12/10/2024 | News release | Distributed by Public on 12/10/2024 14:58
There used to be some honor among thieves. Threat actors, once upon a time, left healthcare providers alone to avoid the potential of killing a patient. Unfortunately, those times are behind us. Today, healthcare is among the top three industries targeted by ransomware. And the threat continues to grow. Last year Zscaler alone blocked nearly 4.5 million attacks, up from 3.8 million the previous year. Recovering from ransomware is expensive. The largest payout to a ransomware threat was $75 million and that does not include money lost to downtime, lost revenue and damage to provider reputation.
The good news is that based on successful attacks we know the villains as well as their strategies and we have the technology to block their efforts. The Change Healthcare attack targeted a third party application widely used across healthcare organizations to facilitate payments. The application was infiltrated and data was encrypted, rendering it inaccessible by users. Ascension Health, one of the largest healthcare systems in the U.S. was breached when an employee unknowingly downloaded a malicious file which was able to move across the network, disrupting critical systems, including electronic health records (EHR), systems used for ordering tests and medications, and patient communication portals.
In both cases an external facing system, one accessible by the internet, was to blame, proving the adage, "if you are reachable, you are breachable." Luckily there are steps to take to decrease your "reachability."