Connect with us

Health Care

From Ransomware to RansomOps: What You Need to Know About the Newest Threat



You might not be aware, but ransomware no longer is operating as it always has. Sometimes it’s not the usual automated sweeps of malware that can be more easily recognized and stopped.

Instead, there now are targeted, human-driven operations where cyber criminals function in a similar way to legitimate software-as-a-service companies. These groups are sophisticated, methodical and unpredictable. This kind of attack is called RansomOps.

To help healthcare CISOs, CIOs and other security leaders get a handle on these new types of attacks, Healthcare IT News interviewed RansomOps expert Chris Fisher, director of security engineering at cybersecurity firm Vectra APJ.

Fisher describes what RansomOps is, the damage it can do, steps that can protect against it, and how to explain the danger to the rest of the C-suite and the board.

Q. Healthcare CIOs and CISOs all know what ransomware is. What is RansomOps and how does it work?

A. Ransomware has evolved from simple malware, which was targeted at individuals with small payments, to a very organized service model that’s reminiscent of modern day software businesses.

RansomOps speaks to the move away from traditional malware, which is delivered in a much more predictable and automated manner, to what can be described as ransom-as-a-service. In this case, core operators, such as BlackMatter, Conti or REvil, provide the tools and the payment collections services with affiliates that will do the targeting and compromise the network.

It’s crucial to note that this model is driven by human attackers and isn’t scripted malware as it once was, as evidenced by the Conti attacker playbook that was leaked. This means humans are using attacker tools to move laterally within an environment, specifically avoiding modern security tools to increase their chance of success.

This approach also renders traditional signature-based tools ineffective as the attackers can think on their feet and pivot throughout networks in different ways. These attacks also are much quicker than traditional ransomware attacks.

We have seen RansomOps affiliates move through networks at great speed, with ranges of 8-30 days from initial compromise to encrypting a business. Another difference is that these RansomOps attacks move beyond regular ransom to extortion, with the attackers threatening to leak business data if the ransom is not paid.

The pandemic has led to the huge adoption of cloud, and alongside this we’ve seen RansomOp affiliates looking at new ways of targeting via public cloud platforms such as AWS and Azure. This provides attackers an opportunity to move from initial access to ransom at even faster rates than the already quick 8-30 days. In fact, these attacks can be completed within a day.

Q. What kind of damage can ransomware ops do to a healthcare provider organization?

A. We have seen the impact of ransomware in all verticals; however, the impact when it comes to healthcare has been significant. In the U.S., for instance, the Universal Health Services incident resulted in more than 400 healthcare providers being unable to access electronic records and numerous hospitals and medical facilities severely impacted.

In New Zealand, the Waikato Health District incident, which impacted 680 computer services, led to worrying delays in patient care and COVID-19 testing results, and critically ill patients having to be transferred to other hospitals.

We’ve also witnessed the very unfortunate events in Germany, where a patient lost their life in a Dusseldorf hospital due to ransomware. In the first half of 2020, a total of 22% of all Australian data breaches were in the health sector, according to government data.

When the ICT systems of Eastern Health in Melbourne were attacked by hackers, the incident resulted in significant disruption, including the cancellation of elective surgeries and huge stress on staff and patients.

The impacts of ransomware to critical infrastructure are real and can have devastating long-term effects. I believe this is one of the top drivers to legislation around the world stepping up protection for critical infrastructure.

This legislation highlights that governments are looking to take a more proactive response from law enforcement on these criminals to minimize the fallout of these attacks, and ensure patients get the care they need while staff have access to the services and tools of their trade.

Q. What steps can health CIOs and CISOs take to protect their organizations against RansomOps?

A. With all things in cybersecurity, there is no silver bullet. However, as a starting point, organizations need to have a strong cyber resiliency policy.

To achieve this, there needs to be a mindset shift from “if” we get compromised to “when” we get compromised. Once this mindset shift has occurred, then the policy needs to consider people, processes and technology, ensuring security teams have clear visibility of all assets on the network, including cloud and data center infrastructure.

This visibility is key to mapping out the attack surfaces that the organization is exposed to, and will help guide process, technology choice and people required to secure your organization.

Organizations also must invest in training all of their staff on cybersecurity, not just once but continuously to make sure they’re ready for when they see that phishing email come into their mailbox.

Practicing how the organization will respond to a ransomware incident through tabletop exercises with all senior staff and board members is an effective method. This will outline the responsibilities that the business has to securing itself for when these incidents occur, and ultimately speed up response times in an actual event.

From here a strong security architecture is required. Organizations need to have the ability to monitor across the cloud, data center, Internet of Things devices and enterprise networks, as well as having the ability to carry out real-time attacker detection and prioritizing detected threats.

This requires organizations to automate security analyst work and provide visibility inside the network. This may look like security teams augmenting with AI-derived machine learning models, as advanced technologies can more effectively function at a speed and scale beyond traditional methods.

