healthcare - CodeHunter

Securing Legacy Systems in Healthcare

November 21, 2024/in Cybersecurity, healthcare, Best Practices/by Website Administrator

Healthcare organizations face a unique set of challenges in maintaining cybersecurity. Often healthcare organizations have environments that combine both modern and antiquated infrastructure that is integral to daily operations. The legacy systems, can include older software, medical devices, and data management systems, are often difficult to update or replace. While they may still function well enough to support day-to-day tasks, these older systems pose significant cybersecurity risks. Two of the most pressing issues are interoperability and budget constraints, both of which contribute to vulnerabilities that can jeopardize patient data and overall system integrity.

Data Breach Response: How Healthcare Organizations Can Maintain Trust

November 19, 2024/in Cybersecurity, healthcare, Best Practices/by Website Administrator

In an age where digital breaches are increasingly common, healthcare organizations face immense pressure to protect sensitive data. Patients now expect a higher level of diligence regarding their information’s safety, and a breach can significantly damage an organization’s reputation and lead to costly legal actions. This means that healthcare organizations need to be both proactive in cybersecurity and prepared with a responsive plan to maintain trust in the face of an incident. Here’s how healthcare organizations can uphold stakeholder trust in the event of a cyberattack.

Cybersecurity For Healthcare CISOs: Safeguard Against Vulnerabilities

September 18, 2024/in Cybersecurity, healthcare, Best Practices/by Website Administrator

In 2024, healthcare organizations face heightened cybersecurity challenges as the industry continues its rapid digitization. The widespread use of connected medical devices, electronic health records (EHRs), and telemedicine increases the attack surface, making healthcare an attractive target for cybercriminals. As stewards of cybersecurity, Chief Information Security Officers in healthcare must prioritize protecting sensitive patient data and ensuring operational continuity. Here’s how healthcare CISOs can mitigate vulnerabilities and build resilient security postures.

CodeHunter: A New Solution for Healthcare Cybersecurity

June 7, 2023/in healthcare/by Website Administrator

Protecting patients — and their data

The healthcare industry is faced with a vast set of challenges when it comes to information security.

More than most critical industries, healthcare is a hotbed for valuable, exploitable data, including protected health information, credit card information, personally identifiable information (PII), and intellectual property.

CodeHunter enables healthcare organizations to keep critical systems running by proactively identifying cyber threats.

Cyberattacks in Healthcare Mean More Than Lost Information

Taking advantage of internal chaos and over-taxed systems, cyberattacks against healthcare organizations have reached an all-time high. In 2021 alone, 45 million people were impacted by healthcare cybersecurity breaches, with the average cost of a data breach skyrocketing to over $7 million.

The trouble doesn’t stop when cybercriminals break into a healthcare system’s information vault. After a healthcare data breach, 50% of victims suffer medical identity theft. That high ratio makes sense when you consider that stolen health information is even more valuable than financial data — 20 to 50 times more valuable on the black market, in fact.

Over and above financial costs for organizations and individuals, healthcare cyberattacks can come at the cost of human life. Healthcare is a prime target for ransomware attacks, where cybercriminals encrypt patient data and hold it for a ransom. That can mean that a doctor caring for a patient in critical condition has no access to their patient’s records. Lack of access to records mean doctors are unable to provide care, which can result — and have resulted — in patients’ deaths.

Protect Patients (and Their Data) With CodeHunter

With CodeHunter running in the background, healthcare companies can rest assured that their network is safe from hackers. Patients can take care of their health without worrying about their personal identifiable information (PII) being stolen. And cybercriminals can toss and turn knowing that every day, the team at CodeHunter is developing and improving a new threat to malware.

Learn More

5 HIPAA Cybersecurity Requirements for CISOs

June 7, 2023/in Best Practices, healthcare/by Website Administrator

HIPAA Compliance Pays Off

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established privacy standards in the U.S. to protect sensitive data, from your social security number to the exact date and time of your tonsillectomy. Today, lawmakers have developed new HIPAA cybersecurity requirements to protect patients from the ongoing threat of cyberattacks and curb the steep rise in information theft — and non-compliance comes with a hefty price tag.

