Intelligent CISO Issue 57 | Page 44

industry unlocked


Derrick Leau , Country Manager of Singapore , CyberArk , highlights the importance of securing the healthcare sector , discusses recent ransomware attacks on organisations in this industry and solutions to prevent these types of attacks .
he omnipresent

T ransomware threat is changing how healthcare organisations approach cybersecurity – from formalising practices to obtain cyber-insurance coverage to improving their ability to restore encrypted data after attacks . But as cyberattackers lean heavily on third-party vendors and suppliers to extort ransoms , remaining gaps across healthcare security frameworks are coming into focus , including a lack of identity security controls for securing and managing privileged accounts and third-party access .

Derrick Leau , Country Manager of Singapore , CyberArk
Healthcare is ransomware attackers ’ top target
According to the FBI , healthcare remains the most targeted industry by cyberattackers and based on the findings of the CyberArk 2022 Identity Security Threat Landscape Report , the average healthcare organisation faced two or more ransomware attacks over the past year .
While ransomware is far from new to the sector , attacks continue to grow in scale and sophistication .
Cybercriminal organisations have increasingly been heading towards the ‘ as-a-Service ’ model for some time . The Dark Web is now teeming with darknet marketplaces – such as AlphaBay – and underground forums where threat actors can sell or lease malicious tools and services . It is through these marketplaces that cyberattackers with little malware development experience can find virtually anything they need directly off the shelf , paying anonymously with cryptocurrency .
The most lucrative ‘ Cyberattack-as-a- Service ’ model is ransomware . Threat actors develop Ransomware-as-a- Service ( RaaS ) affiliate models either to be sold to profit off extortions or to hire others to do their dirty work .
Taking a broader view across the healthcare supply chain
In the healthcare field , it ’ s common to view ransomware and other cyberthreats as they relate to the electronic health record ( EHR ). However , healthcare organisations should consider a more comprehensive approach that includes everything from software to connected devices , legacy systems and anything across the network .
Maintaining healthcare service continuity involves better assessment and management of cybersecurity risks associated with third-party vendors across healthcare supply chains . To that end , Singapore ’ s Ministry of Health outlined several best practices that allow organisations to overcome challenges related to cybersecurity risk by using third-party IT assets .
In its Healthcare Cybersecurity Essentials report , some of the measures include :
1 . Creating an inventory of all IT assets including those provided by third-party vendors , so that healthcare providers will know where they can prioritise their cybersecurity .
2 . Understanding how the assets work including how data is collected and processed , the safeguards
44 www . intelligentciso . com