Scripps Health Ransomware Attack Shows Medical Facilities a 'Favorite Target'
Cybercriminals know health care organizations are easy to attack and rewarding.
![Ransomware Ransomware](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltc7367ac9b54e178a/652452067f33038fa7ad1e4e/4-Ransomware.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Tyler Shields is CMO at JupiterOne. He said it’s hard to know the exact details of the attack as it’s not yet disclosed.
“However, the risk involved in a health care attack like this can be immense,” he said. “It seems that this attack was severe enough that the hospital system decided the risk was too high, resulting in patient diversions and other precautions to be tripped. The risk to human life is the most important factor to consider when these attacks occur. Clearly that risk was enough to make patients go to other locations, meaning that this attack had a high level of severity. Scripps, and other health care systems and hospitals, have to look at the current state of their security program and make sure that they increase their risk mitigation and protection capabilities given the chances of ransomware attack.”
Mohit Tiwari is co-founder and CEO of Symmetry Systems. He said hospitals need to prioritize fighting a number of health care-related issues every day, as well as having to work with software and hardware that takes years to certify for safety. Unfortunately, this means the compute infrastructure is delayed for both business and technical reasons.
“The shift in mindset that hospital executives must get to is that compute infrastructure is key to health care,” he said. “Computing failures are health care failures. Furthermore, computing flaws are highly correlated and can spread quickly — ransomware or a breach of large data stores or compromise of medical equipment on a network. With the right investments, technology is available that can shift certified workloads into safer virtual machines and put defenses around it, and better identity and authorization methods that prevent small errors from scaling out organization wide.”
Jack Kudale is founder and CEO of Cowbell Cyber. He said cyber incidents are always one or two steps away from triggering physical incidents or life-threatening situations.
“This specific event is a frightening reminder that there is a digital component embedded in every aspect of our lives,” he said. “Health care services (every business, really) need to diligently activate easy protection measures such as multifactor authentication (MFA), systematic backups, cybersecurity awareness training for all employees, and more.”
Dirk Schrader is global vice president of security research at New Net Technologies (NNT). He said being hit by ransomware on a Saturday evening likely indicates the attackers have been in there for a longer period of time and waited for the best moment to start the actual attack.
“That way, the spread is not readily contained, thus also reaching an online backup site,” he said.
A number of cybersecurity controls either missed the initial infection or failed to contain the spread because nobody was monitoring them, Schrader said. Moreover, these cybersecurity controls may not have been in place at all.
Furthermore, judging by the high number of devices connected to the network, the attackers likely had plenty of inroads to try, he said.
“The early steps in the cyber kill chain are a good example of where organizations should look to if they want to protect themselves,” Schrader said. “They should answer questions like how to limit reconnaissance on infrastructure when that information can be used to weaponize the attack, how to inhibit delivery of malware to infrastructure and to reduce the attack surface for exploitation, and how to detect any installation, any file dropped on a device, which is an unwanted change in the system’s status and integrity. Security controls and security workflows orchestrated in a way that reduce an organization’s exposure and helps to detect changes are a good start.”
The financial services sector experienced a 125% surge in exposure to mobile phishing attacks in 2020.
That’s according to a new report by Lookout. Mobile exposure doubled among financial services and insurance organizations between 2019 and 2020.
Cyberattackers are deliberately targeting phones, tablets and Chromebooks to increase their odds of finding a vulnerable entry point. A single successful phishing or mobile ransomware attack can give attackers access to proprietary market research, client financials, investment strategies and cash or other liquid assets.
A few key findings include:
● Almost half of phishing attempts tried to steal corporate login credentials.
● Nearly one in five mobile banking customers had a trojanized app on their device when trying to sign into their personal mobile banking account.
● Despite a 50% increase in mobile device management (MDM) adoption, average quarterly exposure to phishing rose by 125%, and malware and app risk exposure increased by over 400%.
● Twenty-one percent of iOS devices and 32% of Android devices were exposed to more than 390 and 1,060 vulnerabilities, respectively, because they were running iOS 13 or earlier and Android 10 or earlier. A delay in users updating their mobile devices creates a window of opportunity for a threat actor to gain access to an organization’s infrastructure and steal data.
Hank Schless is Lookout‘s senior manager of security solutions.
“When targeting financial services, cybercriminals have the opportunity to go after both employees and customers,” he said. “This means security teams have to cover an incredibly broad threat landscape. For that reason, it’s never too surprising to see financial services listed as one of the most targeted industries.”
Historically speaking, mobile devices that enable employees to be as productive as they are from a computer is a relatively new phenomenon, Schless said. The boom of cloud-based services and infrastructure has created an environment where employees expect a seamless experience no matter what device they’re working from.
“There also hasn’t been a way for security teams to get visibility into the risk profile of their mobile fleet without either violating the user’s privacy or fully managing the device,” he said. “Only within the last few years have there been ways to achieve this balance between security and respecting end-user privacy.”
IBM Security has introduced a new SaaS version of IBM Cloud Pak for Security. It’s designed to simplify how organizations deploy a zero trust architecture across the enterprise.
The company also announced an alliance partnership with cloud and network security provider Zscaler, and new blueprints for common zero trust use cases.
IBM Cloud Pak for Security now combines threat management and data security capabilities into a single, modular solution. And with the new SaaS version, customers can choose between an owned or hosted deployment model. whichever is best suited for their environment and needs.