What CISOs Need to Know about HIPAA Cybersecurity Requirements

A record-setting 1,862 data breaches were reported worldwide last year, up 68% from the previous year. So it’s no wonder companies are being held accountable for the data they collect and store. HIPAA compliance requires hospitals and healthcare organizations to adhere to a handful of different rules to protect sensitive patient information.

1. Privacy

Patients have the right to keep their protected health information (PHI) private. PHI can encompass a variety of information on sensitive topics like diagnoses, appointments, and procedures.

2. Security

Organizations must secure PHI from unauthorized use and distribution. Think insurance information, names, addresses, and the like.

3. Enforcement

Entities protecting PHI must enforce security protocols at all times and initiate investigations in the event of a data breach. The best way to demonstrate this is to create and follow data protection protocols — and keep impeccable records in the event of an attack.

4. Breach Notification

Entities must inform appropriate local and national authorities should a breach occur. Data breach reports must note who contacted whom and what information was shared.

5. Omnibus

The Omnibus Rule updated HIPAA with cybersecurity in mind (thanks to the HITECH Act). The rule clearly states that organizations are liable for their compliance with HIPAA (more below).

How to Meet HIPAA Compliance Requirements

With the addition of the HITECH Act to HIPAA, healthcare organizations need to be much more vigilant about maintaining their HIPAA compliance. There are several ways healthcare cybersecurity professionals can stay on top of meeting HIPAA requirements.

Compile a Comprehensive Risk Assessment

It pays to be prepared. Get started by combing through your company’s data collection, processing, and storage methods with your IT team to identify risk factors and exploitable gaps. Use the Office of Civil Rights (OCR) Audit Protocol designed for HIPAA compliance as your road map.

Address Risk Factors, and Amend Compliance Gaps

Having completed an audit, prioritize meeting HIPAA’s compliance criteria. Keep updated records on the measures you’re taking and the lengths you’re going to for improvement. In the event of a future cybersecurity breach, you may need to prove in writing that you made every effort possible to protect your data.

Once Everything is in Order, Develop a Process to Keep it That Way

Automated reporting will alert you to any deviations in compliance. Schedule regular training sessions with employees to keep everyone in the know about the latest requirements. Make it a habit to look for ways to improve your defenses, whether that means overhauling your process or just trying out new software. Stagnation is your enemy.

HIPAA Violations Levy Heavy Penalties

We know protecting your clients’ information is motivation enough to take cybersecurity seriously, but take a moment to consider how a data breach will affect your organization’s bottom line, especially if you’re out of compliance. Violations are broken down into tiers and, depending on how many records are at risk, the costs are staggering.

Below is a summary of what it could cost a business per record affected if found non-compliant.

Tier 1 Violation — Lack of Knowledge

An entity is reasonably HIPAA compliant. However, it was unaware of the violation and could not have easily avoided it.

Penalty: $100 – $50,000 per record

Tier 2 Violation — Reasonable Cause

An entity is not quite considered neglectful of HIPAA compliance.

Penalty: $1,000 – $50,000 per record

Tier 3 — Willful Neglect

An entity is found neglectful of HIPAA compliance; however, it corrects the violations within a stated time period.

Penalty: $10,000 – $50,000 per record.

Tier 4 — Willful Neglect (Not Corrected)

An entity is neglectful of HIPAA compliance and does not correct its violations.

Penalty: $50,000 per record, up to an annual maximum of $1.5 million.

Get to Work

Follow cutting-edge cybersecurity best practices to prevent data breaches and prepare for the worst-case scenarios. Not only does protecting your data pay off in reputation and preserve trust from your customers — it saves a bundle in legal expenses. If all of that has you sweating, make sure your organization is prepared with cyberattack simulations and cyber wargames to gain some peace of mind.

