By Evan Pounder
Over the past year, the world has been grappling with the ever-evolving impacts of the Covid-19 pandemic. However, as much of the world struggles to deal with this crisis, malicious groups and actors see it as an open door, in which they can walk right through and create more panic and devastation. At a time where the main focus is effective treatment for people suffering from the virus, the impact of blended threats in the Healthcare and Public Health Sector (hereafter, healthcare sector) has been significantly amplified. Here at Gate 15, we place a lot of emphasis on the importance of understanding and combatting blended threats, which we have defined as a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property. In a time where healthcare utilization is at an all-time high for many facilities as hospitals across the country (and around the world) manage the increasing demands of the pandemic, a variety of threat actors have use the opportunity to launch various cyber-attacks. With an uptick of 86% in ransomware attacks on health care providers this year, it is becoming increasingly more important to understand the threat at the door.
“The Federal Bureau of Investigation (FBI), in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA), have issued a warning of imminent cyberattacks on more U.S hospitals.”
Earlier this month, CyberScoop reported that a medical center based in Towson, Maryland has become the latest victim of one of these attacks. According to the hospital, the ransomware attack caused “many of our [IT] systems to go down.” This attack potentially affected multiple patient procedures for the following week, as the hospital like many others plagued by these malicious cyber-attacks attempts to deal with the ramifications.
The attack in Towson was just one example of how groups are utilizing the pandemic as a way to bolster the effects of their attacks, aiming at organizations where maintaining operations is urgent and making a hasty payment may be more appealing. With a substantial increase in the number of patients being admitted to the hospital, as well as amplified pressure from the public for quick and timely care, malicious actors view this as a weakness in the defenses of the medical community. As a result of very little time to waste combatting specific ransomware or other blended threats, hospitals and other medical service providers must wrestle with how to best respond while trying to minimize a variety of risks – including their ability to provide possibly life-saving care. Hospitals and other essential medical providers understand that it could be potentially catastrophic if their ability to treat patients and conduct operations was compromised. Threats that break through a hospital’s cybersecurity and critically impact or impair their infrastructure can be extremely dangerous to patients, both physically and potentially to their privacy. Knowing the incredibly time sensitive aspect of their work, medical service providers are potentially more willing to pay off ransoms in order to resume medical operations.
Another example of this date back to October of this year, where six different hospitals were all targets of ransomware within a 24-hour time span. With demands ranging from one – five million dollars in Bitcoin, the attackers locked down the hospitals’systems, prohibiting them from conducting crucial procedures. Some of these hospitals, understanding that they were not going to be able to take time fighting this intrusion, paid the ransom to have their systems unlocked. In this situation, that is all the threat actors needed in order to call this attack a success. Not unlike spam phishing or sextortion threats, for example, the expectation is not that every recipient falls victim, but that hopefully a few do. In this attack, the attackers didn’t need every hospital to pay the ransom to be successful, but instead bank on the idea that at the very least a few will fold under the pressure of having their systems locked down.
In light of this, the Federal Bureau of Investigation (FBI), in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA), have issued a warning of imminent cyberattacks on more U.S hospitals. Such attacks pose a serious and enduring threat to healthcare providers and underscore the need to be prepared for these and other incidents and disruptions as criminals continue to launch more attacks hoping that hospitals and others in the healthcare sector will be unprepared to defend themselves or that they will pay an extortion out of desperation to resume operations quickly.
Understand the Threats.
Assess the Risks.
Take action! Our team is here to help you build the relationships and capabilities you need and to assist in the development of plans, training, and exercises to support your ability to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk to your organization in our complex, all-hazards environment.
Evan Pounder is an intern at Gate 15 with a concentration on work with WaterISAC. He is a third year Army ROTC cadet at the University of South Carolina majoring in finance, with minors in French and Military Science.