How to Stop ‘Killware’ — Before It Strikes

Share on facebook
Share on twitter
Share on linkedin
Share on email

Rising cybercrime has everyone on high alert these days. The news stories just keep coming about hackers infecting systems with ransomware seeking a big payoff.

 

What some people may not realize is that these attacks could be putting actual lives at risk. When a hospital or healthcare system is hacked, it can delay or disrupt medical care services in potentially serious ways — turning malware into ‘killware’. U.S. government officials have grown increasingly worried.

 

This should come as no surprise to anyone who has been tracking the swiftly-evolving digital landscape. As Gartner analyst Wam Voster observes, the era of potentially lethal cybercrime has been upon us for some time. Last summer, USA Today reported a surge in hacking attacks on hospitals for patient data during the COVID-19 pandemic, citing a national survey that found over 80 percent of medical practices had been hit. In September 2020, Universal Health Services, one of the largest U.S. health care providers, suffered a crippling attack that forced providers to divert patients and cancel or defer critical surgeries, tests and other medical procedures. In a recent survey of nearly 600 U.S. healthcare organizations conducted by the Ponemon Institute, 40 percent reported that they had been the victim of a ransomware attack in the last two years — with over a third of those saying they noted an increase in complications from medical procedures and even death rates following the attacks. An analysis by the U.S. Cybersecurity and Infrastructure Security Agency showed hospitals in Vermont affected by ransomware attacks reached capacity levels linked with excess deaths faster than hospitals that weren’t hacked. 

 

Attacks on critical infrastructure outside healthcare can also have consequences for human health and safety, of course. Consider the attack on the water system in Oldsmar, Florida, which officials later described as an attempt to distribute dangerously contaminated water to area residents. (The attempt was thwarted.) Other potentially troublesome targets include critical infrastructure related to oil and gas manufacturing, transportation and aviation. Gartner analysts project that by 2025, cyber attackers will have weaponized operational technology (OT) environments to successfully harm or kill humans.

 

The Biden Administration has responded by directing all federal agencies to address vulnerabilities — and giving them a strict deadline to patch security holes. “Organizations of all sizes … must protect against malicious cyber actors who seek to infiltrate our systems, compromise our data, and endanger American lives,” Homeland Security Secretary Alejandro Mayorkas said in a Nov. 3 statement in which he called cybersecurity threats “among the greatest challenges facing the nation.” 

 

Mid-sized organizations — medical or otherwise — should be paying particularly close attention to these developments, experts say, because they represent the so-called “sweet spot” for cybercriminals: big enough to be worthy targets, and with ample resources to make ransom payments, and more likely than larger firms to lack adequate protection against cyberthreats.

 

Let Blue Ridge Networks design and implement a custom security solution for your business or enterprise. For over 20 years, we’ve been protecting our clients’ critical assets and operations in today’s inherently untrustable digital ecosystem. Blue Ridge rejects the traditional detect-and-respond approach. Our patented technologies use network segmentation, isolation and containment to stop breaches before they occur — before they can disrupt your operations and put anyone in harm’s way. 

 

Learn more about our Zero Breach solutions at BlueRidgeNetworks.com

 

Blue Ridge. Blue Ridge. Zero Breach for Zero Trust Network Access.