecurity experts. Here’s what they had to say. 

 Scripps Health Possible Ransomware Attack  

Jerome Becquart

Jerome Becquart is COO of Axiad

“As healthcare workers take on such a critical role in the pandemic and vaccine rollout, hospitals and healthcare providers need to ensure security in every aspect of their employees’ work to prevent cyberattacks. Email is the most frequent cause of compromised security within the industry – often due to phishing threats where employees are unable to distinguish if an email is genuine or not and ultimately share confidential information. Healthcare providers can utilize digital signatures to help their employees identify if an email is truly from an internal source or a phishing threat.

Security incidents in the healthcare industry are also frequently caused by vulnerable passwords that healthcare workers create for convenience and use many times throughout a shift to log in and out of their system, on various machines. Moving to multi-factor authentication that doesn’t require unsafe passwords will help secure healthcare employees, patients, and their data. It will also increase the productivity of frontline workers. The less time healthcare employees spend logging in and out of systems, resetting passwords, or dealing with credential issues, the more time they can spend on their critical work.”

Edgard Capdevielle

Edgard Capdevielle is CEO of Nozomi Networks.

“Showing just how low cyber-criminals will go, the attack on a major healthcare facility like Scripps highlights the dark side of ransomware, disturbingly putting lives at risk.  The truly sad reality is no one is immune from ransomware, and, like good medicine, the best defense is prevention.

The probability of ransomware attacks must be factored into an organization’s incident response and business continuity plans. This includes training staff [members] on the threat and the techniques cybercriminals will use to get into systems and carrying continuous security monitoring across IT and OT networks to identify malicious activity or vulnerabilities that cyber-criminals could exploit. Ransomware should be factored into an organization’s incident response and business continuity plans. Beyond a technical response, decision-makers need to be prepared to weigh the risks and consequences of alternate actions.

Ransomware threat actors typically rely on spear-phishing links or vulnerable public services to gain initial entry into a network. Afterward, they move laterally to gain access to as many nodes of the network as possible, allowing them to increase the magnitude of the disruption.

Cybersecurity best practices such as strong segmentation, user training, proactive cyber hygiene programs, multi-factor authentication, and the use of continuously updated threat intelligence, should be used to protect IT and operational environments from ransomware and other cyber-attacks.”

Alexa Slinger

Alexa Slinger is an identity management expert at OneLogin.

“Malicious actors and attackers are unrelenting in their pursuits to take advantage of the most vulnerable systems, healthcare organizations, and exploit them. We’ve seen that weak access control and social engineering phishing are usually the main ways they target and exploit healthcare institutions, resulting in data breaches and/or ransomware attacks. While Scripps has not made details known, we have seen COVID-related topics and email subject lines as the enticement to lure vulnerable individuals in.

Due to COVID, healthcare organizations were forced to accelerate their digital transformation efforts to accommodate remote models for activities such as telemedicine. Oftentimes, healthcare facilities are using outdated legacy infrastructure and unpatched hardware and software systems, which make them easy targets for hackers seeking valuable patient records and research data. In addition, healthcare systems are often highly connected, meaning that when a breach does impact one part of the system, it has the potential to bring down the whole system.

The healthcare industry is notorious for underspending on IT and malicious actors know the data they can glean from a healthcare hack is especially lucrative on the dark market. Healthcare organizations must begin to understand and tackle the threats they are faced with, especially as it pertains to the regulations and protections for the critical data they hold. This breach highlights the need for a full-scale access management platform to secure entry into their systems, applications, and intellectual property. In addition, the healthcare industry must begin to implement comprehensive security awareness training to educate all personnel on how to spot phishing attempts, password practices, and what to do in the case of an active exploit.”

Purandar Das

Purandar Das is CEO and Co-Founder at Sotero

“Hackers are targeting soft targets knowing that they are easy to attack and they are financially rewarding. This also plays into current situations where medical information is more valuable than other categories of stolen information. It is also highlighting a weakness in current deployments of technology platforms that adopt a legacy approach to security and data protection. Criminals are targeting organizations that have been slow to adopt a more robust and resilient architecture. Organizations have to move towards protecting data, via new encryption technologies, that keep them secure while enabling privileged access. This prevents a “data help hostage” situation. Secondly, organizations have to move towards a resilient deployment architecture that enables them to bring up a failover system without risking long term outages.”

Thanks to the experts for their time and expertise. For more, check out the Endpoint Security Buyer’s Guide.

 

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me