Memorial Health System, a healthcare non-profit, disclosed suffering from a ransomware attack, encrypting their endpoints and forcing staff to work with pen-and-paper charts.
The ransomware group Hive is allegedly responsible for the attack. The encryption of the IT environment forced the cancelation of numerous high-priority surgeries and radiological examinations. Although Memorial Health System president and CEO Scott Cantley stated on Sunday that patient and employee data remained unaffected, BleepingComputer found evidence indicating that databases containing sensitive information for 200,000 patients were stolen.
For more, we turn to the cybersecurity experts.
Memorial Health System Suffers Ransomware Attack, Data Theft
Josh Rickard is Security Solutions Architect at Swimlane.
“Since the onset of the COVID-19 pandemic, we have seen cyber-criminals take advantage of healthcare organizations again and again as new waves and variants persist. Healthcare organizations face unique challenges when looking to efficiently manage information security due to their large, distributed networks and complex electronic health record platforms that store highly sensitive protected health information.
In addition to the trove of unique data present, hospitals are also an appealing target for ransomware groups because they can’t afford downtime and are therefore viewed as more likely to pay the ransom quickly. In the case of Memorial Health System, urgent surgical cases and radiology exams were forced to be canceled due to the attack. Security operations within healthcare organizations are increasingly investing in ways to automate and centralize their detection, response, and investigation efforts into a single platform. This allows them to better visualize their effectiveness and further understand what is not working within their environment(s).
Even after access is regained following a ransomware attack, potential penalties for failure to detect and report on improper access create a long path to recovery. By leveraging the power of automation, these institutions can orchestrate their incident response and breach reporting processes to improve the security team’s ability to protect patient data and comply with numerous regulations.”
Stephan Chenette is Co-Founder & CTO of AttackIQ.
“The healthcare industry is one of the largest targets for cyber-criminals due to protected health information (PHI) being extremely profitable on dark web marketplaces because it usually contains fixed information, such as dates of birth and Social Security Numbers, which hackers can use to commit identity theft for years to come. Additionally, Memorial Health System is a non-profit organization, which makes it an even more attractive target for cyber-criminals because nonprofits are often viewed as having lower defensive maturity and limited cybersecurity expertise.
Organizations that manage sensitive health information must adopt a threat-informed cyber-defense strategy tailored to focus on the adversaries most likely to impact their operations to maximize their ability to protect sensitive information. To best defend against ransomware, it’s important to understand the common tactics, techniques, and procedures used by the adversary. In doing so, organizations can build more resilient security detection, prevention, and response programs mapped specifically to those known behaviors. Additionally, companies should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to avoid falling victim.”
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021