Trend Micro Incorporated presents a new part of its study ‘Everything is connected: uncovering the ransomware threat from global supply chains’. The latter focuses on the state of security of organizations in the world of health and the impact of a ransomware attack on their operation. The conclusion is unanimous: attackers seek to weaken health organizations and massively use ransomware attacks: 86% of them have already been compromised by this type of attack and have suffered real malfunctions in their operational functioning.
Trend Micro research reveals that a majority of healthcare organizations (57%) have experienced ransomware in the past three years. Among them, a quarter acknowledge having been forced to completely interrupt their activity and 60% have found that some of their internal processes have been affected.
The time to restore their activities is then quite long. The affected organizations surveyed took, on average, between several days (56%) and several weeks (24%).
Ransomware not only causes operational difficulties for healthcare organizations. 60% say attackers leaked some of their sensitive data. This can potentially increase risks in terms of legal liability and reputational damage.
The organizations that responded to the study agree on another weak link in terms of security: the supply chain and all the actors associated with it.
• 43% think their partners have made them a more attractive attack target,
• 43% believe that a lack of visibility into the ransomware attack chain has made them more vulnerable,
• 36% say a lack of visibility into attack surfaces has made them a more important target.
Encouraging facts: Most healthcare organizations (95%) say they regularly update their security patches, while 91% admit to restricting the sending of email attachments to limit the risk of malware. Nearly half of them admit to using detection and response tools for their network (NDR; 51%), their endpoints (EDR; 50%) and on different layers of security (XDR; 43%).
However, the study also highlights several weak signals:
• Lack of controls for working from home: 17% have no remote desktop protocol (RDP) controls in place.
• Sharing threat information is not the norm.
o A third of global organizations do not report this to their partners.
o Nearly half (46%) of them do not report this to their suppliers or their wider ecosystem.
o A third (33%) do not share any information with law enforcement.
• A cybersecurity knowledge gap. A small proportion of respondents are able to detect lateral movement (32%), initial access (42%) or the use of tools such as Mimikatz and PsExec (46%).
“In cybersecurity, we often talk in the abstract about data breaches and network compromises. But in the health sector, ransomware can have a real and potentially very dangerous physical impact,” analyzes Nicolas Arpagian, Director Cybersecurity Strategy – Trend Micro. “System interruptions can put patients’ lives at risk. Unfortunately, we cannot count on the benevolence of the attackers towards the caregivers. It is therefore up to healthcare professionals to strengthen their defense in terms of incident detection and response, and to share threat intelligence more within their communities in order to improve the security of their supply chains. »