Sector 7G's Learning Center

Articles • Tips • Tutorials

Health Sector Ransomware 2021

Aug 5, 2021 | Greg Butler

Topics: Cybersecurity

Audience & Level: Non-technical & Intermediate

Intro
Consumer Steps to Mitigate Ransomware is largely a primer on both ransomware tactics and basic mitigation. This post, however, addresses the spectrum’s other extreme: ransomware targeting critical sector infrastructure, namely healthcare and public health, by highlighting a recent US Health & Human Services publication.

Health & Human Services Ransomware Trends Report
The US Health & Human Services’ Health Sector Cybersecurity Coordination Center (“HC3”) published Ransomware Trends 2021 in early June 2021 reporting ransomware incidents targeting US and global “HPH” (Healthcare & Public Health) entities from January 2021 until late May 2021. The publication is a PDF’d PowerPoint with about 16 substantive slides each with a graphic indicating whether it’s “technical” or “non-technical” (only two are designated “technical”).

Of note:

  • Nearly 50 US HPH entities were hit during 2021’s first five months. On average, that’s one every three days and since not every incident is necessarily publicized, the frequency is likely higher.
  • Sophistication, by essentially any measure, is increasing dimensionally and nonlinearly. Slide 7, and consistent with other ransomware news, implies adversarial state-sponsorship. Circumstantially the evidence may be compelling and, proverbially “reversing roles”, Stuxnet was not the handiwork of a script kiddie.
  • Virtually all sectors worldwide are under siege as depicted on slide 11 with a Colonial Pipeline reminder on slide 13 (and noting its widespread, collateral disruption).
  • Mitigations beginning on slide 16; all are valuable, but to highlight a handful:
    • Train and simulate
    • “3-2-1 Backup Rule”
    • Restrict RDP and block Office scripts
    • Isolate and power off

Final Thoughts
Critical sectors are prized targets. Regardless of potential state-sponsorship, industries like healthcare and energy are hit because their criticality (and thus the serious consequences of disruption) increases the likelihood of “accepting an offer you can’t refuse”. The extortionists have done their homework and the extra credit.

But Al Capone ran a sophisticated and lucrative racketeering operation too. Maybe somewhere, right now, the 21st century equivalent of Elliot Ness and his Untouchables are busy at their keyboards.

Staying Informed: Krebs, Cluley, and Schneier
Ransomware’s Extortion Levels