Medical syringe with a bottle of liquid


Navigating ransomware attacks in the health care sector

The global health care industry has seen a dramatic increase in ransomware attacks in recent years. A key driver of this increase is the economy of cybercrime. It is a lucrative business, generating more than $1.5 trillion in revenue each year. This leads to an incredible profit considering the approximate average cost of access to a potential target is only somewhere between $400 and $0.0004. Nearly half of ransomware attacks also result in a data breach, making the following two incentives cybercriminals’ top choices: personal data sales, which net approximately $160 billion per year, and ransoms from ransomware, which bring in about $1 billion annually.

Develop a defense strategy

Most organisations recognize that cyber adversaries are not individual hackers anymore but highly organised cyber gangs, state-sponsored actors, and sophisticated crime rings. Although their attacks can take various forms and come from various places, their primary goal is typically the same: to cause as much damage to the target as possible so that the compromised organisations will pay their ransom.

Health care organisations should aim to enhance their cyber defense to make it more painful and costly for threat actors to attack. Ideally, this will involve focusing on five key areas: deterring perimeter breaches.

  • Boost user awareness - Users are commonly an organisation’s first line of defense. Through targeted cyber training and awareness, and continuous user group performance monitoring, you can make it substantially more difficult for hackers to penetrate your perimeter.
  • Reduce the technical attack surface - Hackers prefer to hit organisations where they’re most vulnerable. This makes it crucial to reduce your attack surface through active vulnerability management, patching and hardening of systems, and end-user security (e.g., browser isolation).
  • Improve the detection rate - Because the cyber landscape is constantly evolving, you need to constantly monitor your environment so you can detect unusual behavior or signs of attacks— such as suspicious file activities on storage devices.
  • Limit lateral movement - If a hacker does access your systems, you want to prevent any potential compromise from spreading. By employing Zero Trust principles, like identity and privileged access management, and network segmentation, you can limit attackers’ ability to laterally move within the network.
  • Isolate and contain - The faster you can isolate affected systems, the quicker you can contain any associated damage. One way to facilitate this is by proactively building compartmentalisation features into infrastructure design.

Be resilient and sustain critical operations

While a strong defense strategy is a key element of cybersecurity, your organisation’s ability to respond to a breach is equally important. Short reaction times and the ability to start immediately responding to a ransomware attack significantly improve the organisational resilience, reduce the risk of being blackmailed, and might, in extreme cases, even save lives.

Recover with confidence

As the cyber threat landscape continues to evolve, health care organisations must adapt in stride. This means moving beyond detecting cyberattacks and protecting critical assets to honing the resilience to recover in the event of a breach.

By identifying your mission-critical services, understanding the interplay between your various systems, engaging in ongoing training, and continually refining your recovery maturity, you can go a long way towards thwarting attacks increasingly aimed your way.

To learn more about how Deloitte can help you, contact us.

Did you find this useful?