Ransomware Attacks on French Hospitals Shows Unrelenting Threat to Healthcare Sector
Password managers are now an absolute must for healthcare providers.
Ransomware attacks pummeled the healthcare industry last year. And now, 2021 is off to another not-so-great start, as a recent rash of attacks on French hospitals has shown.
Dashlane had predicted back in 2019 that cybercriminal activities would start impacting critical facilities, whether that’s hospitals or nuclear plants. As Dashlane’s CTO Frédéric Rivain notes, “This is unfortunately now happening, and even though actual deaths have yet to be tied to those attacks, this will happen. If that were to happen to power grids, to transportation systems (airports, train), it could have massive consequences.”
As the healthcare sector grapples with this unrelenting threat, hospitals and other healthcare providers could apply some of the lessons learned from these attacks to their own security programs. Although it’s challenging to protect the dynamic healthcare environment when resources are stretched thin, effective tools—like password managers—are simple and inexpensive to implement.
What happened in the French hospitals ransomware attacks?
Attackers hit two hospitals in France with ransomware within the same week, prompting French President Emmanuel Macron to dedicate 1 billion euros to a new, national strategy for fighting healthcare cyberattacks.
The hospitals didn’t pay the ransom. However, operations were disrupted. At one hospital, staff had to cancel surgeries and redirect patients to other facilities for treatment. At another hospital, almost all information systems were paralyzed, rendering radiotherapy machines and other equipment inoperable.
There’s little information available about the chain of events in these attacks. But the French National Agency for the Security of Information Systems (ANSSI) believes they may be the work of a Russian gang known for similar activities.
The actors used Ryuk, a ransomware strain that’s been involved in many healthcare attacks around the globe in the last couple of years. This includes last year’s attack on major healthcare provider Universal Health Services (UHS), which suffered an estimated loss of $67 million as a result.
Like the French hospitals, UHS—which serves 3.5 million patients at 400 U.S. and U.K locations—had to redirect patients elsewhere and cancel appointments. Staff also had to revert to all-paper methods. It took close to a month to restore the IT systems.
Why are the recent attacks significant for the healthcare sector?
According to local media reports, France has seen 27 major cyberattacks on healthcare last year, and the pace has continued at about one per week this year. But France is far from unique.
In the United States, ransomware attacks on the healthcare system became such a big concern last year that the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued a joint alert warning providers about an imminent threat.
“CISA, FBI, and HHS assess malicious cyber actors are targeting the healthcare and public health sector with TrikBot and BazarLoader malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services,” the warning stated. “These issues will be particularly challenging for organizations within the COVID-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments.”
Ryuk a particularly bad problem
CISA’s alert noted that threat actors often use TrickBot to deploy a payload for Ryuk, a ransomware strain that first appeared in 2018. This strain is worrisome not only because it’s involved in many healthcare attacks, however.
Ryuk, which was one of the most-observed families in 2020, has evolved. Security experts warn this ransomware has become more dangerous than ever because it now has the capability to self-propagate within the network.
Researchers from France’s ANSSI say this evolved version typically self-propagates by compromising a privileged domain account. They believe that one way to stop the worm activity is by changing the password or disabling the account.
Ryuk, of course, is just one of the many ransomware families at attackers’ disposal. Last year, ransomware was the most-popular type of attack across all industries, according to IBM Security X-Force annual Threat Intelligence Index. The success of these attacks across the board are, indeed, a serious concern.
Why password managers are essential
Compromised or weak passwords enable cybercriminals not only to gain access to a network but also to move laterally. To gain a foothold into the network, for example, they commonly use commercial, off-the-shelf products to steal credentials, according to CISA. To move laterally, they also use native tools like Remote Desktop Protocol (RDP), and brute-force attacks using weak, default, or compromised passwords is a common technique for accessing RDP.
“With limited resources, it is even more important to ensure proper awareness from the medical staff, and rely on securing that weak link with good IT and security hygiene,” Rivain says. “It does not require costly solutions, but the same way dentists will teach you how to brush your teeth and floss, medical staff should be taught about password hygiene, phishing, and other social engineering attacks. Cheap solutions such as password managers are a must-have in that context.”
How can Dashlane help?
Dashlane’s password manager can help prevent ransomware from getting a hold on your system by enforcing strong password practices and eliminating the risks of weak, default, and compromised passwords. Dashlane is far more than a password manager—it also gives you simple but effective tools to understand and improve your organization’s password health.
To learn more about how Dashlane can help your organization improve its password practices, download our e-book, A Practical Guide to Cybersecurity with a Password Manager.