Hospitals are an attractive target for threat actors. In fact, a report shows that repeat attacks are incredibly common, with 76% of victimized hospitals logging three or more ransomware attacks. The impact of these attacks has brought us, unfortunately, to the point where some hospitals take drastic action to stop an attack after it occurs. For instance, at Children’s National Hospital in Washington, D.C. the staff will call a “code dark” after a cyberattack is detected. This code alerts employees to disconnect devices from the network thereby reducing the blast radius of a malicious code running across their network.
Concerns around ransomware continue to escalate. In recent months, Maui ransomware has been utilized by North Korean state-sponsored threat actors to target healthcare organizations. This ransomware uses a combination of AES, RSA and XOR encryption to encrypt target files.
The issue with ransomware attacks is that a cure doesn’t really exist. In other words, if an attack happens, it’s already too late, leaving hospitals to wrestle with implementing a preventative care approach to their network security. Shoring up networks and keeping them protected is difficult. Hospitals and medical institutions represent a good return-on-investment for threat actors, as the value of stolen data is high and there is a great likelihood that security is lacking. This is not necessarily because hospitals don’t take the threat seriously, but more because the ecosystem of medical devices and their software is wrought with proprietary secrets that are hard to build defenses around.
When triage is necessary, unplugging from the Internet will serve to “slow” ransomware in a network, but it is certainly not an option for preventing it. Unfortunately, at its core, healthcare organizations (though, not exclusively) often rely on the same cryptographic and authentication approaches, which are susceptible to single points of failure. In order to establish effective preventative care, security defenses must be diversified at every layer to remove as many points of failure as possible. Stacking multiple encryption techniques helps data travel securely even if a flaw is uncovered in one of the encryption layers.
Crypto-diversification is a proactive, future-proof strategy to protect hospitals and the private, life and death data they store, share, and use daily. Like defense-in-depth, crypto-diversification embraces a multi-layered defense strategy while encouraging a mix of asymmetric, symmetric, and quantum-based encryption methods for optimal protection. Hospitals may not always know which part of a crypto stack has been defeated and how, but it won’t matter if the cryptography is sufficiently diversified. The attacker, or reconnaissance will be stymied.
Learn how CryptoDiversification by Phio can best protect against known and yet-to-be-discovered threats.
