Not for the first time, we witnessed a set of brazen ransomware attacks on healthcare targets last month. First, the Dax Hospital in southwestern France was hit by a ransomware attack on February 9. Then, on February 15, a similar attack struck a hospital in Villefranche-sur-Saône, near Lyon. Both attacks used the Ryuk ransomware.
These hospitals - in the middle of a pandemic - were literally paralyzed by the attacks after categorically refusing to pay the ransoms.
Hackers shut down telephone systems, and hospital network admins had to turn off Internet and other network services to keep the ransomware from spreading. This shutdown snowballed – affecting surgical devices, patient records, appointments, medication management, bed allocation, and medical staff scheduling. Patient interventions and procedures were canceled, Covid-19 vaccines center was closed, and critical patients were moved to other hospitals.
To try to restore order, the hospitals reverted to paper-based administration methods that hadn’t been in use for years.
And they’re still using paper and whiteboards to run these medical facilities. A month later, Dax hospital IT is still working on the construction of a new network, deploying new servers, restoring backups, and creating various temporary "mini-grid" systems to run chemotherapy, sterilization, medical imaging, medical biology, emergency, and other departments. Only later next month (two months after the attacks) the Dax hospital expects to restore the next stage of services.
This was the worst-case scenario come true for any organization – particularly for a healthcare organization, wherein patient lives were put in danger owing to malware attack.
According to the French National Information Systems Security Agency (Anssi), ransomware attacks in France surged 255% last year compared to 2019, with the increase particularly affecting the healthcare sector. There were 27 cyberattacks on French hospitals in 2020, according to the French Ministry for Digital Transition and Communications. And it’s not just healthcare providers.
In addition the two hospitals mentioned above, French health insurance company Mutuelle Nationale des Hospitaliers (MNH) was hit by ransomware in early February, disrupting operations.
Attackers, though clearly deplorable, have a good reason for making healthcare establishments their priority targets. According to a recently published interview with an active cybercriminal, hospitals pay off 80-90% of ransomware attacks, because they feel they have no choice.
Healthcare providers in France and elsewhere are suffering the same pain as other sectors – who are increasingly in the crosshairs of ransomware threat actors. Ransomware attacks across all industries are growing bolder, more frequent, and massively more expensive. A recent report found that ransomware attacks targeting industry were second only to those targeting government in prevalence.
And ransomware itself is getting more sophisticated. Threat actors are increasingly adopting techniques to threaten operations, not just administration. Notably, experts are tracking more frequent incorporation of code that seeks out and exploits vulnerabilities in industrial control systems (ICSes) and can spread from IT networks to OT networks.
Healthcare and other sectors are coming to understand that IT and OT cybersecurity are vastly different fields. IT cybersecurity specializes in securing bits and bytes – definitely crucial for the admin side of the healthcare business. OT cybersecurity, on the other hand, specializes in securing both data and physical systems – and especially the intricacies of OT components like large-scale medical devices (think CT and MRI machines) that often communicate via industry-exclusive protocols, that are not even visible to IT networks.
This is where Otorio comes in as a leading industrial cybersecurity company.
We offer the world’s first end-to-end, industrial-native portfolio of cybersecurity solutions together with a rich portfolio of field-proven professional services including Incident Response, Risk Impact Assessment, Penetration Testing, and Training.
This enables our partners in industry and healthcare to leverage attack mitigation tools that were designed and built from the ground up for OT ecosystems with operational production processes and continuity as their number one priority.
The explosion of ransomware attacks against healthcare provider networks demands a rethinking of cyber response policy. To facilitate a viable and economical response to ransomware in the healthcare industry, stakeholders need to seek out partners with proven experience in mitigating OT risk.