It also provides access to a unified dashboard across threat management tools, with the option to scale with a usage-based pricing approach.
Jason Keenaghan is zero-trust strategy leader at IBM Security. He said the latest version of IBM Cloud Pak for Security has many benefits for IBM business partners.
“First, the latest version adds many new capabilities that support and enable a comprehensive zero-trust architecture,” he said. “This includes out-of-the-box connectors to more third-party vendor security tools like StackRox for cloud workload protection and CrowdStrike for endpoint detection and response (EDR). It also includes a new orchestration playbook-authoring tool that greatly simplifies the user experience for MSPs or end customers. Second, IBM Cloud Pak for Security now combines data security capabilities from IBM Security Guardium in the same modular package, with enhanced integrations with the threat management components of Cloud Pak. This will make it easier for business partners that are helping their customers adopt zero trust, and looking to integrate data and threat management together as part of a common security workflow.”
Lastly, the new SaaS version simplifies the overall approach to applying zero trust, Keenaghan said. For integrator partners, it’s much easier to connect different security tools without having to set up and maintain a separate environment on their own.
The IBM alliance partnership with Zscaler offers product integrations that will help make zero trust a reality, he said.
“Integrating SASE into the other capabilities outlined in our zero-trust blueprints adds another and critical layer of protection that helps organizations create a productive workforce from anywhere,” Keenaghan said. “We have several business partners who service and sell both IBM and Zscaler products. This new partnership will simplify how these business partners sell and deliver on the combined value of the two portfolios.”
IBM Security has introduced a new SaaS version of IBM Cloud Pak for Security. It’s designed to simplify how organizations deploy a zero trust architecture across the enterprise.
The company also announced an alliance partnership with cloud and network security provider Zscaler, and new blueprints for common zero trust use cases.
IBM Cloud Pak for Security now combines threat management and data security capabilities into a single, modular solution. And with the new SaaS version, customers can choose between an owned or hosted deployment model. whichever is best suited for their environment and needs.
It also provides access to a unified dashboard across threat management tools, with the option to scale with a usage-based pricing approach.
Jason Keenaghan is zero-trust strategy leader at IBM Security. He said the latest version of IBM Cloud Pak for Security has many benefits for IBM business partners.
“First, the latest version adds many new capabilities that support and enable a comprehensive zero-trust architecture,” he said. “This includes out-of-the-box connectors to more third-party vendor security tools like StackRox for cloud workload protection and CrowdStrike for endpoint detection and response (EDR). It also includes a new orchestration playbook-authoring tool that greatly simplifies the user experience for MSPs or end customers. Second, IBM Cloud Pak for Security now combines data security capabilities from IBM Security Guardium in the same modular package, with enhanced integrations with the threat management components of Cloud Pak. This will make it easier for business partners that are helping their customers adopt zero trust, and looking to integrate data and threat management together as part of a common security workflow.”
Lastly, the new SaaS version simplifies the overall approach to applying zero trust, Keenaghan said. For integrator partners, it’s much easier to connect different security tools without having to set up and maintain a separate environment on their own.
The IBM alliance partnership with Zscaler offers product integrations that will help make zero trust a reality, he said.
“Integrating SASE into the other capabilities outlined in our zero-trust blueprints adds another and critical layer of protection that helps organizations create a productive workforce from anywhere,” Keenaghan said. “We have several business partners who service and sell both IBM and Zscaler products. This new partnership will simplify how these business partners sell and deliver on the combined value of the two portfolios.”
A ransomware attack on Scripps Health’s computer network last weekend continues to significantly disrupt patient care.
The San Diego-based health care provider was forced to block patient access to its online portal. It also had to postpone appointments and send some critical-care patients to other hospitals. Scripps Health operates five hospitals in the San Diego area.
Scripps Health’s website remains down. On its Facebook page, the provider said its technical teams and vendor partners are “working around the clock to resolve these issues as quickly as possible. We have notified law enforcement and the appropriate governmental organizations.”
Its outpatient urgent care centers, and Scripps HealthExpress locations and emergency departments remain open for patient care, it said.
The Scripps Health ransomware attack comes as no surprise as cybercriminals have been heavily targeting health care providers, even more so during the COVID-19 pandemic.
Valuable Data Associated with Health Care
Paul Keely is chief cloud officer at Open Systems. He said medical facilities have become a favorite target of bad actors. That’s because health care data is worth up to 50 times more than credit card information. And it includes more personal details.
Open Systems’ Paul Keely
“Health care organizations clearly need to revisit their cybersecurity strategies to consider what else they can do to keep themselves, their patients and other stakeholders safer,” he said. “They can do that by working with proven partners that deliver integrated cybersecurity services that address today’s expanding IT enterprise edge, take a zero-trust approach to enforce access policy, and employ a combination of human cybersecurity experts and artificial intelligence (AI) to fully understand and respond to threats as they arise.”
Purandar Das is CEO and co-founder of Sotero. He said hackers are after soft targets knowing that are easy to attack and financially rewarding.
Sotero’s Purandar Das
“Organizations have to move toward protecting data via new encryption technologies that keep them secure while enabling privileged access,” he said. “This prevents a data-held hostage situation.”
Secondly, organizations have to move toward a resilient deployment architecture, Das said. That will enable them to bring up a failover system without risking long-term outages.
Our slideshow above features more comments on the Scripps Health attack and the week’s other cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
Read more about:
MSPsAbout the Author(s)
You May Also Like