A ransomware attack has taken place on the city of Barcelona’s main hospital. The cybersecurity event has forced thousands of appointments to be cancelled and computers across the institutions’ numerous laboratories, clinics and emergency room to be shutdown.
Following the incident, 150 surgeries reportedly were cancelled, along with up to 3,000 appointments and 400 pieces of medical analysis.
Looking into the issue for Digital Journal is Stephan Chenette, Co-Founder and CTO at AttackIQ.
Chenette places the incident in the context of another attack upon the healthcare sector, where hackers are seeking to capture the rich stream of personal data, noting: “The healthcare industry is one of the largest targets for cyber-criminals due to protected health information (PHI) being extremely profitable on dark web marketplaces because it usually contains fixed information, such as dates of birth and Social Security Numbers, which hackers can use to commit identity theft for years to come.”
In terms of the consequence of the event, Chenette assesses that: “The Hospital Clinic de Barcelona is now forced to operate with reduced IT operations, causing the hospital to cancel thousands of patient appointments and forcing medical professionals to use pen and paper to communicate sensitive medical information.”
In terms of the wider significance, Chenette draws on the implications for all businesses: “This cyberattack serves as the latest reminder that organizations simply don’t exercise their defences enough, and healthcare organizations in particular should be evaluating their existing security controls to uncover gaps before an attacker finds them.”
Chenette thinks that too many organisations have not sufficiently updated their systems in preparation for the escalation of attacks: “We continue to see basic security protection failures resulting in data loss for companies both large and small. In February alone, Florida and Maryland hospitals suffered cyberattacks that limited IT operations.”
With the wider picture, Chenette adds: “This trend is disturbing as the cost of recovering from a breach is far more expensive than conducting proactive testing to validate that the security products and services you have already purchased and implemented are working correctly.”
In terms of remediation, Chenette says: “To best defend against ransomware attacks, it’s essential to understand the common tactics, techniques, and procedures the adversary uses. In doing so, organizations can build more resilient security detection, prevention and response programs mapped specifically to those known behaviors.”
He further recommends: “Organizations that manage sensitive health information must adopt a threat-informed cyber-defense strategy tailored to focus on the adversaries most likely to impact their operations to maximize their ability to protect sensitive information. This should include mapping their security controls to specific attack scenarios, aligned to the MITRE ATT&CK® framework, to measure an organization’s cybersecurity readiness for the attacks that are sure to come.” Chenette’s final advice is: “Companies should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to avoid falling victim.”