Caleb Barlow Discusses Healthcare Industry Ransomware Attacks and Measures to Prevent Cybercrimes
On background computer or cybercrimes against healthcare providers, more of a hospitals, disabled computer networks holding them for ransom. Frequently for Bitcoin fee, the tax have been prevalent since at least two, thousand and ten. This past month however, universal health services with over four hundred locations. Over in the US suffered a cyber attack disabling it's company wide computer network causing some it's hospitals to revert to pen and paper recordkeeping also last month the first known death. Resulted from a ransomware attack in Germany when a patient did not survive transferred to another hospital. Though a twenty nineteen hhs report found between twenty, twelve and sixteen. Hospital deaths increased after ransomware attacks. Earlier this month covid nineteen VACs. A covid nineteen vaccine trial was delayed by more attack or at least one. Likely. The most costly ransomware attack was to the UK's national health service in seventeen that amounted to an estimated one, hundred, twenty, million in it costs and lost productivity. ransomware attacks are on the increase especially amongst small hospitals, particularly vulnerable to phishing attacks, lasting upwards of tumor weeks because of their lean or inadequate security support. As Josephine Wolf noted in October Seventeen New York Times editorial quote Unquote cybersecurity shortcomings in the healthcare sector needs to be addressed now. More than ever when medical care is increasingly being offered via remote online formats. In twenty twenty states introduced more than two hundred and eighty cybersecurity related bills enacting several related to task forces or commissions training. Cybersecurity insurance in criminal. Penalties. The US Senate and House passed seven cybersecurity bills whoever not specifically addressed the healthcare industry and none became law. With me again and discuss healthcare cybersecurity is synergise texts, CEO. COLLAB- Barlow so club with that. As background LET'S START WITH A. Primer Info. I've read these ransomware products. in part are. Titled or named Wannacry Laki Win Plock encrypt locker. Are some these known ransomware product. So my question is, how do these encrypt clinical data and to what effect? So. So basically, what happening if you look at ransomware incident is a you know a narrow will gets access to a network and that could be as simple as grabbing somebody's credentials. You know maybe you were on a retail site, use the same credentials you used at work that retail site was compromised and There are many locations on the dark web that will. Sell compromised credentials or could have been through a phishing attack once the bad guy is into the network then there's two primary things that they're looking to do first is to move laterally. They WANNA get as much access across the networks they can, and there are a variety of tools that they'll deploy. They will actually help them harvest additional credentials once they've got a beachhead. On, the network in addition to harvesting new credentials and kind of moving lateral or what we call lateral movement. The other thing that are going to do is to try to elevate their privilege. So going from maybe an administrator or you know a nurse and triage and maybe getting access to their credentials, they're going to try to work their way up to a network. Administrator or someone that controls access to the whole domain once they've been able to get in and move their tentacles around the organization, then they're going to deploy their payroll, which is one of several of the tools that you mentioned will allow them to then lock things up effectively what these tools, our cryptographic tools, and they basically take the entire hard drive at the device. Scramble it and lock it up with a cryptographic key. What we've seen of late is the bad guys oftentimes insert a new step just before scrambling data, locking it all up in that the exfiltrated lot of it, and they're using that to increase their chances of getting paid by potentially threatening to. The organization by releasing that data if they don't pay ransom.