Skip to content

Why Is the Healthcare Industry the Most Likely To Pay Cybercriminals for Ransomware Attacks?

Times are looking more brutal than ever for one of the world’s most critical industries. Ransomware attacks are skyrocketing, and healthcare organizations are increasingly cut off from much-needed cybersecurity insurance.  

But just how bad is the situation? A recent Sophos survey found that 66% of healthcare organizations were hit with a ransomware attack in 2021, up from 34% in 2020. Perhaps more alarming, healthcare organizations pay the ransom most often compared with other sectors (just over 60% compared with a cross-sector average of 46%. So, what’s going on here? Why is healthcare most likely to pay up in ransomware cyber-attacks? 

Why Do Cybercriminals Target Healthcare Organizations?

Healthcare organizations are a lucrative target for cybercriminals because medical records are a treasure trove of sensitive information. The Health Insurance Portability and Accountability Act (HIPAA) classifies various patient information, including Social Security Numbers, contact information, credit card information, and more, as protected health information (PHI). And PHI is one of the most valuable types of data out there.  

Beyond PHI’s higher selling price, healthcare organizations are more likely to be targeted with a ransomware cyber-attack because they’re more likely to pay the ransom. But why? 

Holding Someone’s Life in the Balance

Here’s the bottom line. We all understand why paying the ransom is bad; it feeds the hackers and incentivizes them to continue hacking, making the problem worse for all. However, not paying the ransom isn’t so simple in reality.  

In some industries, data provides a competitive advantage, but in healthcare, losing access to critical data and systems can put patients’ lives in danger. Or in other words, healthcare organizations aren’t blind to the ethical issues with paying ransoms, but getting their services back online quickly is often their top priority. When you consider that the average downtime a company experiences following a ransomware attack is 7-21 days, it’s not hard to see why healthcare companies cave to pressure.  

Medical Devices Can Present an Easy Entry Point for Ransomware Attacks

The healthcare security landscape is made increasingly complex with medical devices and The Internet of Medical Things (IoMT). Medical devices like insulin pumps, wearable biosensors, smart thermometers, and other remote patient monitoring technology play an increasingly vital role in the industry. However, these new devices open up worrying new entry points for attackers.  

As a relatively new industry, IoT still lacks strong security guidelines that help govern and secure other types of tech. At the same time, security is often not the primary concern in the development of new IoT and IoMT devices. Why? Because manufacturers want to maximize functionality while working with limited compute and hardware, which leaves minimal space for robust security and data protection measures.   

More often than not, these devices don’t store patient data. However, attackers can leverage these devices to gain access to other network resources, like a server that does hold sensitive data. Once attackers gain access to the network, they can exfiltrate data or, increasingly, install costly ransomware.   

Beyond IoMT, other complexities of the healthcare IT environment can leave healthcare companies vulnerable to cyber-attacks. For example, the need for efficient and widespread access to critical patient data across systems means two-factor authentication and zero trust defenses aren’t always feasible. 

An Increase in Ransomware Attacks is Making it Harder to Get Cybersecurity Insurance

Ransomware attacks are on the rise, healthcare IT environments are more complex than ever, and the cybersecurity skills gap puts in-house cybersecurity teams under immense pressure. With this dire picture in mind, healthcare organizations increasingly turn to cyber insurance to protect their vital assets and minimize cyber-attack damage. But there’s a problem – obtaining coverage is becoming more challenging.  

The Sophos report found that 51% of respondents said the level of cybersecurity needed to qualify for cyber coverage is now higher than in the past. At the same time, cyber insurance is becoming increasingly expensive.  

Ransomware attacks are a significant cause of changes we’ve seen in the cyber insurance market in recent years. Ransomware is now the largest driver of cyber insurance claims, and with attacks increasing, ransom payouts have soared. As a result, many cyber insurance providers have found themselves unable to keep up and have left the industry altogether. The ones that remain are changing their limits, coverage, and pricing to manage the increased risk.   

This has led to a seller’s market, where the dwindling number of providers hold all the power. They can charge what they want and be selective about who gets coverage. And unfortunately, many healthcare organizations aren’t meeting the selection criteria.  

