Cyberattack disrupts operations at major US health care network

In the latest development, a significant US healthcare system has been forced to divert ambulances from "several" of its hospitals due to a cyberattack earlier this week. Ascension, a nonprofit network based in St. Louis with 140 hospitals across 19 states, disclosed that the attack has disrupted access to electronic health records, certain phone systems, and systems used for ordering tests, procedures, and medications. The network, which also operates 40 senior living facilities, announced that it would be employing downtime procedures for the foreseeable future, resorting to backup processes such as paper records to maintain patient care while systems are down.

According to sources familiar with the matter, Ascension fell victim to a ransomware attack, with the ransomware identified as Black Basta. This particular ransomware has targeted healthcare organizations in recent years and is associated with a criminal group that includes Russian speakers, as reported by the Department of Health and Human Services. The Health Information Sharing and Analysis Center issued an advisory highlighting an uptick in Black Basta ransomware attacks against the healthcare sector globally, including recent incidents in Europe and the US causing severe operational disruptions.

Following the attack, Ascension has taken standard steps common to organizations hit by cybercriminals, including notifying federal authorities, enlisting cybersecurity firm Mandiant to assist in recovery efforts, and shutting down systems to mitigate further damage. Senior US officials have been in regular communication with Ascension's CEO to assess the impact on patient care.

The extent of the impact on Ascension's hospitals and the number of ambulances redirected due to the cyberattack remain unclear. Ascension spokesperson Gene Ford has not responded to requests for comment.

This incident adds to a string of major cyberattacks on US healthcare networks, raising concerns about the sector's vulnerability to disruptive cyber threats. A notable incident earlier this year involved a ransomware attack on Change Healthcare, a subsidiary of UnitedHealth Group, which resulted in billing disruptions at pharmacies nationwide. UnitedHealth CEO Andrew Witty testified before Congress, revealing that a significant portion of Americans' personal data was compromised, and the company paid a $22 million ransom to protect patient data. These attacks have prompted heightened scrutiny from lawmakers and government agencies regarding the resilience of the US healthcare system against cyber threats.

The lessons learned from ransomware attacks in a broader, global context, considering impacts on organizations of varying sizes:

1. Cybersecurity Preparedness: All businesses, regardless of size or industry, must prioritize cybersecurity preparedness. Implementing robust cybersecurity measures, such as regular software updates, firewalls, and intrusion detection systems, is essential to defend against evolving cyber threats.

2. Data Protection: Protecting sensitive data is critical for all organizations. Implementing encryption, access controls, and data backup procedures can help prevent data breaches and minimize the impact of ransomware attacks. This applies not only to healthcare organizations but also to businesses in finance, retail, manufacturing, and other sectors.

3. Incident Response Planning: Developing and regularly updating an incident response plan is essential for all businesses. This plan should outline procedures for identifying, containing, and recovering from cyber incidents, as well as communication protocols with stakeholders and authorities.

4. Employee Training: Educating employees about cybersecurity best practices is crucial for all businesses. Training programs should cover topics such as recognizing phishing emails, using strong passwords, and reporting security incidents promptly. This is relevant for organizations of all sizes, including small and micro businesses.

5. Transparency and Communication: Open and transparent communication during and after a cyber incident is vital for all organizations. Promptly informing customers, employees, and regulatory agencies about the breach helps maintain trust and facilitates a coordinated response to mitigate the impact.

6. Regulatory Compliance: Compliance with relevant regulations and standards is necessary for businesses operating in various industries and regions. Adhering to frameworks such as GDPR in Europe or CCPA in California helps ensure the protection of customer data and minimizes the risk of regulatory penalties.

7. Ransomware Risks: Ransomware attacks pose significant risks to businesses of all sizes and across industries. Understanding the tactics employed by cybercriminals and implementing effective cybersecurity strategies, such as regular data backups and network segmentation, is essential for mitigating these risks.

8. Impact on Different Businesses: Ransomware attacks can have varying impacts on businesses depending on their size and industry. Large enterprises may face significant financial losses, reputational damage, and regulatory scrutiny, while small and micro businesses may struggle to recover from the financial burden and operational disruptions caused by an attack.

Overall, the lessons learned from ransomware attacks apply universally to businesses worldwide, emphasizing the importance of proactive cybersecurity measures, effective incident response planning, and continuous employee training to safeguard against cyber threats.

In the context of Sri Lanka, where many small and medium-sized enterprises (SMEs) and medium-level businesses may lack preparedness for cyber incidents like ransomware attacks, several actions can be taken to enhance cybersecurity resilience:

1. Government Support and Awareness Campaigns: The Sri Lankan government can provide support to SMEs and medium-level businesses by offering cybersecurity training programs, workshops, and awareness campaigns. These initiatives can educate businesses about the risks of cyber threats and the importance of implementing basic cybersecurity measures.

2. Cybersecurity Guidance and Resources: The government or relevant authorities can develop and distribute cybersecurity guidance documents and resources tailored specifically for SMEs. These resources should include practical advice on implementing cybersecurity best practices, such as installing antivirus software, conducting regular software updates, and creating strong passwords.

3. Public-Private Partnerships: Collaboration between the government, private sector, and cybersecurity experts can facilitate the sharing of knowledge, resources, and expertise. Public-private partnerships can support SMEs in accessing affordable cybersecurity solutions, training, and technical assistance.

4. Financial Support and Incentives: The government could consider offering financial support or incentives to SMEs to invest in cybersecurity measures. This could include grants, subsidies, or tax incentives for businesses that implement cybersecurity technologies or undergo cybersecurity training programs.

5. Cyber Insurance Options: Encouraging the adoption of cyber insurance among SMEs can help mitigate the financial impact of cyber incidents. The government could work with insurance providers to develop affordable cyber insurance options tailored to the needs of SMEs and medium-level businesses.

6. Incident Response Planning: Encouraging SMEs to develop incident response plans can help minimize the impact of cyber incidents. Businesses should have protocols in place for detecting, containing, and recovering from cyberattacks, as well as procedures for communicating with stakeholders and reporting incidents to authorities.

7. Sector-Specific Initiatives: Considering the diverse nature of SMEs in Sri Lanka, sector-specific cybersecurity initiatives may be beneficial. Tailored guidance and resources for industries such as manufacturing, agriculture, tourism, and retail can address specific cybersecurity challenges and requirements.

8. Capacity Building and Technical Assistance: Providing technical assistance and capacity building support to SMEs can help them strengthen their cybersecurity capabilities. This could involve training programs, workshops, and access to cybersecurity experts or consultants who can assist businesses in implementing effective security measures.

In summary, addressing the cybersecurity challenges faced by SMEs and medium-level businesses in Sri Lanka requires a comprehensive approach that involves government support, public-private partnerships, financial incentives, and targeted capacity-building initiatives. Despite economic challenges, investing in cybersecurity preparedness is essential to safeguarding businesses and maintaining resilience in the face of evolving cyber threats.

Written by : Sanjaya Gunasiri

Copyright © 2023 Pragmatic Engineering. All rights reserved.