At the end of last month, another high-profile cyber attack hit the headlines. This time, the Victorian healthcare sectors were targeted with hospitals in Gippsland and southwest Victoria forced to reschedule patient services to respond to the incident.
This isn’t the first-time hospitals have been targeted by ransomware. The WannaCry ransom worm outbreak back in May 2017 saw over 200,000 computers across 150 countries affected with damages reaching billions of dollars.
The reality is, in a world where our emergency services rely on data and technology to function, a successful attack could result in a significant risk to life.
What happened in the latest attack?
The recent cyber attack of the Victorian hospital group was caused by the infiltration of ransomware. The sophisticated attack bypassed existing security controls blocking access to several systems. At least seven major regional hospitals were forced to go on lockdown, causing them to shut booking systems, cancel appointments and delay surgeries.
To deal with the attack, healthcare providers had no choice but to go offline and work manually. Computers at the seven hospitals were on lockdown for at least 24 hours after the incident, enabling security teams to isolate and disconnect the infected systems. And, it could, in fact, take weeks to completely clear out the virus.
The criminal attack with such a purposeful effort to target hospitals has reignited fears over the security of patient data. While the Victorian Government has said there is no evidence as yet to suggest that personal data has been accessed, a detailed forensic investigation is underway. The point, however, is the potential damage that could have been caused. With healthcare data becoming a growing target for hackers, cybersecurity is paramount.
How ransomware works
Ransomware is no new idea in the world of cybercrime. It involves a hacker gaining access to a computer, usually be deceiving an authorised user. One of the most common methods is phishing scams in which attachments are masqueraded as trusted files. Social engineering can then be used on top of this to trick users into allowing administrative access.
Once a file has been downloaded, the malware takes over a victim’s computer. More often than not by encrypting some or all of the user’s files. The only way to decrypt the files is with a mathematical key. This is where the attacker demands a ransom from the victim to restore access, anything from a few hundred to thousands of dollars. While there have been no ransom demands as yet for the Victoria incident, it was more than likely the aim.
Government agencies and medical facilities are a tempting target as they often need immediate access to their files. This makes them much more susceptible to demands and more likely to pay. Attackers are aware that lives can literally lie in the balance when an attack happens. In fact, it’s estimated that 45% of ransomware attacks target healthcare organisations.
How can organisations stop ransomware?
Like many attack techniques, it’s often a failure in doing the basics well that can result in a compromise to people or systems. The recent attack can be broken down into six areas of vulnerability:
- Email Impersonation – an email imitates a well-known brand or person, bypassing authentication controls and email gateways to land in a user’s inbox.
- User Awareness – this is the human factor; the user lacks security awareness, fails to detect the impersonated email and clicks the link.
- Web Security – the malicious website is not blocked by the web gateway, so when the link is clicked the user is served the hacker’s content.
- Endpoint Security – the malware is downloaded to the endpoint, infects the machine and remains undetected and active.
- Threat Detection and Response – without effective network monitoring tools, the malware propagates across the network and hits file shares.
- Backup Recovery – if there are not suitable tested backups in place that adhere to the maximum tolerable level of data loss, it is impossible to recover the environment.
The more a business can tighten its defences across any of these points, the less likely it is to become compromised by ransomware as well as many other cyber threats.
The importance of cybersecurity
While ransomware has been on the decline in recent years, it’s still a viable method of attack. It was front of mind five years ago, but we’re still talking about it now. It’s vital that organisations’ have mitigation strategies in place to deal with the key areas of vulnerability. Resources need to be focused on these security domains if ransomware attacks are to be avoided, or at the very least the impact minimised.
While in the recent attack there were no cancellations to surgery or impact on emergency departments, next time could be different. It’s devastating to think that human lives could have been placed in danger as a result of the recent cyber attack in Victoria. It brings home just how important cybersecurity really is.
Author: Dane Meah
Dane has 12 years’ experience working with some of Australia’s largest brands in protecting their environment from cyber-attack. He co-founded InfoTrust in 2014, as a specialist cybersecurity practice, that quickly established a niche in helping organisations become more optimally protected against CryptoLocker and other forms of Ransomware.