The year 2021 was filled with high-profile ransomware attacks on companies across industries – some of which (for example, the colonial pipeline attack) shut down entire markets and caused panic in parts of the United States. As devastating and devastating as these attacks were, the next wave of ransomware could be even more dangerous – especially for the healthcare industry.
Like viruses, threat actors will continue to evolve and change the way they attack companies to make the most profit. In “classic” ransomware attacks, bad actors encrypt the victim’s data and then force them to pay a ransom to decrypt it. But this has evolved into cybercriminals forcing victims to pay a ransom to not only not encrypt their data, but to prevent it from being publicly published or sold. Today, we are starting to see the third wave of ransomware – killware.
Killware puts the healthcare industry on high alert
At a high level, killer software is a ransomware attack that can lead to physical harm, including loss of life, if a ransom is not paid. By increasing the risks in this way, cybercriminals put more pressure on victims to pay the ransom.
Hospitals and other healthcare institutions are increasingly at risk from these types of attacks, as system shutdowns of any kind — even minutes — can prevent critical patients from getting the treatment they need to survive. The world witnessed the dire consequences of the deadly programs in the attack on Springhill Medical Center in Alabama.
Additionally, medical equipment manufacturers and even individuals who use internet-connected medical devices, such as insulin pumps or pacemakers, are also at risk. If cybercriminals hack WiFi networks or the systems these devices are connected to, they could potentially tamper with data or even how a device works, potentially exposing personally identifiable information (PII) to millions of users or becoming fatal in a worst-case scenario.
Fight this new threat with good security hygiene
Regardless of the industry, organizations need to take appropriate precautions and practice good cybersecurity hygiene to defend against potentially fatal software attacks. The good news is that most IT security teams will find that they are on their way to a robust killer software defense, because the strategies required to fight this new threat are not much different from what organizations must do to protect against other types of cyberattack.
Here are the four best practices to keep in mind:
- Prioritize security essentials – they are the foundation of a robust cyber defense strategy. If an organization fails to master the basics of cybersecurity, it will not only create major security holes for cybercriminals to exploit, but will not be able to effectively use more advanced security tools to enhance its defensive strategy. However, the first step of a solid killer software defense strategy is to make sure that basic security protocols, processes, and controls are in place and working as they should – things like multi-factor authentication, network segmentation, patching, systems updates etc. .
- Make application security a part of the development process from the start. To eliminate these vulnerabilities, it is important that all applications, products, and solutions – including medical devices – are built using a “security by design” model. This means building security policies, controls, and barriers from the start, rather than adding controls after the fact.
- Implement and enforce threat modeling. Organizations can be so focused on getting a product out as quickly as possible that they lose sight of the importance of deciding how to attack that product (or application, service, or solution). Taking this perspective through threat modeling is important because it can identify areas of weakness and security gaps that need to be addressed. Before The product goes to market.
- Develop and practice an Incident Response (IR) plan. The last thing any company wants if they get hacked, is to be left struggling to figure out what to do. This is why it is so important to develop, document and practice IR plans. The ability to react quickly with a predetermined plan that locates the attack and reduces damage inflicted.
See the big picture
If successful killer software attacks become very common, they will attract the attention of the US government as well as law enforcement entities, and they will be forced to respond. This is propaganda that cybercriminals do not want. They want to use killing programs for economic leverage, but at the end of the day, they don’t want government scrutiny or the taking of lives, which I think will keep that threat away.
However, one death means too much death, and organizations need to put in place appropriate cybersecurity strategies to reduce the risk of a successful attack. Following these best practices will not only enable you to defend against killer software, but all other types of cyber-attacks – allowing you to protect employees, customers, partners and other stakeholders in more ways than one.