RansomOps (Ransomware Ops) is a new trend in cybercrime that is on the rise. It involves attackers holding critical data or systems ransom until they are paid. This type of attack can be very damaging to businesses, resulting in the loss of important data or even entire systems. According to a 2021 study conducted by IBM and the Ponemon Institute, the average cost of a data breach for enterprises increased by 10% in 2021 to reach a staggering $4.24 million.
This blog post will discuss RansomOps and how dental healthcare organizations can protect themselves from this type of attack.
From Ransomware to RansomOps
Ransomware has developed from simple malware that targeted individuals with modest payments to a highly organized service model, resembling modern-day Software-as-a-Service (SaaS) companies.
The rise of RansomOps is about the shift from common malware, delivered in a predictable and automated manner, to what can only be described as ransomware-as-a-service. Core operators like BlackMatter, Conti, or REvil provide the tools and payment collection services while affiliates perform targeting and network compromise.
It’s critical to note that this approach is driven by human attackers and doesn’t follow the same script that malware does, as seen in the Conti attacker playbook that was recently leaked by a disgruntled affiliate. The disclosure implies humans are using attacker tools to traverse laterally across an organization, particularly avoiding contemporary security solutions to improve their chances of success.
Traditional signature-based security solutions are useless against this approach since the attackers can adapt to new situations on the fly and shift across networks in innovative ways. These cyberattacks are also considerably quicker than ransomware infections in the past.
The Damage a Ransomware Attack Can Do to a Healthcare Organization
Ransomware can have a devastating impact on healthcare organizations. In addition to the ransom payment, there can be other costs, such as the cost of restoring data and lost productivity. Below are two key examples of how serious ransomware ops is for healthcare providers:
- The health system’s US facilities were all shut down in September 2020 due to a network disruption caused by an apparent ransomware attack. According to Universal Health Services, it incurred a pre-tax “unfavorable impact” of $67 million due to a cyberattack that led to a network shutdown throughout its US facilities.
- The University of Vermont (UVM) Medical Center was also recently the target of a ransomware attack that led to over $50 million in lost revenue. As a result, for several days, the staff could not access electronic health records (EHRs), payroll programs, and other critical digital tools. As a result, patient appointments and surgeries had to be rescheduled, and cancer patients had to seek treatment elsewhere. It took security teams three weeks to scrub the system.
According to the US Department of Human and Health Services, health and medical clinics were the most impacted, followed by healthcare industry services in 2021.
Why are Health Clinics and Industry Services a Key Target for Ransomware Attacks?
Health clinics have a massive reliance on IT systems to operate. Patient records are stored digitally, while scheduling and billing are all done electronically. In fact, many clinics have gone entirely paperless. This makes them a key target for RansomOps attacks as the attackers can do a lot of damage once they gain access. Many organizations cannot afford the downtime caused by attacks and security teams often agree to pay the ransom.
Industry services are also a key target for RansomOps attacks. Industry services such as insurance companies and healthcare IT providers also have many critical systems that are vulnerable to ransomware attacks. These organizations provide support to healthcare clinics, including dental practices and hospitals. They manage and store patient data, as well as process payments. If they are attacked, it can have a ripple effect on the entire healthcare industry.
In addition, sensitive patient data is one of the most valuable commodities on the dark web. Health clinics and industry services are a key target for ransomware because they have a large volume of sensitive data that cybercriminals can sell on the black market. When they refuse to pay the ransom, cybercriminals still earn by selling this information on the dark web.
Security Engineering to Protect Your Organization Against Ransomware.
There are several steps that a healthcare organization can take to protect itself from RansomOps. Security engineering should include:
- Train employees on how to identify ransomware and phishing emails.
- Use a secure and encrypted file sharing solution instead of using email.
- Implement a robust backup and recovery plan.
- Update software and security patches regularly.
- Use antivirus software and malware protection programs.
- Restrict access to sensitive data to authorized users only.
- Implement multifactor authentication.
- Segment and segregate networks and functions.
- Use threat detection tools.
- Create an incident response plan and a strong cyber resiliency policy.
You should also contact your local FBI field office if you believe you have been impacted by ransomware or any other type of cybercrime. You can file a report online with the FBI Internet Crime Complaint Center IC3.
For more information on how to protect yourself from ransomware, sign up for a free trial of CDS cloud dental backup and recovery services.