Connect with us

Health Care

From Ransomware to RansomOps: What You Need to Know About the Newest Threat




You might not be aware, but ransomware no longer is operating as it always has. Sometimes it’s not the usual automated sweeps of malware that can be more easily recognized and stopped.

Instead, there now are targeted, human-driven operations where cyber criminals function in a similar way to legitimate software-as-a-service companies. These groups are sophisticated, methodical and unpredictable. This kind of attack is called RansomOps.

To help healthcare CISOs, CIOs and other security leaders get a handle on these new types of attacks, Healthcare IT News interviewed RansomOps expert Chris Fisher, director of security engineering at cybersecurity firm Vectra APJ.

Fisher describes what RansomOps is, the damage it can do, steps that can protect against it, and how to explain the danger to the rest of the C-suite and the board.

Q. Healthcare CIOs and CISOs all know what ransomware is. What is RansomOps and how does it work?

A. Ransomware has evolved from simple malware, which was targeted at individuals with small payments, to a very organized service model that’s reminiscent of modern day software businesses.

RansomOps speaks to the move away from traditional malware, which is delivered in a much more predictable and automated manner, to what can be described as ransom-as-a-service. In this case, core operators, such as BlackMatter, Conti or REvil, provide the tools and the payment collections services with affiliates that will do the targeting and compromise the network.

It’s crucial to note that this model is driven by human attackers and isn’t scripted malware as it once was, as evidenced by the Conti attacker playbook that was leaked. This means humans are using attacker tools to move laterally within an environment, specifically avoiding modern security tools to increase their chance of success.

This approach also renders traditional signature-based tools ineffective as the attackers can think on their feet and pivot throughout networks in different ways. These attacks also are much quicker than traditional ransomware attacks.

We have seen RansomOps affiliates move through networks at great speed, with ranges of 8-30 days from initial compromise to encrypting a business. Another difference is that these RansomOps attacks move beyond regular ransom to extortion, with the attackers threatening to leak business data if the ransom is not paid.

The pandemic has led to the huge adoption of cloud, and alongside this we’ve seen RansomOp affiliates looking at new ways of targeting via public cloud platforms such as AWS and Azure. This provides attackers an opportunity to move from initial access to ransom at even faster rates than the already quick 8-30 days. In fact, these attacks can be completed within a day.

Q. What kind of damage can ransomware ops do to a healthcare provider organization?

A. We have seen the impact of ransomware in all verticals; however, the impact when it comes to healthcare has been significant. In the U.S., for instance, the Universal Health Services incident resulted in more than 400 healthcare providers being unable to access electronic records and numerous hospitals and medical facilities severely impacted.

In New Zealand, the Waikato Health District incident, which impacted 680 computer services, led to worrying delays in patient care and COVID-19 testing results, and critically ill patients having to be transferred to other hospitals.

We’ve also witnessed the very unfortunate events in Germany, where a patient lost their life in a Dusseldorf hospital due to ransomware. In the first half of 2020, a total of 22% of all Australian data breaches were in the health sector, according to government data.

When the ICT systems of Eastern Health in Melbourne were attacked by hackers, the incident resulted in significant disruption, including the cancellation of elective surgeries and huge stress on staff and patients.

The impacts of ransomware to critical infrastructure are real and can have devastating long-term effects. I believe this is one of the top drivers to legislation around the world stepping up protection for critical infrastructure.

This legislation highlights that governments are looking to take a more proactive response from law enforcement on these criminals to minimize the fallout of these attacks, and ensure patients get the care they need while staff have access to the services and tools of their trade.

Q. What steps can health CIOs and CISOs take to protect their organizations against RansomOps?

A. With all things in cybersecurity, there is no silver bullet. However, as a starting point, organizations need to have a strong cyber resiliency policy.

To achieve this, there needs to be a mindset shift from “if” we get compromised to “when” we get compromised. Once this mindset shift has occurred, then the policy needs to consider people, processes and technology, ensuring security teams have clear visibility of all assets on the network, including cloud and data center infrastructure.