Equally concerning is threat actors’ monitoring of cyber insurance companies’ relationships. According to Reuters, some ransomware attack check whether potential victims have policies that make them more likely to pay the ransom.  

However, the competitiveness of the cyber insurance market does seem to be having some positive effects. For example, over 95% of healthcare respondents said they have made improvements to their cyber defenses to boost their cyber insurance prospects. For example, nearly half of the covered respondents implemented new security processes and increased staff training.  

Despite the concerns surrounding cyber insurance, it’s crucial that healthcare organizations understand that cyber insurance isn’t a band-aid for weak cybersecurity. Instead, healthcare organizations need to deploy robust cybersecurity defenses that grant a speedy recovery from a cyber-attack, as well as backups and endpoint detection and response solutions.  

Wrapping Up

The healthcare industry has had a tough few years with COVID-19, rising staff shortages, increased demand for telehealth, and a constant onslaught of ransomware attacks. If the healthcare industry wants to lose its number one spot as the industry most likely to pay ransoms, it needs to take a more rigorous approach to cybersecurity. The cybercriminals will stop trying (or trying in colossal numbers) when the work becomes too hard and the reward too low. As it stands, healthcare is the low-hanging fruit for cybercriminals in 2022.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

How to Choose a PAM Solution?

PAM was voted the #1 cybersecurity project by Gartner for two years in a row.

This is because it is a strategic measure to choose a PAM solution as a tool to promote cybersecurity in organizations, which allows one to control privileged access for users, accounts, processes, and systems in an IT environment.

In practice, PAM involves a number of capabilities, with the main goal of ensuring the application of the principle of least privilege, according to which each user must have only the necessary access to perform their activities.

In the next topics, we will show you what you should do to choose a PAM solution that is ideal for your business. Keep reading our article.

Follow Technology Events

Following technology events is a way to stay on top of key trends related to information security and know what are the best PAM solution providers.

Between August 22 and 24, Gartner Identity & Access Management will be held in Las Vegas, with experts sharing information on PAM and many other things.

In addition, other enlightening events are planned for 2022 and 2023, including RSAC 2022, Defcon, Red Hat, and the European Identity and Cloud Conference.

Check What the Market Reports Have to Say

Another way to know which PAM suppliers are reliable and offer an efficient solution is through market reports, which bring up-to-date data to buyers.

In this sense, Gartner shares relevant information about the main PAM solutions available, as well as KuppingerCole Analysts, Forrester, Quadrant Solutions, and ISG, among others. 

Talk to Resellers

PAM resellers are also often trusted sources and recommend the best tools for their customers. Considering that resellers also deal with several customers and can understand better than most the real pains of companies of different sizes and verticals, it is worth questioning them about how to choose a PAM solution that best suits your needs. 

Search on Websites

Some websites may provide interesting information about the PAM solutions available on the market. You can, for example, check reviews on Google or search for posts on information security pages, such as The Hacker News and HelpNetSecurity.

Join Cyber Groups

Finally, it is possible to learn from the experience of others who have hired these solutions. Just join cyber groups on LinkedIn, MeetUp, WhatsApp, Slack, or IRC and ask which PAM solutions have brought the most benefits to users.

Conclusion

In this article, we have shown you the importance of PAM and what you should do to choose a PAM solution that is ideal for your company. Did you like our content? Then share it with someone. 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

OWASP Top 10 – Cryptographic failures

OWASP stands for Open Web Application Security Project. It is a non-profit organization whose mission is to improve software security. It is based on an “open community model,” thus, anyone can participate. 

The OWASP community is well-known; I also refer to them in some of the articles I wrote.

OWASP started to publish a top 10 list of vulnerabilities way back in 2003. Since then, the list is updated every two or three years. The latest list was published in 2021. At the end of this article, I will provide a list of important pages on OWASP’s site.

By OWASP definition: The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

And, of course, as you can guess, this list is created by the community of developers specializing in security risks.

