On May 12, the largest ransomware outbreak in history took place, targeting 300,000 machines in 150 countries, with the U.K.’s National Health Service (NHS) taking the brunt of the attack.
In fact, 48 hospital trusts in the U.K. were targeted by the NSA cyber weapon-powered WannaCry ransomware, in addition to an unknown number of hospitals in the United States. Further, the Health Information Trust Alliance (HITRUST) reported that not just hospital machines were infected, but also medical devices from both Bayer and Siemens. By shutting down systems, communication channels and equipment, cybercriminals locked healthcare professionals out of their EHRs, forced them to cancel appointments and even turned away emergency patients.
Unfortunately, this is just another example of the healthcare industry being targeted by increasingly sophisticated and frequent ransomware attacks. In fact, the healthcare industry is hit with 88 percent of all ransomware attacks – and counting.
The most popular delivery method for ransomware is phishing, in which cybercriminals use email or other communication channels to trick their victims into downloading a malicious attachment or clicking on a fraudulent website as a means to access a network, obtain compromising information and shutdown systems and services. Because it’s much easier to induce an employee to click or download than it is to exploit more secure attack vectors, phishing now accounts for 95 percent of all successful cyberattacks worldwide.
With phishing being a greater threat to the healthcare industry than any other attack vector, it’s time for hospitals and healthcare organizations to develop defensive strategies that truly interrupt attackers from doing what they do best - executing highly sophisticated and personally tailored phishing emails.
The Dangerous Effectiveness of Phishing
According to HIPAA, successful cyberattacks on hospitals and healthcare organizations are relatively easy due to poor security defenses and lack of anti-phishing training for employees. For example, earlier this year, employees of the Washington University School of Medicine were tricked into responding to a spear-phishing email, compromising 80,000 patient records. In Wyoming, a healthcare system employee responded to an email appearing to come from a hospital executive. The result? The W-2 tax information of 1,457 employees was disclosed.
Though it’s well known that cyberattacks will only continue to increase, the healthcare industry is lagging behind in terms of cybersecurity investment. In fact, according to Symantec, less than 6 percent of healthcare organizations’ IT budget is spent on cybersecurity. There’s a clear disconnect between the proliferating threats facing the healthcare industry and the security in place to mitigate them. Instead of leaving the integrity of patient data and other sensitive information up to chance, hospitals and healthcare organizations should up their investment in security through machine learning.
Mitigating Phishing Risk with Machine Learning and Collaboration
What healthcare providers must know is that, with any type of phishing event, time is of the essence. That is, the time from identification to hospital-wide remediation must take seconds to minutes and not hours to days. Fortunately, advances in automation, like machine learning (ML), might provide the answers that hospitals need.
According to Richard Struse, chief advanced technology officer at the U.S. Department of Homeland Security, “The application of cyber threat intelligence with automation can help change the economics away from benefiting our adversaries to benefitting the defenders in cyber space.”
Modern ML algorithms are built to continuously improve in detection of both anomalies and irregular communications patterns based on learned experiences. Using a “bottom-up approach,” machines can observe every employee mailbox individually, collecting statistics about the sender, not just based on the volume of emails going through, but also the actual correspondent and attachment/link interaction. With local reputation analysis, users can better spot phishing attempts, which ultimately enables the ML algorithms to get smarter.
In addition, ML can make sure that each and every email landing in an employee mailbox is evaluated, visualizing the results for non-tech savvy employees. That consistency is important to counter the proliferation of phishing attacks, since they always appear as coming from high levels within an organization. Most importantly, whenever ML identifies a malicious email, communications between the machine and people or technology solutions can occur in real-time, triggering automatic responses.
Phishing is not going to disappear any time soon. In fact, successful attacks targeting healthcare organizations, such as WannaCry, will only increase in frequency, sophistication and scale. Overall, a combination of a vigilant workforce and the deployment of machine learning technology is needed to reduce the risk of dangerous phishing attacks before it’s too late.
By Eyal Benishti, founder and CEO of IRONSCALES
The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.