Want more information on healthcare cybersecurity? Check out these other helpful resources:

Learn how to take your approach to malware from 2002 to 2022.
Understand how much money it takes for hospitals to truly recover from a cyberattack. (Spoiler: It’s in the million$$$.)
Weigh the pros and cons of hospitals negotiating with cyberterrorists after a ransomware attack.

7 IoT Medical Devices That Are Hackable

June 7, 2023/in Cybersecurity, healthcare/by Website Administrator

Security Flaws in Patient Medical Devices Put Lives at Risk

Advances in the IoT medical devices market are rapidly innovating how we treat patients, often to a remarkable effect. Layering robotics with medicine and factoring the Internet of Things (IoT) into patient monitoring has opened up a new world for medical treatment, supporting remote patient care. The healthcare IoT market surged throughout the pandemic — and is expected to rise at a rate of 25.9% to $446.52 billion by 2028.

However, there’s a catch: Many IoT medical devices are hackable, and compromised devices can lead to catastrophic patient outcomes.

Escalating Cyber Risks: IoT Medical Devices Connected to Outdated Operating Systems

While advanced IoT devices change how patients receive care, recent history sheds light on escalating cyber risks. In 2017, WannaCry ransomware infiltrated outdated Windows systems, entering 70,000 devices across National Health Services hospitals in England and Scotland. Ambulances stalled, hospitals closed, and patient monitoring was disrupted, delaying care and threatening lives.

Lessons from history are often repeated — and sometimes escalated. Gartner predicts that by 2025 attacks on operational technology (OT) environments linked to medical IoT devices will be hacked and weaponized during cyberattacks with the intent to cause physical harm or even death — costing over $50 billion per year.

Just a Few Examples of Hackable IoT Medical Devices

Keeping a close eye on IoT medical devices and their cybersecurity risks is a matter of life or death.

Tread cautiously with these seven IoT medical devices:

1. Next-Generation Teleoperated Surgical Robots: The Raven II

In 2001, Professor Jacques Marescaux used telesurgery and robotics from his offices in New York to perform a cholecystectomy on a 68-year-old woman in France. Since then, experts in robotics and medicine have worked around the clock to make telesurgery a viable option for anyone.

While telesurgery and robotics are most often used while the surgeon is in the same room as the patient, operating over a secure hardwire, surgeons will eventually use them to intervene during situations that are unsafe for humans (like battle scenes, chemical fires, earthquake rescue missions, and pandemics). But there’s a catch: Treatment will likely occur over insecure networks — and cybercriminals can easily infiltrate them. During research at the University of Washington, The Raven II, a telesurgery robot, was easily hacked. Even a tiny interference could have deadly consequences in actual practice.

2. Infusion Pumps: The B. Braun Infusomat Space Large Volume Pump and B. Braun SpaceStation

Imagine you’re lying in a hospital bed after surgery, blissfully unaware of your body’s distressed state thanks to the IV drip of painkillers. And then you suddenly wake up to excruciating pain because someone hacked into the network and shut off the infusion pump — or even worse, you don’t wake up at all because a hacker doubled the rate of flow.

Cybersecurity researchers revealed vulnerabilities that could lead to such an overdose when they hacked into the B. Braun Infusomat Space Large Volume Pump and B. Braun SpaceStation. Ironically, these IoT devices have a locked-down software design with thoughtful security features that are intended to keep patients safe from hackers. Researchers found an easy loophole: They hacked into the hospital’s network and exploited a common connectivity vulnerability, which allowed them to compromise the security of the B. Braun infusion pumps. “Successful exploitation of these vulnerabilities could allow a sophisticated attacker to compromise the security of the Space or compact plus communication devices, allowing an attacker to escalate privileges, view sensitive information, upload arbitrary files, and perform remote code execution,” announced B. Braun in a security statement.

