Early on October 28, we got to know that personal and medical details – including names, social security numbers, and diagnostics images – of more than 3 million U.S. patients are available online, unprotected and accessible to anyone who knows how to search for it.
Later that same day, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued a joint cybersecurity advisory about “Ransomware Activity Targeting the Healthcare and Public Health Sector”. The advisory details techniques used by malicious actors to infect healthcare systems with a specific ransomware strain – the Ryuk malware – and to exfiltrate data, both presumably for financial gains. More worryingly, the advisory describes not only attacks that could happen, but attacks that are taking place right now and whose imminent escalation is probable.
All of this is happening in the middle of a pandemic that puts huge pressure on healthcare staff. This pressure is what led us at Forescout Research Labs to release (coincidentally at the same day as the events discussed above) a new research report that highlights the risks that allow incidents like these to happen and the recommendations to protect organizations from these threats.
The risks we identified and the mitigations we recommended are in line with CISA/FBI/HHS’s:
- Lack of visibility into networked devices means that they may be vulnerable, unpatched, or misconfigured and can be used as an entry point or as the targets of malware. Identifying and patching vulnerable devices is paramount for mitigating risk.
- Improper network segmentation allows threats to spread within the network. Sensitive data and devices should be isolated from less critical segments.
- Several protocols and network communication expose devices to undue risk. Map and block externally accessible protocols whenever they are not needed.
For more information on this research and the specific risk areas facing healthcare organizations that could leave them vulnerable to ransomware and other attacks, please download the full report.
