Zev Brodsky
Mar 21, 2022

Protecting Against Healthcare Ransomware Attacks with MFA

Security and data breaches are a major concern for every organization, and even more so for healthcare providers. The sensitivity of healthcare and patient data and the critical need for the 24/7 functioning of life-supporting medical equipment are the key reasons why this vertical is extensively targeted by ransomware attacks. Additionally, the average healthcare organization lacks security resources and relies on legacy and unsecured systems. These reasons explain why cyberattacks are more successful in the medical field compared to other industries.

 

The healthcare threat landscape is changing as organizations deploy more cloud-based applications to improve productivity and improve patient care. Additionally, healthcare providers and physicians have embraced telehealth, which has increased the attack surfaces and vulnerabilities for healthcare organizations to defend against.

 

To help healthcare organizations with the different security challenges, the security community has developed innovative technologies that make identity theft increasingly difficult. The most effective of these solutions is multi-factor authentication (MFA). Modern MFA solutions have replaced passwords and other identification methods, which were easy to exploit and decrease the likelihood of an attacker gaining access to organizational resources.

 

While MFA is the ideal solution in theory, it has usability and flexibility gaps that create friction for medical professionals’ adoption. To solve this gap of identity access protection, Silverfort is the first solution that delivers MFA protection by communicating directly with the IAM (Identity and Access Management) solution itself, monitoring the authentication protocols, and enforcing MFA on top of them.

 

Increased Attack Surface

 

With the rapid adoption of modernized technology and applications, healthcare organizations’ attack surfaces are increasing by the day. More healthcare organizations are adopting cloud-based applications and services to simplify their IT operations, which also allows them to increase clinical productivity and improve patient care. On the other hand, by adding more cloud-based services to their existing healthcare IT architecture, the resulting mix of on-prem and legacy applications increases the number of exposed attack surfaces.

 

Additionally, one of the more recent challenges facing healthcare organizations is protecting the attack surfaces of telehealth. Telehealth has advanced the adoption of remote working, cloud-based tools and applications. While this has been a positive for both medical professionals and their patients, it comes with major security risks. It has increased the amount of connected medical devices and technologies, which has resulted in a major growth of successful cyber attacks on healthcare organizations.

 

Healthcare Needs More Security Staff

 

Security is a harsh discipline for those who don’t invest in security experts and technology. The problem for most healthcare organizations starts with their personnel. Like most industries, healthcare experiences a security skill and headcount shortage. Without the proper amount of experts in place, organizations will be challenged to minimize the vulnerabilities and attacks in hospital networks and medical devices while designing, implementing, and maintaining new security features.

 

Healthcare and Ransomware

 

The healthcare threat landscape has drastically evolved over the years and ransomware is the primary attack-type of choice. From an attacker’s perspective, targeting healthcare organizations can be financially motivating due to hospitals’ wiliness to pay ransomware payout to ensure that sensitive data won’t be exposed. Additionally, attackers could be motivated by the fact that the healthcare industry has reduced security postures compared to other industries and is seen as an easy and fruitful target.

 

As patient lives are placed at risk when systems fail or are down, it forces healthcare organizations to have a zero-tolerance approach to downtime when a ransomware attack occurs. Aside from the financial motivation, patient data are a far richer reward for attackers; healthcare data is the most valuable kind of stolen personal information, as patient records can fetch up to $1,000 each on the dark web.

 

As ransomware evolves so does the drastic result the attack can have on healthcare organizations. Attackers can extract sensitive data without compromising their efforts to extract ransoms. New strains of ransomware can enable attackers to drain out the outpatient records while locking down systems simultaneously. In response, healthcare providers have no choice but to invest the money and resources to ensure they won’t fall victim to devastating ransomware attacks.

 

MFA is the Answer

 

For healthcare organizations to improve their data protection it must start on the identity level, and therefore multi-factor authentication (MFA) is the solution to protect the identity of their employees.

 

MFA requires users of a website or application to identify themselves as evidence that they are whom they say they are. This has allowed modern MFA solutions to completely replace passwords and other identification methods that are easy to exploit. MFA helps improve identity security and decrease the chance of authorized access occurring and gaining access to sensitive resources and records.

 

Not only is MFA more secure, but it is more user-friendly and increases productivity. Many healthcare companies require their employees to use a new security key on top of a complicated password every time they log in which complicates the process. On the other hand, MFA speeds up the process by simplifying logins and authentication without creating friction with the user.

 

Is MFA Right for Healthcare?

 

While MFA is the ideal solution for authenticating identity, it needs to be implemented and used correctly. Traditional MFA solutions add complexity and increase the number of moving parts in the authentication process. This results in potential authentication system failure, which defeats the entire purpose of deploying an MFA solution. While a good MFA solution shouldn’t have much downtime, it can occur. When it does, it impacts user productivity.

 

Medical professionals typically can’t afford slow authentication processes, as they need a solution that will log in them instantly and authenticate their identity. For example, the badge system that most hospitals have deployed: a healthcare worker taps a badge on a reader to log in and out; by swiping their badge, they now have all the access to medical systems and patient records. This creates a major security risk as not every healthcare worker should have access to everything, especially if an attacker has exploited the user’s badge identity and can suddenly move laterally.

 

Many doctors, especially in the emergency medical field, have been hesitant to deploy MFA due to not being by their phone at all times but this should not affect the entire organization. Instead, these doctors and systems should be put into a specific security group and their security team needs to create specific risk-based and behavior-based policies for these medical professionals and monitor their access activity daily to ensure there is no malicious activity.

 

The Solution: Unified Identity Protection Platform

 

To help healthcare organizations solve the different security challenges of identity access and threat protection, Silverfort has pioneered the world’s first Unified Identity Protection platform that consolidates security controls across corporate networks and cloud environments to block identity-based attacks.

 

Silverfort seamlessly integrates with all existing MFA solutions and extends MFA to any resource and access interface across the on-prem and multi-cloud enterprise environment. This includes assets that couldn’t be protected with MFA before, such as medical legacy devices and applications, IT infrastructure, and more.

 

Silverfort analyzes the context of each user (or service account) access request, leveraging Silverfort’s AI-driven risk engine. It then applies the appropriate access policy. For example, if the risk level is high, Silverfort can step up the authentication requirements and require the user to authentication with MFA. This process can stop an attacker from moving laterally and running a successful ransomware attack. By enforcing MFA at the identity level it creates another layer of security against incoming identity attacks.

 

Learn more about Silverfort’s Unified Identity Protection platform.