This visibility is key to mapping out the attack surfaces that the organization is exposed to, and will help guide process, technology choice and people required to secure your organization.

Organizations also must invest in training all of their staff on cybersecurity, not just once but continuously to make sure they’re ready for when they see that phishing email come into their mailbox.

Practicing how the organization will respond to a ransomware incident through tabletop exercises with all senior staff and board members is an effective method. This will outline the responsibilities that the business has to securing itself for when these incidents occur, and ultimately speed up response times in an actual event.

From here a strong security architecture is required. Organizations need to have the ability to monitor across the cloud, data center, Internet of Things devices and enterprise networks, as well as having the ability to carry out real-time attacker detection and prioritizing detected threats.

This requires organizations to automate security analyst work and provide visibility inside the network. This may look like security teams augmenting with AI-derived machine learning models, as advanced technologies can more effectively function at a speed and scale beyond traditional methods.

Overall, organizations need to establish a company culture that understands risk, and then implement mitigating technology controls backed by procedures on how to identify, respond and recover from cyber incidents such as RansomOps.

Q. How do CIOs and CISOs talk to the rest of the C-suite and the board about the threat of RansomOps?

A. This is where we have seen huge progress in the last few years, as ransomware has become a board-level topic.

I believe that like all cybersecurity reporting, we need to have an approach that provides solid metrics at a business level, not a technical level. I have seen all too often that we tend to report technical metrics that the board doesn’t understand or are not relevant to broader business objectives, when in fact these issues do have a significant and negative impact.

On this note, the statistics and stories that are making headlines speak volumes. There’s no denying that these attackers are becoming better at infiltrating and taking down businesses and operations from the inside, and this is only extending as organizations adopt cloud services.

For instance, according to an annual report on global cybersecurity, there were a total of 304 million ransomware attacks worldwide in 2020, marking a 62% increase from a year prior and the second highest figure since 2016.

Not only that, but numerous reports cite those attacks are rising in cost, frequently reaching the million-dollar mark. The C-suite and board must be included in the conversation as costs increase to huge rates and security measures require companywide buy-in.

We need to ensure that boards are aware of the risks posed by RansomOps, and what the potential impacts are to the business. Again, tabletop exercises with the board go a long way to communicate the real impacts ransomware has on the business and the responsibilities that people have with these incidents.

We need to emphasize that these attacks have become much more sophisticated, and as a result it’s no longer enough to invest in tools but to develop internal knowledge and company culture and establish robust governance frameworks. It’s true that this is no longer a technology conversation but a business-wide conversation.

Twitter: @SiwickiHealthIT
Email the writer:
Healthcare IT News is a HIMSS Media publication.


Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Health Care

PatientBond, Vizient Team up for Digital Behavior Change Tools




Patient engagement SaaS provider PatientBond and healthcare performance improvement and analytics company Vizient are partnering up to provide Vizient member healthcare organizations with digital patient engagement and behavior change programs.

WHY IT MATTERSPatientBond’s digital engagement workflows can be personalized with psychographic insights, with the aim of activating patient behaviors and driving improved patient engagement and outcomes.

Through the partnership, Vizient’s customer base, which includes academic medical centers, pediatric facilities, and community hospitals, will offer programming including care gap closures, condition specific messaging, screenings and appointment reminders and appropriate use communications.

The aim of the programs is to reduce hospital readmissions and improve digital health risk assessments.

Other programs included in the deal will provide psychographically segmented marketing campaigns to advance patient/member activation, as well as patient and physician matching or find a doctor services based on psychographic insights.

The deal will also provide extensive market research insights and dynamic payment reminders for partners.

THE LARGER TRENDPatient-reported outcomes are a critical way to assess the ongoing state of patient health and satisfaction, and a growing number of digital tools are helping them do so.

The financial upside for care providers is also noteworthy: Jackson Hospital significantly improved its finances with digital patient engagement tools, switching from letters and phone calls to automated emails and text messages along with some help from analytics.