3. Insulin Pumps: Medtronic and Johnson & Johnson

Medical device company Medtronic issued an urgent recall of their insulin pump controllers thanks to researcher Jay Radcliffe discovering connective vulnerabilities, potentially allowing an attacker to overdose the user. And it’s not the first time hackers have exploited vulnerabilities in Insulin Pumps: Back in 2016, Johnson & Johnson announced that one of its insulin pumps could be hacked, possibly overdosing the patients. The solution? Users were asked to disable a remote control feature, patch a vulnerability, and program the device using a maximum insulin release setting. (Now imagine your grandparent was using the insulin pump, and had to take each of those steps to stay safe.)

4. Imaging Devices: GE Imaging and Ultrasound Devices

According to the 2020 Unit 42 IoT Threat Report, a shocking 83% of hospital imaging devices run on unsupported operating systems — an easy entry point for malicious actors.

In 2020, researchers from CyberMDX found critical vulnerabilities attributed to default global credentials used in management software that affected over 100 radiology tools from GE (including molecular imaging devices, mammography devices, MRI machines, CT and PET Scans, advanced visualization, ultrasounds, and X-rays). “Successfully exploiting the vulnerability may expose sensitive data — such as protected health information (PHI) — or could allow the attacker to run arbitrary code,” researchers explained. And this could “impact the availability of the system and allow manipulation of PHI.”

5. Health Monitors: IntelliVue Information Center iX (PIIC iX) Developed by Philips

Several months ago, researchers at Nozomi Networks Labs discovered five new vulnerabilities in patient monitoring systems. Health monitors track a patient’s vitals and alert staff should anything go wrong — and these monitors are particularly vulnerable to attacks because they’re connected to the more extensive communications network and have large attack surfaces. A hacker could change settings, obscure the displayed data, or silence alarms, leaving patients in urgent need without help.

6. Digital Smart Pens

Doctors use digital smart pens to prescribe medications and then swiftly transmit them to pharmacies — along with a patient’s sensitive information, including their name, address, and health records. Security researcher Saurabh Harit of Spirent SecurityLabs revealed that it’s entirely possible to reverse-engineer the pen and uncover all that information. Even worse, a digital smart pen could serve as an entry point into a larger operating system — and cybercriminals could potentially access databases with patient records.

7. Implantable Cardiac Devices: Pacemakers

The U.S. Department of Homeland Security released a medical advisory statement exposing the vulnerabilities in several pacemaker models. Dick Cheney famously had his pacemaker modified back in 2007 to protect against a virtual assassination.

Hospital staff can protect themselves and their patients by following cybersecurity hygiene basics, keeping software and virus protection up-to-date, running vulnerability assessments and adopting zero-trust policies, modernizing legacy systems, training staff on cybersecurity best practices, and following the FDA’s Medical Device Safety Action Plan.

The Telesurgery Industry Is Flirting With Cyber Criminals

June 7, 2023/in healthcare/by Website Administrator

When Security is a Question of Life or Death

Readers of a certain age will remember the thrill of a ‘90s chat room — strangers from anywhere suddenly in your living room — but, by now, the wonders of telecom are squarely ordinary: Send messages across the world instantaneously? Check. Stream a live opera in Prague from a studio apartment in Poughkeepsie? Check. Run a business from your bedroom? Check.

But even those of us who are a bit jaded by technological advances have to admit that the idea of telesurgery — surgery performed by a physician using a remote-controlled robot over the Internet — is pretty cool.

And yet, it’s not really new: The first successful telesurgery took place in 2001, when a surgeon in New York removed the gallbladder of his 68-year-old patient in Strasbourg, France. “Operation Lindbergh,” as it came to be known, could have been the triumphant start of a global health innovation — but, in the years since, telesurgery has been hampered by slow advances in robotics and communication networks.

Today, doctors typically use robots to operate on a patient in the same room — and they do so using a secure, hardwired connection. Next-gen robots need to work on open networks — in war zones, at disaster sites, and on-call at other remote locations — but network and connectivity issues have been severely limiting. Until now.