OWASP Top ten 2021 vulnerabilities:

  • Broken access control
  • Cryptographic failures
  • Injections
  • Insecure design
  • Security misconfigurations
  • Vulnerable and outdated components
  • Identification and authentication failures
  • Software and data integrity failures
  • Security Logging and monitoring failures
  • Server-Side Request Forgery (SSRF)

I will not focus on historical differences within the OWASP top 10. However, I wanted to mention that the difference between new versions of the list is mainly in categorization (often in adding new categories as new malicious attacks emerge), renaming, changing scopes, etc.

In my previous articles, I already covered some of the vulnerabilities from the OWASP list. In this article, I am going to focus more on Sensitive Data Exposure which is now known as Cryptographic failures. Now the focus of this category is cryptography failures that lead to sensitive data exposure.

Sensitive Data Exposure

When web applications accidentally expose sensitive information that should not be public, that vulnerability is called “Sensitive Data Exposure.” By sensitive data, I mean the data which should be protected by the GDPR. This includes personal data such as name, date of birth, credit card numbers, and even usernames and passwords. Unfortunately, if the website’s security is poor, sometimes, data can be found on the web server. But often, it is a case where attackers would perform the “man in the middle – MiTM” technique to try to hijack sensitive data.

This attack happens when the attacker places themself between the user and the web application. They would make a fake site, so the user thinks they went to their desired site but were redirected to the attacker’s fake site. Or for example, the attacker intercepts messages between the user and the server and gains control of that conversation. Basically, they control the flow of the request and the responses.

Exposing flat-file database

The database is often used to store all kinds of data, including sensitive data.

For this example, we will consider a small web application whose database is saved is saved as a single file on the disk of a computer (server).

The most common database engine used for this database type is SQLite.

In this case, the attacker would need to navigate and find the location of the database and then download it. They would then have access to the data in the database and could query it to get the results. Of course, it will probably not be easy if the data is encrypted, but the attack becomes a lot easier if the attacker downloads the database and has the file saved locally.

In one of my articles, I described one technique-Path Traversal, which attackers are using to navigate to a certain file. Check it out! I will not describe how to find the file and download it; if you read the mentioned article, you will have an idea about how it is done.

So, we are on the step when we download the database, and now, we want to check out the results in it.

As I mentioned, in this example SQLite queries are used. You can check out select and distinct syntax with SQLite here.

For example, if you are using Kali, sqlite3 is installed by default, so you can just refer to the man pages.

To access the database, you would issue a command like this:

sqlite3 targetDB

to see the list of tables:

.tables

To check out table info for the table:

PRAGMA table_info(users)

More info about pragma statements on this site.

Check out all user’s info:

SELECT * FROM users

Then, if the passwords are stored in this database, they would probably be hashed, and the next step would be to use some tool to crack the hash, for example, John the Ripper, Hashcat, or some other password-cracking tool.

When the attacker gets to the password, it is the beginning of the game for them! And the end of the game for the user.

Prevention steps Sensitive Data Exposure

When deciding on the storage type, it is very important to remember that you shouldn’t store sensitive data that is not required (store the least amount of data). If you need to store it, first figure out the safest location to store it and how to prevent the leakage of sensitive data.

When you store the data, you must encrypt it! I found this site you can check out if you are working with ASP .NET CORE and want to see how to encrypt/decrypt data using the interface IDataProtector!

Before you store the data, it should be safe at all times, especially in transit! For safe transit, use TLS, which would enable secure communication. If you are using ASP .NET check out how to enable TLS on this blog.

As I mentioned before, attackers often use the “man in the middle” technique; because of that, you might want to consider setting up something like HSTS(HTTP Strict Transport Security). If you are familiar with and want to use Angular to implement HSTS, there is a brief explanation on their official site.

While I mentioned ASP .NET and HSTS, if the application is in production you can modify startup class(or Program.cs if it is .NET 6)to use UseHttpsRedirection(HTTPS Redirection Middleware) and a also UseHsts(HSTS Middleware). If you want to use the mentioned Middleware, check out the official site!

Conclusion

I wanted to show you how many vulnerabilities from OWASP’s Top 10 list we covered through the previous articles and how many are left to be covered.

In the end, secure code is the cheapest code!

