News has come in that The Center Hospitalier Sud Francilien, a 1000-bed hospital located 28km from the center of Paris, has suffered a cyberattack during August 2022. This incident has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries.
Looking into the cyberattack for Digital Journal, is Stephan Chenette, Co-Founder and CTO at AttackIQ.
Chenette sets out why the healthcare sector is a prime area for cyberattacks. This relates to the rich stream of personally identifiable information held about patients. Such data is valuable to criminals.
Chenette says that: “The healthcare industry is one of the largest targets for cyber-criminals due to protected health information (PHI) being extremely profitable on dark web marketplaces because it usually contains fixed information, such as dates of birth and Social Security Numbers, which hackers can use to commit identity theft for years to come.”
With the specific incident, Chenette adds: “Additionally, The Center Hospitalier Sud Francilien is now forced to operate with reduced IT operations, causing the hospital to transfer patients with serious injuries or illness to other medical centers and creating further delays for patients.”
In terms of general lessons to learn from the incident, Chenette sets out some recommendations: “This cyberattack serves as the latest reminder that organizations simply don’t exercise their defenses enough, and healthcare organizations in particular should be evaluating their existing security controls to uncover gaps before an attacker finds them.”
He also recommends: “We continue to see basic security protection failures resulting in data loss for companies both large and small. This trend is disturbing as the cost of recovering from a breach is far more expensive than conducting proactive testing to validate that the security products and services, which you have already purchased and implemented, are working correctly. Consequently, these types of failures can often be easily avoided.”
In terms of more concrete measures, Chenette says: “To best defend against ransomware attacks, it’s important to understand the common tactics, techniques, and procedures used by the adversary. In doing so, organizations can build more resilient security detection, prevention and response programs mapped specifically to those known behaviors.”
There is also a cultural piece to consider: “Organizations that manage sensitive health information must adopt a threat-informed cyber-defense strategy tailored to focus on the adversaries most likely to impact their operations to maximize their ability to protect sensitive information. This should include mapping their security controls to specific attack scenarios to measure an organization’s cybersecurity readiness for the attacks that are sure to come. Additionally, companies should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to avoid falling victim.”
