Cybersecurity concerns continue to be at the top of many business C-suite leaders’ agendas. This is in the context of escalating attacks and government warnings. The latest warning comes from the U.S. government, made through its agencies FBI and CISA, together with support from the U.S. Treasury Department.
These collective bodies of state have issued a joint advisory, one that warns of North Korean-backed threat actors using Maui ransomware.
It is the view of these agencies that cyberattacks against Healthcare and Public Health (HPH) organizations have come from rogue elements operating from North Korea.
Looking into the level of risk for Digital Journal is Stephan Chenette, Co-Founder and CTO at AttackIQ.
Chenette begins the analysis by considering why one specific sector remains an attractive target for hackers – the area of healthcare and medicine. According to Chenette: “The healthcare industry is one of the largest targets for cybercriminals due to protected health information being extremely profitable on dark web marketplaces.”
As to why such data is profitable, Chenette explains: “This is because healthcare data usually contains fixed information, such as dates of birth and Social Security Numbers, which hackers can use to commit identity theft for years to come.”
Another reason why healthcare is popular with hackers is because of the level of disruption that this sector has experienced in recent years. As Chenette states: “Since the onset of the COVID-19 pandemic, we’ve seen threat actors leverage this global crisis to target healthcare organizations — stealing this highly valuable patient data and creating general unrest.”
However, despite the barrage of attacks, healthcare institutions can strengthen their operations and address deficiencies. In terms of weakness, Chenette finds: “This alert serves as the latest reminder that organizations simply don’t exercise their defenses enough, and healthcare organizations, in particular, should be evaluating their existing security controls to uncover gaps before an attacker finds them.”
As a specific recommendation, Chenette advises: “To best defend against Maui ransomware attacks, it’s important to understand the common tactics, techniques and procedures used by the adversary. In doing so, organizations can build more resilient security detection, prevention and response programs mapped specifically to those known behaviors.”
Further recommendations from v include: “Organizations that manage sensitive health information must adopt a threat-informed cyber-defense strategy tailored to focus on the adversaries most likely to impact their operations to maximize their ability to protect sensitive information.”
More specifically, says Chenette: “This should include mapping their security controls to specific attack scenarios, aligned to the MITRE ATT&CK framework, to measure an organization’s cybersecurity readiness for the attacks that are sure to come. Additionally, companies should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to avoid falling victim.”
