Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
UMC Health System was hit by a ransomware attack at the end of September. The attack caused the healthcare institution to divert patients to other clinics.
Initially, the healthcare provider was unable to process messages from the patient portal. Also, their website was unavailable for a period.
Three days after announcing the incident, one of their employees posted on Reddit that they had lost access to email:
I’m a TTUHSC employee and seems the entire ttuhsc site is down today. Can’t get into my TTUHSC email from any device and I also seem to be locked out of my associated TTU email address.
Source – r/Lubbock
However, due to their IT team’s effort to contain the incident, most of its services are now functional, including Emergency Centers and Urgent Care Clinics.
More about the UMC Health System ransomware attack
On September 26th, the IT team observed some unusual activity within the systems. Security specialists launched an investigation and put the systems offline as a first measure of incident response.
The investigation revealed that hackers targeted UMC Health System with ransomware incident. For now, none of the main ransomware threat groups claimed the attack.
How to prevent ransomware attacks on healthcare providers
Healthcare providers and public services were lately a focus target of ransomware gangs. Clinics and hospitals collect and store huge amounts of personal data. Also, hence their critical impact activity, which is often a life-or-death matter, these institutions are extremely sensitive at loosing access to databases. In their case, hackers encrypting patient data can put transfusions, operations, medication, etc. on hold.
The high value of stored data and the intrinsic sense of urgency make healthcare providers a valuable target for attackers.
But there’s more to this story. Healthcare providers are also notoriously vulnerable in front of cyberattacks. In many cases, their IT teams confront with issues like
- lack of funding
- outdated security technology
- lack of skilled personnel
- large attack surface, due to the variety of devices that connect to their networks
- a complex infrastructure running on various operating systems and executing various software
DNS security is an effective ransomware prevention measure that helps block ransomware attacks in three ways:
- detects and stops malicious communication attempts on the spot
- stops malware that is already on a device to connect to a Command-and-Control Server and install encryption software
- prevents data exfiltration, by cutting off malicious communication
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
