Ransomware Defense: Adversarial Emulation for Hospitals and Healthcare

Hospitals and the healthcare sector are once again facing the threat of ransomware attacks, as evidenced by the recent incident in Romania where over 100 hospitals fell victim to a severe cyber attack. As we examine this incident, it's essential to recognize that such threats are not confined to distant borders. The U.S. healthcare system continues to experience a growing number of cyber attacks, underscoring the critical need for proactive cybersecurity measures.

Last month, Romania experienced a ransomware attack that targeted more than 100 hospitals. Hospitals had no choice but to take their systems offline, with the cyber criminals demanding over a $100,000 worth of Bitcoin as ransom to unlock important files they had encrypted. Romania's National Cybersecurity Directorate (DNSC) issued a stern warning to affected healthcare providers, urging them not to engage in transactions with the attackers nor pay the ransom. This incident serves as a reminder that the healthcare sector is not immune to the evolving tactics of cybercriminals.

Drawing parallels to the recent attack, the U.S. healthcare landscape faced its own crisis in just November 2023. Ardent Health Services, a major healthcare company overseeing 30 hospitals and over 200 care sites across six states, fell victim to a ransomware attack. The fallout was immediate, with hospitals diverting emergency room patients as they grappled with the cyber attack. The incident underscores the far-reaching impact that ransomware can have on critical healthcare infrastructure. Last month, Ardent Health Services notified affected individuals of a data breach, intending to provide a list of compromised information. The AHS Management breach, documented on the Texas Attorney General Office's website, impacted approximately 17,500 people in Texas only.

With the rising frequency and severity of ransomware attacks on healthcare institutions, there's a pressing need for a proactive approach to cybersecurity. The most promising proven approach is adversarial emulation. Adversarial emulation (or BAS+), offers a proactive solution to threat understanding and prioritization of potential security exposures before they are exploited and escalate into full-blown cyber incidents. Such platforms, such as SCYTHE, enable hospitals and healthcare organizations to mimic real-world attacks, uncovering security weaknesses (within security controls, processes or policies) that must be addressed.

As threats continue to evolve, embracing new techniques like adversarial emulation becomes paramount for safeguarding critical devices and networks, ensuring the resilience of healthcare systems, and protecting the well-being of patients who depend on them. The time to act is now, as the digital frontlines of healthcare security demand our attention and cyber innovation.

To learn more, download SCYTHE’s latest e-book on adversarial behavior detection: https://scythe.io/adversarial-behavior-detection