# Healthcare Providers and Hospitals Under Ransomware's Siege
Source URL:     https://www.darkreading.com/edge-articles/healthcare-providers-and-hospitals-under-ransomware-s-siege
Date:           20221228T1700

While ransomware groups have not spared any industry, attackers have put
the healthcare sector at the top of their preferred targets. The surge
in hospitals falling victim to breaches has raised concerns among
regulators and government officials who have moved to push through new
policies and legislation.

CommonSpirit, one of the largest nonprofit healthcare systems in the US,
posted a [privacy breach notice][1] on Dec. 1, warning that 623,774
patient records were exposed after a breach on Sept. 16. The nationwide
network of 140 hospitals and over 1,000 care facilities in 21 states
confirmed that ransomware attackers accessed the patient records, but
said there is currently no evidence that personal information was
misused. The potentially affected patients were those treated at
CommonSpirit’s Franciscan Medical Group and Franciscan Health in
Washington. The four hospitals are now known as Virginia Mason
Franciscan Health, a CommonSpirit affiliate.

The current spike builds on [last year's 35% increase in overall
attacks][2] on healthcare providers compared with 2020, according to
Critical Insight, a managed detection and response (MDR) service
provider. According to Critical Insight, cyberattacks on healthcare
providers affected 45 million individuals last year, compared with 34
million in 2020 and 14 million in 2018.

In October, the FBI Internet Crime Complaint Center (ICA) reported that
among 16 critical infrastructures, the healthcare and public health
sector accounts for [25% of ransomware complaints][3]. The US Department
of Health and Human Services (HHS) in April issued a [warning about
Hive][4], an aggressive ransomware group that has targeted healthcare
organizations.

The HHS Health Sector Cybersecurity Coordination Center (HC3) noted that
Hive is known to have been in operation since June 2021, and "in that
time has been very aggressive in targeting the US health sector."

Another recent hacker group to emerge that is targeting healthcare
providers with ransomware is Daixin Team. In October, HHS joined the
Cybersecurity and Infrastructure Agency (CISA) and the FBI with an
advisory warning that [Daixin Team][3] is actively pursuing healthcare
providers with ransomware that uses Babuk Locker, source code that
encrypts files in VMware EXSi servers.

Daixin Team's ransomware encrypts healthcare providers' electronic
health records, diagnostics, imaging, and intranet services, according
to the advisory. The group has also exfiltrated personally identifiable
information (PII) and patient health information (PHI) and has extorted
ransoms by threatening to release that data.

## Impact of Ransomware on Healthcare

During the [Disruptive Innovators][5] CIO Forum in New York earlier this
month, a conference focused on emerging technology for the healthcare
industry, a panel discussion addressed the surge in ransomware.
"Ransomware is now probably the No. 1 security issue for most healthcare
organizations today," said Christopher Kunney, SVP of digital innovation
at Divurgent, an IT advisory firm for healthcare organizations.

Kunney, one of the panelists, warned ransomware will remain a growing
threat in healthcare "as we expand the footprint outside the four walls
of the hospital and we look at things like virtual care, and other
technologies that can now sit on top of our network infrastructure."

Saket Modi, who moderated the panel and is co-founder and CEO of Safe
Security, noted that one of the [first known deaths][6] attributed to
ransomware, a newborn in Alabama, occurred last year. "A ransomware
attack is no longer just financial and reputational; it can have an
actual impact to the life of people," Modi said. Besides the risk of
data exfiltration, ransomware attacks are a risk to the delivery of
patient care, especially when attackers access systems responsible for
keeping patients alive.

"We have to realize that cybersecurity isn't just about data security;
it's also a matter of life and death," added Michael Archuleta, CIO of
Mt. San Rafael Hospital and Clinics in Trinidad, Colo.

Noting that COVID forced healthcare providers to accelerate their
digital transformation efforts in recent years, many organizations
haven't adequately addressed the security risks associated with the
implementation technology and systems that are now accessible.

"We're living in the digital age of healthcare, and we need to start
incorporating initiatives technology outcomes that better enhance our
overall experience and better enhancing patient outcomes, but also keep
secure the entire organization moving forward," Archuleta said.

## Healthcare Cybersecurity Act of 2022

Looking to stem the mounting attacks, Rep. Jason Crow (D-CO) sponsored
the Healthcare Cybersecurity Act. The bill, introduced in September,
would require CISA to collaborate with HHS to improve cybersecurity in
the healthcare industry.

According to [the bill's summary][7], CISA and HHS would provide
resources "including cyber-threat indicators and appropriate defense
measures, available to federal and nonfederal entities that receive
information through HHS programs."

The bill also calls for CISA to provide cybersecurity training and
remediation strategies to those who own or provide health care services.
Archuleta, the CIO of Mt. San Rafael Hospital and Clinics, said that
[91% of targeted ransomware attacks][8] came from phishing emails
directed at employees, many of whom haven't received adequate training.
"We are not focusing on developing a human firewall within our
organization," he said.

Meanwhile, Senator Mark Warner (D-VA) published a [policy options white
paper][9] that details existing cybersecurity threats and potential
responses from the federal government. The paper draws on Warner's staff
and cybersecurity experts' research and a broad set of options for the
federal government to collaborate with healthcare providers to improve
their cyber protection capabilities and a blueprint for recovering from
attacks.

"The healthcare sector is uniquely vulnerable to cyberattacks, and the
transition to better cybersecurity has been painfully slow and
inadequate," Warner [said in a statement][10]. "The federal government
and the health sector must find a balanced approach to meet the dire
threats, as partners with shared responsibilities."

  [1]: https://www.commonspirit.org/update
  [2]: https://www.criticalinsight.com/resources/news/article/critical-insight-finds-35-percent-increase-in-attacks-on-health-plans-in-2021-end-of-year-healthcare-data-breach-report
  [3]: https://www.darkreading.com/attacks-breaches/ransomware-barrage-us-healthcare-sector-feds-warn
  [4]: https://www.hhs.gov/sites/default/files/hive-ransomware-analyst-note-tlpwhite.pdf
  [5]: https://disruptiveinnovators.io/conference/
  [6]: https://www.washingtonpost.com/politics/2021/10/01/ransomware-attack-might-have-caused-another-death/
  [7]: https://www.congress.gov/bill/117th-congress/house-bill/8806?r=5&s=1
  [8]: https://www2.deloitte.com/my/en/pages/risk/articles/91-percent-of-all-cyber-attacks-begin-with-a-phishing-email-to-an-unexpected-victim.html
  [9]: https://www.warner.senate.gov/public/_cache/files/f/5/f5020e27-d20f-49d1-b8f0-bac298f5da0b/0320658680B8F1D29C9A94895044DA31.cips-report.pdf
  [10]: https://www.warner.senate.gov/public/index.cfm/2022/11/warner-releases-policy-options-paper-addressing-cybersecurity-in-the-health-care-sector#:

You are viewing proxied material from tilde.team. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.