A ransomware attack has hit over a hundred Romanian healthcare facilities, including dozens of hospitals.
The attackers have demanded 3.5 bitcoin, worth over £130,000 to unlock the files. But cyber-officials have claimed the data had been recently backed up, reducing the impact – and possibly meaning that the facilities should be able to bounce back rapidly.
Matt Aldridge, Principal Solutions Consultant, OpenText Cybersecurity, said: “This latest ransomware attack is sadly unsurprising, given healthcare is a common target for cybercriminals. As medical facilities’ services are essential and often cannot be disrupted without severe risk to patients, the industry is very much in the spotlight and therefore must put in place strong cyber-resilience strategies to limit outages and keeping continuity of patients care at the forefront is key.
“The fact that in this instance the data has been recently backed up shows that those protecting these facilities have correct procedures in place to reduce the severity of these attacks. All organisations should securely back up their data, so systems can be quickly restored – which in healthcare is a definite necessity.
“Other best practices include implementing cybersecurity technology such as email filtering, anti-virus protection and sensible password policies. Also, security awareness training should be implemented for staff from day one, ensuring they are vigilant in scrutinising the types of emails, messages and phone calls they receive.
“It is also incredibly important to adopt a multi-layered approach when it comes to a defence strategy. In fact, we found in our 2023 OpenText Cybersecurity Threat Report that doing so is core to cybersecurity and cyber-resilience. Ultimately, the more processes, tools, and systems an organisation has in place to protect and recover data, the less likely an attack will succeed. Multi-layered cybersecurity controls must be deployed to help detect or block anything that breaches the first line of defence – the people of the healthcare facilities.”
Joseph Dollin, Director of Public Sector UK&I, at Gigamon, said: “The ransomware attack on Romania’s healthcare system is one of the most cynical we have seen so far, intentionally targeting 25 hospitals and forcing more than 70 others to take their systems offline. Unfortunately, all too often bad actors know the potential for disruption is an opportunity to extort more money from their victims, and downtime in the healthcare sector can have life-or-death consequences.
“Whilst it is great to see that so many of the targeted hospitals in Romania had recent back-ups to fall back on, limiting the level of disruption and protecting their day-to-day operations, it is vital that healthcare organisations and any enterprises that make up critical national infrastructure, take note
of this incident and proactively protect themselves against similar attacks by preparing their IT infrastructure to detect and protect against imminent threats from intruders.
“Firstly, know your footholds. The number of connected medical devices within the Internet of Medical Things (IoMT) is rising, but IoMT is often highly vulnerable to cyberattacks. This is mainly because 5G technology increases the ‘attack surface’ for malicious actors by introducing a whole new class of targets to the Internet-connected ecosystem. As a precaution, the targeted Romanian hospitals have disconnected these devices, including MRI machines, from the Internet.
“With this additional risk, all healthcare security leads should exercise in-depth defence with robust infrastructure monitoring. End-point detection is not enough; seeking visibility into east-west traffic (information that travels internally) and north-south (data from external sources) is crucial to detecting and remediating laterally moving threats before they can cause more damage. This includes analysing all encrypted traffic, which is used to mask 93% of malware attacks.” Javvad Malik, Lead Security Awareness Advocate at KnowBe4, said “Attacks against healthcare systems have been growing. The UK has had its fair share of attacks against the NHS, and every time a health provider is attacked it can compromise not only personal data, but can also lead to severe consequences for patient care.
“Unfortunately, it’s one of the continuing stark reminders of the necessity for robust cybersecurity measures, regular system updates and back-ups. Moreover, because social engineering plays a significant role in breaches, it highlights the importance of cybersecurity awareness and training among staff at all levels within the healthcare sector.
“Responding to such attacks requires a coordinated effort, not just in the immediate technical response, but in long-term strategies such as building a strong security culture to bolster resilience against future attacks. Cybersecurity is not just an IT issue; it’s a fundamental component of patient care.”
Click below to share this article