At Rush University Medical Center, the hospital has deployed similar digital tools to reduce the strain of avoidable readmissions and ED recidivism when resources already were at capacity.

Last year, Cardinal Health announced the launch of a digital patient engagement platform aimed at addressing medication adherence challenges – a significant issue for the health industry and patients.

In 2019, Vizient collaborated with Civica Rx on provider needs analytics data to reduce Rx costs. By providing insights into purchasing patterns and provider needs through its analytics and data capabilities, Vizient helped Civica Rx anticipate gaps in drug availability and affordability.

ON THE RECORD“PatientBond brings consumer science and dynamic intervention technologies to healthcare with unmatched clinical and business results,” said PatientBond CEO Justin Dearborn in a statement. “Vizient’s member healthcare organizations can benefit from PatientBond’s personalized patient engagement at scale with proven and consistent results.”

Nathan Eddy is a healthcare and technology freelancer based in Berlin.Email the writer: nathaneddy@gmail.comTwitter: @dropdeaded209

Source Here:

Continue Reading

Health Care

LifePoint Health Inks Data Deal With Health Catalyst




Brentwood, Tennessee-based LifePoint Health has entered a new collaboration with Health Catalyst and will use its analytics technologies to help bolster care quality, lower costs and improve population health management.

WHY IT MATTERSLifePoint Health will integrate Health Catalyst’s data operating system and analytics tools to gather performance metrics and drive improvements in healthcare quality, reporting and operational and financial decision-making.

By discovering and sharing clinical data, the partnership will help reduce variation in clinical outcomes. Health Catalyst’s tools dovetail with LifePoint’s national quality and facility recognition program goals to measurably improve patient care, safety and satisfaction as well as improve access and lower costs, according to the company.

In addition to the cloud-based data platform, LifePoint will use Health Catalyst’s analyzer, insights, AI, patient safety monitoring and data entry applications. The suite of tools can help increase organizational speed and interoperability, according to Health Catalyst.


While healthcare organizations are just beginning to scratch the surface of using data to drive improvements, according to Health Catalyst President Patrick Nelli, the company’s strategic acquisitions have provided them with the ability to customize software and services around core care systems.

One of them was its purchase earlier this year of KPI Ninja, whose event-driven data processing capabilities complement Health Catalyst’s own platform, enabling customers to build new services and operational tools around their core care systems.

LifePoint, meanwhile, has been making acquisitions of its own, such as its June 2021 addition of specialty hospital company Kindred Healthcare, with an eye toward a delivery network that taps into Kindred’s specialty hospital and rehabilitative expertise and its behavioral health platform.

ON THE RECORD“The Health Catalyst DOS platform, along with our technology product suites and applications, and improvement expertise, will best position LifePoint Health to achieve, sustain and scale the highest standards of care across its network,” said Health Catalyst CEO Dan Burton in a statement this week.

Andrea Fox is senior editor of Healthcare IT News.Email: afox@himss.orgHealthcare IT News is a HIMSS publication.


Continue Reading

Health Care

Fifteen Months for Domestic Worker Who Stole Jewellery




On Thursday, a Palma court sentenced a domestic worker to fifteen months for the theft of jewellery from her employer, a woman in her eighties.

Between 2015 and the end of 2020, the 45-year-old Chilean worked two days a week at the woman’s home in Sa Indioteria, Palma. Over that period, she stole various items of jewellery. The woman only realised this at the end of 2020, which was when she reported the matter to the National Police.

The police established that these items, which included watches, rings and bracelets, were sold in gold-buying establishments in Palma. The woman later verified that these were hers. As well as the jewellery, a hearing aid was stolen.

In January 2021, the domestic worker was arrested. Described as being in an “irregular situation” in Spain, her lawyer obtained agreement for the sentence to be suspended so long as a sum of 10,700 euros is paid over three years, at a rate of 297 euros per month, and she does not commit another crime during this period.


Continue Reading