‘Criminals don’t really care and possibly don’t even know who system owners are’
Recently, a gang of international cyber criminals launched an audacious and ruthless attack on the IT networks of the Irish healthcare system, described as being widespread and possibly the most significant attack ever experienced by the state.
The significant ransomware attack was detected by the Health Service Executive (HSE), forcing a complete shutdown of its systems, resulting in health and social care services being severely impacted.
Fortunately, it would appear the only data losses were of an administrative nature, but the collateral damage, in this case, and particularly at this time, will be potentially felt by tens of thousands of people across Ireland. We spoke to DTG’s Cyber Security Consultant, Johnny Gwynne to understand more about this event and what lessons we can all learn from it.
Johnny, can you explain more about how ransomware attacks work?
Ransomware is a type of malware that threatens to publish the victim’s data or block access to it unless a ransom is paid. Attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening, but they can also infect systems without user interaction. It is estimated over 300 million ransomware attacks took place worldwide last year, an increase of more than 60% over 2019.
Why would criminals want to target a healthcare system?
Simply put, they don’t really care and possibly don’t even know who the system owners are. These international gangs are constantly probing, trying to breach security systems of organisations and businesses around the globe, looking to obtain data of any kind, that someone will be prepared to pay a ransom for. This example perfectly highlights how no one and no sector is immune to these kinds of attacks.
If only administrative data was taken, how is this seen as such a significant attack?
Whilst data handled by a healthcare IT system may not be of great monetary value, many critical decisions made around patient care are based on computer records and results. In this case, the HSE acted quickly to shut down their systems to prevent the attack from spreading, but this then had an immediate impact on the country’s ability to deliver crucial patient care.
What can we learn from this attack?
System impact was minimised due to the swift activation of the HSE’s crisis response plan. Time is critical in these situations and so having a well prepared and well-rehearsed course of action to follow can prevent a lot of damage. However, stopping an attack is only the start of your problem. As this example shows, you need to not only be prepared for how you continue to run your business with your IT systems down, but you also need to be prepared for the financial cost of repairing or upgrading your cyber defences and the time this will take to implement.
How can DTG help in this situation?
DTG specialise in the Operational Technology (OT) or industrial space, rather than the IT systems mentioned above, but the need to understand risk is no different. Risk is the product of ‘threat’ multiplied by ‘vulnerability’. Businesses can do little or nothing to reduce the threat caused by the criminal – in this context the cyber attacker. However, the good news is that organisations are not powerless here. They can significantly reduce their vulnerability, target hardening their operating environment and thus reducing overall risk exposure. It makes prudent business sense for organisations to protect OT environments which underpin revenue generation by deeply understanding how well protected (or not) their OT layer is. Business has become increasingly more focused on, and successful in, improving IT cyber security but OT is different and is an area at danger of being under resourced. Criminals prey on vulnerability and exploit the smallest gap in defences. Time spent reviewing and strengthening OT cyber defences is without doubt time well spent. Failing to prepare when you have time is quite simply preparing to fail.
DTG recently launched a revolutionary Industrial Cyber Assessment tool (CAsT), which identifies security weaknesses in OT systems and offers solutions to increase an organisations resilience to emerging cyber threats. Through extensive data collection, CAsT compiles a detailed OT asset inventory, identifies security weaknesses, and proposes risk reduction solutions. Using data visualisation software, these solutions are simulated, making it easy for decision makers to address their immediate OT cybersecurity needs and incrementally tackle less significant risks, protecting business and digital operations from the detrimental effects and disruption of cybercrime.
DTG can also provide bespoke Industrial (OT) Cyber Security training for staff, available in various formats including traditional face to face, online live webinar or on demand e-Learning modules.
Our combined approach offering OT Cyber Training in conjunction with the CAsT application is a game changer for process industries looking to improve their OT cybersecurity in critical infrastructure.
For more information, contact us at [email protected] or visit our website www.digtechgroup.com.
Read our previous Cyber related blogs!
