Security News > 2020 > December > Raising defenses against ransomware in healthcare

Raising defenses against ransomware in healthcare
2020-12-03 06:30

There are, of course, other factors that play a role in the attackers' preference for healthcare-related targets: the talent shortage for cybersecurity experts with healthcare expertise, the fact that most healthcare employees still don't make cybersecurity a priority, the fact that many of the devices and technologies they use run on antiquated operating systems - to name just a few.

There might come a time when cybersecurity becomes a part of medical curriculums - in the meantime healthcare organizations can significantly lower the number of successful attacks with the proper defenses and training, DiMaggio notes.

"Most enterprise ransomware attackers spend days and even weeks in a targeted organization's environment. They use already present administrative and dual-use tools to 'stage' the environment, they enumerate devices on the network(s), escalate privileges and disable security defenses. Threat hunters can identify these malicious goings-on and foil the attack before crucial data is encrypted and held for ransom. Having trained threat hunters with the appropriate tools will increase the chances of success," he opined.

As ransomware gangs ramp up their targeting of all organizations, including those in the healthcare sector, and try out different approaches to get their hands on as much money as possible, targeted organizations could help the rest of their industry by sharing threat information and details of the attack.

"In the end, no harm is done to the sharing organization, especially when the breach is already public, but the benefits to the rest of the targeted industry can be great: peer healthcare organization could look for the activity on their network or be better prepared to identify the adversary should an attack be executed. It is a win-win scenario and is becoming a common business practice across industry verticals."


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/4_qxl_FfBCs/