Overall, organizations need to establish a company culture that understands risk, and then implement mitigating technology controls backed by procedures on how to identify, respond and recover from cyber incidents such as RansomOps.

Q. How do CIOs and CISOs talk to the rest of the C-suite and the board about the threat of RansomOps?

A. This is where we have seen huge progress in the last few years, as ransomware has become a board-level topic.

I believe that like all cybersecurity reporting, we need to have an approach that provides solid metrics at a business level, not a technical level. I have seen all too often that we tend to report technical metrics that the board doesn’t understand or are not relevant to broader business objectives, when in fact these issues do have a significant and negative impact.

On this note, the statistics and stories that are making headlines speak volumes. There’s no denying that these attackers are becoming better at infiltrating and taking down businesses and operations from the inside, and this is only extending as organizations adopt cloud services.

For instance, according to an annual report on global cybersecurity, there were a total of 304 million ransomware attacks worldwide in 2020, marking a 62% increase from a year prior and the second highest figure since 2016.

Not only that, but numerous reports cite those attacks are rising in cost, frequently reaching the million-dollar mark. The C-suite and board must be included in the conversation as costs increase to huge rates and security measures require companywide buy-in.

We need to ensure that boards are aware of the risks posed by RansomOps, and what the potential impacts are to the business. Again, tabletop exercises with the board go a long way to communicate the real impacts ransomware has on the business and the responsibilities that people have with these incidents.

We need to emphasize that these attacks have become much more sophisticated, and as a result it’s no longer enough to invest in tools but to develop internal knowledge and company culture and establish robust governance frameworks. It’s true that this is no longer a technology conversation but a business-wide conversation.

Twitter: @SiwickiHealthIT
Email the writer:
Healthcare IT News is a HIMSS Media publication.


Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Health Care

Singapore’s Public Health System Rolling Out the Clinician’s ZEDOC Platform



Singapore’s health tech agency Integrated Health Information Systems has partnered with Auckland-headquartered digital health firm The Clinician to deploy a patient-reported outcome and experience measures platform across the island state’s public healthcare system.


The Clinician’s ZEDOC platform, the company describes, assists healthcare providers in managing patient-generated health data outside the hospital through digitisation. Integrated with HIS, the system supports timely exchange of health data and information between providers and patients, including subjective PROMs and PREMs, objective wearable device data, and other communication or educational materials. By streamlining the digital collection of critical health data, ZEDOC is able to render real-time, actionable information crucial for improving health outcomes and experiences.

The partners are working on multiple ZEDOC integrations with existing health information systems (HIS). A privacy-preserving hybrid infrastructure has been implemented which ensures that all personally identifiable information stays within the IHiS’s private health cloud while all anonymised health data are collected through a secure commercial cloud platform.


Singapore intends to measure and improve health outcomes and patient experience with the rollout of The Clinician’s ZEDOC platform. Their partnership will “bolster patient engagement and enable clinicians to more effectively assess patients’ health status before, during and after receiving a health service – closing the loop when they are outside the hospital,” said The Clinician CEO Dr Ron Tenenbaum. It will also allow providers to deliver “more holistic and personalised care for patients by taking into account their perspectives for the first time,” he added.

To demonstrate the benefit of routine collection and analysis of PROMs, The Clinician shared that this has resulted in over 50% reduction in 90-day complications for hip and knee surgery patients in one study and a five-month improvement in the survival of cancer patients in another.

Among benefits for care providers, the ZEDOC integration will replace existing paper-based forms with an integrated digital platform that automates data capture, as well as benchmark outcomes across providers to reduce variability and waste. For patients, they can become more involved in the treatment decision-making and be informed early of health risks and warning signs.


Last month, Cabrini Health and The Alfred, two of the largest healthcare providers in the Australian state of Victoria, deployed the ZEDOC platform to automate the collection and analysis of health data from colorectal cancer patients. The installation is said to adhere to the colorectal cancer standards outlined by the International Consortium of Health Outcomes Measurement.

Original Post:

Continue Reading

Health Care

EU Analysis Highlights Digital Health Lessons From COVID-19



An EU analysis has outlined the effect of COVID-19 on healthcare systems in Europe and the role of digital innovation in building their resilience.

Experts from the Organisation for Economic Co-operation and Development (OECD) and the European Observatory have published a set of 29 country health profiles, covering all EU member states, as well as Iceland and Norway. A companion report also highlights a selection of cross-country trends.

Speaking at a virtual launch event on Monday (13 December), Josep Figueras, director, European Observatory, highlighted two main lessons learnt from the use of technology in the pandemic.

Using telemedicine as an example of digital health innovation, he said the number of teleconsultations had increased in all EU countries during 2020. However in some countries, such as France, teleconsultations had decreased when lockdowns ended.

“The key issue here is how we harness and sustain innovation – how we make sure that these improvements in the use of telemedicine (as an illustration of the use of other digital technologies) can be maintained and sustained to increase the effectiveness of the health system,” Figueras said.

