Recent reports from the Federal Bureau of Investigation (FBI) indicate that hackers are unleashing a major ransomware attack wave on hospitals across the United States. In what they term “a wave of data-scrambling extortion attempts” aiming to lock up hospital IT environments even as the COVID-19 epidemic spikes. According to a report from the Associated Press, “[the ransomware attack] has already hobbled at least five U.S. hospitals this week.” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, calls it “the most significant cybersecurity threat we’ve ever seen in the United States.”
We compiled some expert commentary on the ransomware attacks affecting U.S. hospitals. Here’s what they had to say.
Ransomware Crisis Affecting U.S. Hospitals
Mat Newfield is Security Expert and CISO of Unisys.
Mat Newfield provides some best practices, including:
- “The two most critical things to do in order to prevent a ransomware breach is to ensure systems are always up to date with patches and you continue to focus on user education with regards to phishing and its variants such as SMSishing and vishing.
- Understanding that exploitation is inevitable will allow security leaders to put tools and programs in place to not focus on prevention, but on rapid response instead.
- Micro-segmentation and Zero-Trust concepts need to be at the center of your cyber programs to minimize the impact of a ransomware attack.
- Many healthcare organizations suffer from the continued use of legacy and end-of-life (EOL) systems that are highly susceptible to compromise.
- Rapid response and active monitoring are a must for healthcare and any other organization.
- Multi-factor authentication platforms and techniques can significantly slow or ultimately stop widespread infection due to a ransomware attack.”
Matt Walmsley is EMEA Director at Vectra.
“When cybercriminals claim they’ll avoid healthcare organizations, or make token “robin hood” payments to charities in attempt to portray themselves as somehow trustworthy, this alert reminds us of just how morally depraved cybercriminals can be. This is particularly true when they target critical to life sectors such as healthcare, which is under both seasonal pressures and the additional weight of dealing with COVID-19.
The business of ransomware has changed. Criminals have moved to lower volume, but highly targeted ransomware attacks. These are multifaceted, complex, and unfold over extended periods of time and increasingly use the legitimate tools within our networks and cloud services. This makes traditional signature-based defenses increasingly ineffective so we’re now detecting attackers by their behavior rather than looking for the specific tools or ransomware used. This makes it much more challenging and costly for attackers because even when they adapt configurations, their immutable behaviors still betray them. This new approach is both effective and durable.
The performance and analytical power of AI are needed to detect these subtle indicators of ransomware behaviors and the misuse of privileged credentials at a speed and scale that humans and traditional signature-based tools simply cannot achieve. Ransomware will continue to be a potent tool in cyber-criminals’ arsenals as they attempt to exploit, coerce, and capitalize on organizations’ valuable digital assets.”
Thank you to our experts for our time and expertise. For more on defending against ransomware, check out our Endpoint Security Buyer’s Guide.
Latest posts by Ben Canner (see all)
- How Endpoint Protection Platforms Protect Against Ransomware - December 4, 2020
- Predictions: The Top Endpoint Security Threats of 2021 (And How to Prevent Them) - December 1, 2020
- New Endpoint Security for New Remote Work Paradigm - November 25, 2020