Ascension attack heightens scrutiny of healthcare cyber defenses

The Ascension attack highlights the fact that the healthcare sector is increasingly under siege … (+) Cyber attacks.

getty

The healthcare sector has increasingly become a target for cybercriminals, with several high-profile cyberattacks disrupting services and highlighting the vulnerability of this important industry. The cyber attack on Ascension highlights the worrying trend.

The cyberattack on Ascension is particularly alarming because of its impact on healthcare services, causing patient distractions and disrupting clinical operations. Emergency patients are being diverted to Ascension hospitals, and most or all of the 139 Ascension-operated hospitals are reportedly affected by the attack.

Recent major cyberattacks on healthcare

This attack comes on the heels of the significant cyber incident involving United Health and Change Healthcare, where attackers compromised patient data and demanded a ransom. United Health is still reeling from this attack and estimates it could cost the company up to $1.6 billion.

The attack on United Health’s Change Healthcare not only resulted in financial claims, but also raised concerns about patient privacy and data security. These incidents are a stark reminder of the urgent need for robust cybersecurity measures in healthcare.

Corewell Health, Michigan’s largest hospital system, and McLaren Healthcare have also been high-profile health care casualties recently.

These attacks against healthcare providers have crossed the line into purely criminal activity. Not only do they pose a threat to patients’ lives, they also threaten our national security. A recent report from Ponemon found a direct link between ransomware attacks and negative patient outcomes, increased mortality rates, and an increase in complications from medical procedures. Other research found a 33% increase in monthly mortality rates among hospitalized Medicare patients.

The Ascension cyber attack: First details and suspicion of ransomware

The process is still at a very early stage, so there is a lot we don’t know yet. While more details are emerging about the cyberattack on Ascension, the exact nature and extent of the incident remain unclear.

However, given the patterns observed in similar attacks recently, there is a reasonable possibility that this could be a ransomware attack. Ransomware typically encrypts the victim’s data to extort payment in exchange for decryption keys. Healthcare organizations are often targeted due to the critical nature of their services and the sensitivity of the data they store, which can increase pressure to pay the ransom to restore services and maintain patient care.

Blurred boundaries for ransomware

Again, we don’t have many details about the Ascension attack yet and it hasn’t been confirmed to be ransomware. Whether it is a ransomware attack or another form of cyberattack, any threat that disrupts or jeopardizes healthcare has a significant impact.

“There is considerable evidence that much of the tools and attack infrastructure used by ransomware gangs overlaps with those of some nation-state operators,” said Jon Miller, co-founder and CEO of Halcyon. “The potential dual nature of ransomware attacks on healthcare and other critical infrastructure providers, which may also serve the geopolitical goals of adversarial nations, should not be ignored.”

Miller pointed out that the perception that ransomware attacks appear at first glance to be the actions of simple cybercriminals provides plausible deniability when these attacks also serve the geopolitical goals of a nation-state adversary. He shared research that estimated 74% of all illicit ransomware revenue in 2021 went to Russia-linked attackers, emphasizing that these attacks may be classified as state-sponsored terrorism if the Putin regime has influence, which organizations are being attacked.

“The impact of attacks on the healthcare sector and patient outcomes makes clear that we can no longer treat ransomware as a purely criminal matter and that the government must be more aggressive in combating these attackers and the nations that provide them safe haven,” stated Miller. “It is simply not enough to infrequently file charges against threat actors who are unlikely to ever be caught and to provide organizations with more warnings, guidelines and frameworks.”

Miller put it succinctly: “It’s time to call attacks on healthcare organizations and other critical infrastructure providers what they really are: a serious threat to national security.”

The role of phishing in cyberattacks

Regardless of whether it is ransomware, there is a very good chance that it is phishing. Phishing attacks are a common entry point for cybercriminals. Estimates suggest that up to 90% of all successful cyberattacks begin with phishing.

These attacks often involve tricking employees into revealing sensitive information or accessing malicious websites, which can lead to further exploitation. Organizations are aware of the risk posed by phishing attacks, and most have tools and processes in place to protect them. Unfortunately, it has been repeatedly shown that email filters and user training alone are not enough.

A recent study found that 80% of companies have email filters that can be bypassed by attackers, and it is estimated that there is a 1 in 5 chance of a user clicking on a phishing email lies.

Improving protection against phishing

Companies need to adopt more comprehensive strategies to combat phishing. The problem with both email filters and user awareness training is that they rely on the ability to analyze email messages and identify nuanced and subtle clues. They essentially make educated guesses about whether a message is potentially suspicious or malicious.

This attack and history in general shows that we are not very good at guessing. For attackers, it’s a numbers game. Even if email filters catch most phishing emails and only 5% of users are likely to fall victim, the chance is not zero. If an attacker sends enough phishing emails, it’s virtually guaranteed that it will eventually work.

John Chirhart, founder and CEO of GTG.Online, urges companies to rethink their approach to phishing defense. “To combat the complexity of phishing techniques, organizations must implement email security that irrefutably identifies legitimate messages. Remove the guesswork completely.”

Using out-of-band email traffic monitoring and non-repudiation, legitimate emails can be clearly identified. Instead of teaching users how to examine emails for evidence of phishing attacks, companies can simply teach users to only trust verified emails.

Protecting healthcare from cyber attacks

The Ascension cyberattack is a stark reminder of the cybersecurity challenges facing the healthcare industry. It highlights the need for healthcare organizations to strengthen their cyber defenses, particularly against phishing and ransomware attacks.

As cyber threats continue to evolve, all organizations – but especially the healthcare sector – must remain vigilant and proactive, adopting advanced security measures to protect sensitive patient data and ensure the continuity of critical healthcare services.