He also highlighted that the technology for telemedicine and other innovations was already available in many European countries before the pandemic but was not being used.

Figueras asked: “What did we do within the pandemic that literally within a couple of weeks, we got all this telemedicine in place?”

To sustain the use of telemedicine and other health technologies, he said it was important to look at the regulatory measures, financial incentives, training and changes in culture needed.

“Something the pandemic has taught us loudly and clearly is the importance of digital innovation – not only the new technologies, but the ability to implement them,” Figueras added.


The State of Health in the EU cycle is a two-year process initiated by the European Commission in 2016, designed to improve country-specific and EU-wide knowledge in healthcare.

It aims to gather data and in-depth analyses on health systems and make the information accessible to policy makers and stakeholders.


During the pandemic, digital tools have been used in the EU to boost public health measures such as the implementation of the EU Digital COVID Certificate, vaccination booking systems, and cross-border interoperability for contact-tracing apps.

There has also been investment in EU-wide COVID recovery initiatives such as the EU4Health programme.


Maya Matthews, head of unit performance, European Commission said: “COVID-19 illuminated the fact that in many European countries we do not have a strong public health system. We cannot do testing and tracing. Even surveillance is done sometimes in a very fragmented fashion.

“I think if one thing comes out of COVID-19, it’s to say that public health matters – that public health is a very important part of health systems and has not really received the attention it deserves.”

Source Here:

Continue Reading

Health Care

Clinical Messaging Platform Hospify to Close, Bupa Arabia Invests in Global Ventures, and More News Briefs



Clinical messaging platform Hospify to close

British healthtech startup Hospify has announced it will close its secure clinical messaging platform on 31 January 2021.

Hospify said it suffered a decline in demand after the government suspended the UK 2018 Data Protection Act in relation to healthcare last year for the duration of the COVID-19 pandemic.

It also cited difficulties caused by “post-Brexit uncertainties surrounding the future of the UK’s data adequacy agreement with the EU”.

A statement from the Hospify team says: “It’s a sad end to a wonderful vision, a vision of universal health care communication that was both free of data exploitation and free at the point of use.”

Insurance giant Bupa Arabia invests in Global Ventures

UAE-based international venture capital firm Global Ventures has announced new investment from Bupa Arabia, the leading health insurance company in the region.

Bupa Arabia’s participation in Global Ventures Fund II as strategic partner aims to foster the healthcare ecosystem in the region and particularly in Saudi Arabia.

The investment is part of the Bupa Arabia’s strategy to participate and invest in disruptive healthcare and insurance technologies, amongst other targeted growth sectors.

Noor Sweid, Global Ventures founder and general partner, said: “Bupa Arabia shares our outlook and ambition on the digital health sector, and its potential for technology and innovation to deliver long-term economic benefits particularly in emerging markets.”

Liverpool Heart and Chest Hospital achieves EMRAM Stage 6

Specialist NHS trust Liverpool Heart and Chest Hospital (LHCH) has been awarded Stage 6 of the EMRAM, or Electronic Medical Record Adoption Model, by HIMSS.

The EMRAM measures the adoption and maturity of a health facility’s inpatient EMR capabilities from 0 to 7. Achieving Stage 6 means the trust has established clear goals for improving safety, minimising errors, and recognising the importance of healthcare IT.

Kate Warriner, chief digital and information officer said: “Digital excellence must be the cornerstone if we are to continually improve the care that we provide for our patients in the years ahead. Therefore, whilst we are rightly proud of this achievement, we have ambitions for further pioneering innovation and advancing our use of technology to become a Stage 7 hospital.”

More than $110m raised by Sheba’s ARC Innovation Center

Israel’s Sheba Medical Center has announced that six companies from its Accelerate Redesign Collaborate (ARC) Innovation Center raised more than $110 million (EUR97.2m) in 2021.

ARC brings new technologies into the hospital and community ecosystem focusing on digital health technologies including precision medicine, big data, artificial intelligence (AI), predictive analytics, telemedicine and mobile health.

Sheba MedTech startups receiving investments this year included: Aidoc, BELKIN Laser, Starget Pharma Append Medical, Innovalve Bio Medical and TechsoMed.

Professor Eyal Zimlichman, ARC director and founder, said: “The ARC Innovation Center has been focusing on ground-breaking, innovative technologies with a prime directive to redesign healthcare.”

Konica Minolta named as part of NHS Digital Documents Solutions framework

Konica Minolta Business Solutions (UK) Ltd has been named as one of 46 suppliers on the new ?5 billion Digital Documents Solutions framework.

The firm will provide solutions across five key areas: internal print, external print, digital mail room, scanning and electronic document management solutions.

Jason Barnes, head of public sector, Konica Minolta, said: “Having been chosen through a competitive tender process, we are especially pleased to be newly appointed to the LPP framework, which deepens and furthers our reach into the NHS health sector.”

Original Source:

Continue Reading