The emergence of 5G has been a game changer for the field: Medical teams have an extremely fast network connection at their disposal — but this major advance brings with it major exposure, and now the threats posed by cyber attacks loom large.

Think about it: Assuming everything else in a procedure goes smoothly — the robot works as designed, the surgeon is confident and well-rested, and local staff are standing by — the network connection is a potential vulnerability. A cybercriminal infiltrating the software could dictate the robot’s movements — a breach with potentially fatal consequences. Incorporating security measures is critical to making telesurgery safe — and to promoting its widespread adoption.

To see just how precarious a telesurgery could be, engineers at the University of Washington (UW) tested an open source teleoperated robot, the Raven II. One group (the “surgeons”) set up the Raven II on a table and directed it to pick up and move blocks around while their colleagues (the “attackers”) used common cyberattack methods to disrupt the process.

The attackers were able to override or alter commands from the surgeons, making it difficult for the robot to perform simple actions like grasping the blocks. They also flooded the Raven II with trash data in a denial-of-service attack, resulting in jerky movements. In a real surgery where precision can mean life or death, this simulation exposed a serious risk factor. Finally, the offensive team triggered the robot’s emergency stop mechanism, halting the simulated surgery altogether.

The best way to guard against such attacks is to only perform a telesurgery across a completely secured private network — which, one could argue, minimizes the value of the invention. To address this, the team at UW is working on using machine learning to authenticate a user — the robot would be able to analyze the user’s interactions and create a unique “operator signature.” Along with human monitoring, we may yet be able to create a safeguard in which a surgery can at least be halted before an attacker can do fatal harm.

For the time being, researchers will continue testing and developing telesurgery until its safety measures are as robust and secure as a local procedure would be. In a world where everyone and everything is connected, technology advances are only as valuable as they are secure.

5 Ways Pharma Can Mitigate Third-Party Cyber Risks

June 7, 2023/in healthcare/by Website Administrator

Third-Party Vendors Are a Growing Cyber Risk for Pharma

Pharmaceutical companies regularly outsource critical business functions to third-party vendors. Outside companies are often responsible for research, product development and distribution, sales, and IT (to name a few) — and these third-party vendors pose an enormous cyber risk for pharma. Over half of all data breaches in 2021 were traced back to third-party vendors.

Pharmaceutical companies store valuable data on their networks, from patient information to sensitive data about patent filings. Attacking pharma through a third-party vendor — who has access to a company’s proprietary information and internal networks — is low-hanging fruit for cybercriminals looking for an easy payday. Even worse, the average cost to bring a new drug to market is roughly $1 billion. A cyber attack that delays the approval process — or puts approval at risk— can be enormously expensive.

Despite strict regulatory compliance requirements, a record number of pharmaceutical companies lost millions of dollars in data breaches last year. The average cost of a data breach in the pharmaceutical industry rose to $5.04 million in 2021 — nearly $1 million more than the average cost across all sectors.

Mitigate Third-Party Cyber Risks

Mega data breaches, supply chain attacks, and devastating ransomware regularly make the headlines, especially when the healthcare industry is under siege. By now, pharmaceutical security experts know many cybersecurity hygiene basics, like keeping software up to date, following zero-trust best practices, performing penetration tests, patching early and often, and educating employees, to name just a few.

But every pharmaceutical company should take additional steps to mitigate third-party risks and ensure a chain of trust with companies offering essential services in the supply chain. If an attack shuts down a critical system used in the approval process for a new drug, the financial consequences can be enormous. The best third-party vendors will take all necessary security measures to keep your company safe.

Here’s what you need to do to minimize risk:

1. Make a list of your vendors and update it regularly.

Keep a list of vendors — including the details of your business relationship and what data they access — complete with representatives’ names and contact information. This will make it easier to identify attacks (like phishing attempts disguised as your vendors or unauthorized data transfers). It will also help your IT team with investigations in the event of an attack.

