Why do you rob banks, Clyde?
Because that's where the money is.
Healthcare organizations, already an attractive target for ransomware given the highly sensitive data they hold, saw such attacks almost double between 2020 and 2021, according to a survey released this week by Sophos. The outfit's team also found that while polled healthcare orgs are quite likely to pay ransoms, they rarely …
> Healthcare organizations ... saw such attacks almost double ... are quite likely to pay ransoms
So apart from directly financing crimes (and maybe state-sponsored terrorism) they are attracting more attacks on themselves.
But never mind, they can just pass on the costs to their patients. So why worry?
Outside the US, quite a few countries have tax payer funded healthcare. Such organisations usually struggle to get by under strict limited budgets, and have staff who are dedicated to providing the best care they can with the available resources.
It seems particularly stupid for ransomware attackers to target hospitals which have been running many millions over budget for several years, so have no available cash to pay out anyway. These evil people are not very good at researching their targets.
-> Wray said Iranian government-supported threat actors tried to hack into the hospital's network and used the incident – which he called "one of the most despicable cyberattacks I've ever seen"
Meanwhile the USA and its hideous sanctions have led to numerous deaths in Iran. They cannot buy medical equipment on the open market. So fuck Mark Wray and the FBI.
The trouble with healthcare is that many pieces of specialised equipment have a base OS of something ancient which is unpatched and cannot be patched. For example, some kind of scanner (which I personally saw just prior to covid) ram an embedded version of NT4 as it’s base with some custom upper layers to drive and present the scanning system to the operator.
It’s not as simple as “just upgrade” because the kit vendor provides maintenance which involves what they say it needs, such as aligning and calibrating the imagery systems themselves and not much else.
Traffic whitelisting, and overlays such as VXLAN or SDA can help but won’t solve all the problems.