Caleb Barlow Discusses Healthcare Industry Ransomware Attacks and Measures to Prevent Cybercrimes


Welcome to the healthcare policy podcast on the host David Intra Cosso. This podcast discussed cybercrime or ransomware attacks against hospitals and other healthcare providers with Collab- Barlow CEO Synergistic Tech this barlow welcome to the program. Hey pleasure to be here. David. Mr Biles vile is, of course, posted on the podcast website. On background computer or cybercrimes against healthcare providers, more of a hospitals, disabled computer networks holding them for ransom. Frequently for Bitcoin fee, the tax have been prevalent since at least two, thousand and ten. This past month however, universal health services with over four hundred locations. Over in the US suffered a cyber attack disabling it's company wide computer network causing some it's hospitals to revert to pen and paper recordkeeping also last month the first known death. Resulted from a ransomware attack in Germany when a patient did not survive transferred to another hospital. Though a twenty nineteen hhs report found between twenty, twelve and sixteen. Hospital deaths increased after ransomware attacks. Earlier this month covid nineteen VACs. A covid nineteen vaccine trial was delayed by more attack or at least one. Likely. The most costly ransomware attack was to the UK's national health service in seventeen that amounted to an estimated one, hundred, twenty, million in it costs and lost productivity. ransomware attacks are on the increase especially amongst small hospitals, particularly vulnerable to phishing attacks, lasting upwards of tumor weeks because of their lean or inadequate security support. As Josephine Wolf noted in October Seventeen New York Times editorial quote Unquote cybersecurity shortcomings in the healthcare sector needs to be addressed now. More than ever when medical care is increasingly being offered via remote online formats. In twenty twenty states introduced more than two hundred and eighty cybersecurity related bills enacting several related to task forces or commissions training. Cybersecurity insurance in criminal. Penalties. The US Senate and House passed seven cybersecurity bills whoever not specifically addressed the healthcare industry and none became law. With me again and discuss healthcare cybersecurity is synergise texts, CEO. COLLAB- Barlow so club with that. As background LET'S START WITH A. Primer Info. I've read these ransomware products. in part are. Titled or named Wannacry Laki Win Plock encrypt locker. Are some these known ransomware product. So my question is, how do these encrypt clinical data and to what effect? So. So basically, what happening if you look at ransomware incident is a you know a narrow will gets access to a network and that could be as simple as grabbing somebody's credentials. You know maybe you were on a retail site, use the same credentials you used at work that retail site was compromised and There are many locations on the dark web that will. Sell compromised credentials or could have been through a phishing attack once the bad guy is into the network then there's two primary things that they're looking to do first is to move laterally. They WANNA get as much access across the networks they can, and there are a variety of tools that they'll deploy. They will actually help them harvest additional credentials once they've got a beachhead. On, the network in addition to harvesting new credentials and kind of moving lateral or what we call lateral movement. The other thing that are going to do is to try to elevate their privilege. So going from maybe an administrator or you know a nurse and triage and maybe getting access to their credentials, they're going to try to work their way up to a network. Administrator or someone that controls access to the whole domain once they've been able to get in and move their tentacles around the organization, then they're going to deploy their payroll, which is one of several of the tools that you mentioned will allow them to then lock things up effectively what these tools, our cryptographic tools, and they basically take the entire hard drive at the device. Scramble it and lock it up with a cryptographic key. What we've seen of late is the bad guys oftentimes insert a new step just before scrambling data, locking it all up in that the exfiltrated lot of it, and they're using that to increase their chances of getting paid by potentially threatening to. The organization by releasing that data if they don't pay ransom. Okay. Thank you so. I in my reading. It's uncertain Saul. Asked you this question? What's your understanding? How frequently? Is this occurring in the healthcare sector? Oh, it's every day I mean literally every single day because you got to remember what you read about in the news is only a very small fraction of what's actually going on even though technically speaking ransomware incident is as far as I'm concerned reportable incident because you gotta remember if the bad guy had enough access to walk up your data, they had the same level of access needed to read the data and they actually in many cases had the same level access needed to change the data. So the problem is you've actually lost control of that system when you've had a ransomware incident. I. So that was that was a question I did have. Other than. Possibly, making this data public and you know healthcare data's is is is confidential proprietary, of course. What do they typically do this data other than hold it hostage? Well remember, this is a organized crime. It is a volume organization you're dealing with a human on the other end and that human is organized right. You're not the only target, their targeting dozens of organizations at the same time in many cases are teams of thirty individuals and you know there's a breakdown on that team there's a project manager of a boss. There's people that are responsible for getting access. There's people that are responsible for moving laterally people responsible for elevating credentials and people are responsible for negotiating. Once walked up system

Coming up next