2. Identify the risk factor for each third-party vendor.

Discuss the following topics with your vendors’ representatives to gauge their cybersecurity preparedness:

What cybersecurity measures are you taking? All pharmaceutical companies should be using encryption and 2FA, testing against potential attacks, employing least-privileged access, and performing routine employee awareness training and audits.
Do you use VPNs or desktop sharing tools? These tools pose potential security risks, creating vulnerabilities that cybercriminals can use to access your data.
Has your network been breached before? What was the outcome? It is important to know if a vendor has experienced numerous breaches.

3. Include cyber risk management in your contract.

Including cyber risk management in your contract may not prevent a breach, but it holds the vendor responsible for protecting your data — and encourages cybersecurity best practices.

4. Set up strong access control measures.

Pay close attention to the data you share with third parties — and limit access whenever possible. Enforce access reporting, auditing, and monitoring to keep all movement out in the open.

5. Create a clear incident response plan — and have your team role-play with realistic scenarios.

Your team’s first response to an incident shouldn’t be during the chaos of a devastating cyberattack. Identify exactly what your company will do in the event of a third-party data breach — and practice your response until you’ve covered all of your bases.

Pharmaceutical companies must stay vigilant and prepare for escalating cyber threats: It’s no longer a matter of “if” a company will be attacked, but “when.” Institute a third-party risk management plan, identify your weakest links, and safeguard your data today; it could save your company millions of dollars in the long run.

Should Hospitals Pay Off Cyber Terrorists?

June 7, 2023/in healthcare/by Website Administrator

What to Do After a Ransomware Attack

2020 and 2021 created a veritable gauntlet of misfortune for hospitals — overworked staff in overcrowded facilities working desperately to contain a highly contagious virus. Other viruses crept in, too: Ransomware infiltrated hospital networks across the U.S. in record numbers, profiting from internal chaos and adding havoc to already overtaxed systems. Even worse, cybercriminals show no signs of slowing down in 2022.

Operating at a Loss

Hospitals aren’t known for having robust cybersecurity defenses. They typically don’t have the budget, personnel, or bandwidth for modern security systems. But their internal systems are crucial to providing care: In a perfect world, they should experience 100% uptime — no system errors, no downtime — and be impenetrable. The risks are hard to overstate: Attackers with network access have the power to block access to vital patient data, disable life-saving alerts, trigger false alarms, halt procedures, and cause any number of otherwise avoidable disasters. Even a small network downtime is a crushing weight on already overburdened hospital staff.

Ransom: To Pay or Not to Pay

When it comes to the question of meeting the demands of ransomware, conventional wisdom lands on the side of “hard no”. Often, the argument is a variation of, “We shouldn’t negotiate with terrorists!” Most authorities, including the FBI, advise against paying a ransom. There is no guarantee that an attacker will keep their end of the bargain and return stolen data or give back system access. Some groups are also known to extort their victims for double or triple payments. But for hospitals, the stakes are undeniably higher than they are with a financial institution. Losing a client’s bank account credentials is one thing — losing a patient is another.

$50,000,000 Gone

In the fall of 2020, malware on an employee’s computer at the University of Vermont Medical Center (UVMC) led to a full-on cyber attack. The attackers included a file with information on how to contact them (a step UVMC opted not to take, assuming that further contact would only result in a ransom demand) in exchange for the tool to decrypt their infected files. The incident was estimated to have cost UVMC $50 million, mostly in lost revenue, and IT staff worked around the clock for a month to scrub their network systems. And this was a non-threatening attack, which only interfered with health records and payroll. Would it have been worthwhile to pay the ransom? Considering what’s at stake, what can a hospital do?

The Price of Paying

Over the last decade, some hospitals have opted to pay ransoms at an average of $131,000 in 2021. Obviously, this is much lower than the $50 million UVMC lost, but paying “reasonable” ransoms has led to another cost altogether: Now groups like FIN12 are attacking healthcare institutions more often, taking advantage of outdated security systems and threatening patients’ lives.