OWASP pages related to the topic:

Cover photo by Brett Jordan

#owasp #cryptographic-failures #top10

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

IT monitoring reduces the workload of retailers by about 30%

Food retailers reduce the workload accumulated by their IT areas by almost 30% thanks to monitoring.

Controlling data and extensive information from the whole company, by controlling, supervising and ordering everything through the same system, allows to reduce the times of action in the face of possible errors and failures, improves resource management and organization and increases the effectiveness of the business activity.

In addition, monitoring saves costs.

IT monitoring and retailers, what you need to know

Large food distribution firms carry out continuous processes to guarantee the supply of products on the shelves, so the volume of information generated by executing these tasks throughout the day is remarkable. 

If you add to that amount of data the diversity of systems in the IT structure with which retailers work on a daily basis, the route to obtain valuable, clear and practical information becomes even more complicated. 

The difficulty is greater if, in order to analyze these data, there are unqualified personnel without the support of a reliable platform to make their work easier.

This situation highlights that the fact of not having a monitoring system multiplies the actions necessary to obtain information on the activity of the technological structure of the company or the state of each of its facilities:

This slows down a company’s power to act and its ability to react. 

That, after all, translates into a loss of value both economically and in terms of performance, especially concerning the area of human resources.

What do we achieve with monitoring in the retail sector?

Through monitoring, it is possible to access, even remotely, the entire IT structure of a company. 

That is, by means of a central console you may organize and control an entire technology park. 

This, despite being able to present a heterogeneous panorama with a wide diversity of systems that sometimes do not support each other, goes under the command of a monitoring system by which it can be accessed.

Monitoring makes it possible to replace an existing system and it is also capable of coexisting with others. 

The kind of flexibility that is essential in the sector, because it allows to integrate new stuff to the existing system. 

This observability implies the ability to bring together all data sources and provide useful information for the company. 

The more complex IT systems are, the more important it is to simplify their monitoring.

That way, servers from different operating systems can be monitored by the same controller. 

And in turn, every time an error is detected anywhere in the park, the information can immediately reach those responsible, shortening the reaction time and anticipating more serious internal operating situations.

Monitoring, in addition to making control and error anticipation easier within the company’s performance, it also helps to find out aspects as simple as the state of the toner of a series of printers, or the time workers clocked in. 

Monitoring companies ends up leading to cost savings and service improvement.

Thanks to appliying monitoring systems, retailers in the food sector acquire a tool that enhances the control of the technological infrastructure that guarantees the traceability of their products throughout the distribution chain; from its origin to its arrival to the final customer or to sales establishments. 

In addition, the implementation of this data technology allows monitoring the status of the systems from a centralized position and anticipating breakdowns and errors, saving workload and improving delivery times.

In the food market there have already been companies that have opted for this development of their structures. 

An example of this is Fripozo, belonging to the Fuertes Group, which implemented a monitoring system thanks to its agreement with the Spanish company Pandora FMS

As a result of this adaptation, it achieved higher responsiveness to any system failure that could affect the control and distribution of deep-frozen food.

In this particular case, one of the concerns for the company was to achieve some degree of flexibility. 

That is, that something specific could be monitored without this involving a large investment of time and local resources without external intervention. 

Fripozo, after this association with Pandora FMS, managed to reach that goal.

In addition to Fripozo, other distributors such as Salvesen Logistics have also confirmed operational improvements after monitoring their IT structure. 

The company, which like Fripozo took its chances on the Spanish Pandora FMS, came to reveal a reduction of 24% of the workload of its IT area. 

As revealed from their organization, the attention that was constantly paid to the health of the system was focused on improving services and products.

The sector, with more and more competition, is devoted to a necessary organization of the internal data that are produced throughout the same day in a company. 

Any mistake can lead to a chain failure, a misuse of their own resources and a point in favor of competition in the market.

The monitoring carried out by systems such as Pandora FMS represents clear economic savings for companies that implement it in their IT infrastructure. Reaction times to any failure are shorter and therefore have less impact on the company. But, in addition, internal processes have also been improved as different business models have been discovered“,

explains Sancho Lerena, CEO and founder of Pandora FMS.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×