2024 looks like it will only increase the number of affected individuals considering the scale of ransomware attacks from the first half of the year in the USA, Canada, and Australia.
Unusual activity detected on May 8, 2024, caused Ascension healthcare to shut down affected systems, notify authorities, and engage cybersecurity professionals.
The attack caused major disruptions throughout the non-profit healthcare provider that operates 140 hospitals and 40 senior care facilities in 19 states plus the District of Columbia.
CNN reported the Black Basta ransomware gang performed the attack, although the company hasn't officially confirmed the information.
IT should never be the top expense for a healthcare organization.
The United Healthcare Group acquisition of Change Healthcare in 2022 started paying the wrong type of dividends this February when stolen credentials led to over $870 million in damages.
Ransomware attackers used stolen credentials to access a Change Healthcare Citrix portal setup without any multi-factor authentication protection.
Within nine days, the attackers navigated laterally through the network and executed a ransomware attack that shut down Change Healthcare's processing and payment service that facilitates orders and payments for pharmacies, hospitals, and clinics nationwide.
Although the impact on Change Healthcare and UHG will be quantified for the US Security Exchange Commission, the impact on the US healthcare industry is more difficult to measure.
Hudson Rock, a cybercrime intelligence tool vendor with free services, posted that they detected Citrix credentials stolen from Change Healthcare using infostealers a day after the initial attack.
Predictably, the US Congress soon called upon Andrew Witty, the top paid healthcare CEO with a compensation of more than $23 million, to testify about healthcare breaches.
Witty's testimony admits that the healthcare provider can't identify the exfiltrated data or affected patients.
These attacks don't offer many details to learn specific technical lessons, but they highlight that attackers pursue all sizes of organizations anywhere in the world.
Given all the noise about ransomware, it can be easy to forget that there are other attacks and causes of breaches.
Note that only two of these breaches stem from external attacks.
Protect identity: Credentials will be stolen so implement MFA to make attacks harder to execute, implement active directory security to catch attempted credentials abuse.
Healthcare, like most organizations, struggles to grow IT budgets.
As MediSecure experienced, trusted partners can become the source of attack.
To avoid joining these high profile healthcare organizations in public shame and financial pain, apply the five key lessons to improve your organization's security today.
Security will never be completely foolproof, but it certainly can decrease the blast radius of a successful attack and keep you out of the news.
This Cyber News was published on www.esecurityplanet.com. Publication date: Thu, 30 May 2024 19:13:06 +0000