Though it may seem less costly and time-consuming on paper, giving in to an attacker’s demands is usually not the best method for dealing with ransomware. Authorities may advise a hospital to pay the ransom initially to spare patients at risk, but such a decision is not taken lightly and should not be made without guidance.

Ransomware Attack Next Steps

Step 1: Get help, fast, from an expert. Do not immediately pay the ransom or trust the cybercriminals.

Step 2: Isolate devices from the network, secure backups, and identify the source and goals of the attack to contain and minimize affected data.

Step 3: Report the attack to the FBI, state and local law enforcement, the Secret Service’s Electronic Crimes Task Force, the Internet Complaint Center, and the Federal Trade Commission. If your institution has cyber liability insurance, contact your insurance carrier.

Step 4: Though authorities may advise a hospital to pay the ransom to save a patient’s life, giving in to a cybercriminal’s demands does not guarantee decryption. Moreover, an attack’s success can lead to more incidents in the future. Follow your organization’s incident response plan — and weigh your options.

Be Proactive: Prepare For Future Attacks.

1. Always make backups of important documents, keep them off the network, and test your processes for restoring backups.

2. Assign staff to a cybersecurity response team.

3. Create and update an incident plan detailing what signs to watch for and how to react.

The Nauseating Truth About FIN12 for Hospital CISOs

June 7, 2023/in Malware Trends, healthcare/by Website Administrator

FIN12’s Ruthless Tactics Put Lives at Risk

FIN12 is an aggressive, ransomware-focused cybercrime group that specializes in targeted attacks on the healthcare sector. While many cybercrime groups will avoid hospitals, nursing homes, and 911 services — FIN12 has no reluctance.

Since 2018, FIN12 has actively targeted a range of businesses — making the group one of the most notorious big game hunters in cybercrime. Nearly 20% of their victims are in healthcare; 85% are in North America; and all boast revenues of at least $300 million. With no sign of remorse or morals, FIN12 stands in stark contrast to other cybercriminals: DoppelPaymer and Maze claim that they provide free decryption keys if they accidentally target a vulnerable group. FIN12 deliberately seeks them out.

A New Challenge For Hospital CISOs

No sector is safe from this group’s reach (they have also attacked government websites, schools, universities, and local municipalities), but their ruthless tactics pose a huge threat to healthcare. CISOs have to strategize for FIN12’s attacks — especially if long-distance treatments like telesurgery become more prominent, which will raise the stakes astronomically.

FIN12’s Brutal Methods

FIN12’s single-minded focus on ransomware deployment sets them apart. Their methods are ruthless — and brutally quick. By developing close partnerships with other threat actors who have already gained access to a victim’s network, FIN12 can creep in undetected and quickly deploy debilitating ransomware. Then, when access is securely locked down, they request a single large payout in Bitcoin. Their time-to-ransom (TTR) is incredibly short — the attack and payout all occur in 2 to 3 days.

To make their attacks more complex, FIN12 often overlaps toolsets and services to include backdoors, droppers, and codesigning certificates. The rise of remote work and relaxed home cybersecurity has made it easier for them to access remote logins — paving the way for their attacks.

A Reason to Pay Ransom

FIN12 is in it for the money — not for the data. Since they solely encrypt or block access to data instead of exfiltrating it, there’s an incentive for hospitals to pay up, get systems running, and save lives. Without the threat of corrupted data or exposed personal identifiable information (PII), their victims have reason to believe that they won’t be extorted or left behind without restored access. Additionally, FIN12 has a reputation for taking payment and moving on — another reason used to justify random payments.

A Stronger Defense

Along with updating security processes, procedures, and systems — the no-brainer basics — educating healthcare personnel on cyber security best practices helps prevent attackers like FIN12 from gaining a foothold. In most cases, mismanaged credentials and privileges lead to a breach: Many successful attacks began with a mere phishing email.

Enacting safety standards such as prohibiting personal use of company devices, using multi-factor or adaptive authentication, and keeping OS and antivirus software up to date can go a long way in preventing threats from getting in.