Indeed, over the past few years, ransomware operators have shifted tactics, moving from widespread targeting intended to collect smaller ransoms from several entities to being more selective in what organizations are targeted and setting larger ransom amounts. One recent tactic revealed ransomware operators using virtual machine to evade detection, which was quickly adopted by other groups.
Original research from CybelAngel takes a look at how cybercriminals plan healthcare-related fraud, ransomware and other attacks by obtaining stolen credentials, leaked database files and other materials from specialized sources in the cybercrime underground.
Multiple Interactive Learning Objectives (MILO) — recently implemented by Michigan Medicine Security — provides realistic, life-sized scenario training. The learner is surrounded by screens upon which scenarios are projected. The scenario library includes a disruptive visitor at the nurse’s station, a breakroom argument that escalates to an unsafe level, a person experiencing a mental health crisis and many others.
Healthcare Delivery Organizations (HDOs) are arguably the most pressured organizations in 2020, not only needing to treat the many patients infected by coronavirus, but also defend themselves against a growing number of cyberattacks targeted at their industry. Here are five cybersecurity challenges researchers found facing Healthcare Delivery Organizations today:
While Artificial Intelligence (AI) has already been introduced into medical facilities – revolutionizing the research and development methods of critical disease treatments, it’s also bringing about a transformation in healthcare security operations. With technologies such as smart cameras and IoT platforms to better manage field level operations, healthcare organizations are seeing the possibility of a more streamlined, efficient and cost-effective way to manage their facilities.
VMware Carbon Black released 2020 data that paints a holistic view of the threats healthcare organizations face and should be prepared for in 2021. Researchers found that there were 239.4 million attempted attacks targeting healthcare alone in 2020. VMware Carbon Black was also able to identify the top five ransomware families plaguing the healthcare industry including:
In the midst of this confusion, we’ve continued to witness significant changes in the processes and operations that companies traditionally rely on to conduct business – with a majority of organizations relying on remote work to safely continue operations. Considering this, it’s no wonder that attackers have realized that there is a significant incentive to take advantage of already vulnerable personnel, and further, the confusion and panic that workers are rightfully experiencing during the pandemic.
One thing that makes hospitals more vulnerable today than in the past is the extraordinary increase in connected medical devices (often known as IoMT or the “Internet of Medical Things”). Network-connected medical devices make healthcare more efficient and enable better patient care. They range from simple blood pressure devices and infusion pumps to more complex machines such as MRIs, CT scanners, and ultrasounds. The obvious problem is that these network connections also make these devices vulnerable to attack.
Telehealth was an unexpected technology bright spot in 2020, as the Office for Civil Rights (OCR) relaxed enforcement of certain aspects of HIPAA, helping to reduce COVID exposure via virtual rounding and virtual visits. The following three high-level recommendations provide a basis for defense in depth for healthcare organizations in 2021.
As we look ahead to 2021 and to defending against an ever-evolving variety of exploits and attacks, it’s important to consider the cybersecurity attack vectors that will be most prevalent in the upcoming year.