Healthcare OT Facilities Remain Exposed as Industry Experienced 68 Attempted Ransomware Attacks in Q3

Healthcare facilities are prime targets for hackers, given their legacy devices and wealth of patient data. “With the high cost of each attack, healthcare providers must protect facilities so they can safely deliver excellent care without interruption,” said Ilan Barda, CEO of Radiflow.

Last month saw an alarming rise in cyber attacks against healthcare facilities. Ransomware attacks across the globe locked 68 care providers out of their respective networks during Q3 of this year alone, threatening patient safety and privacy. Experts fear that patients will suddenly be unable to receive critical care at a targeted facility without a holistic whole-facility cybersecurity approach.

Johnson Memorial Health Hospital in Franklin, Indiana, US, and the Hillel Yaffe Medical Center in Hadera, Israel, are just two examples of the attacked medical facilities. At Johnson Memorial, the early-October attack locked databases and exposed patient data. Days after the attack, a ransom amount was strangely not yet requested. In early November, Hillel Yaffe Medical Center was attacked by an allegedly Iran-backed group, Black Shadow. The personal data of 290,000 individuals were released, and investigators estimated that it would take many weeks to recover and understand the full scope of what had been accessed.

As healthcare facilities modernize, their legacy OT equipment becomes vulnerable to hackers. Water, HVAC, oxygen, electrical, and other critical systems are connected, yet may fall short of proper cybersecurity monitoring and protection. Compromising any of these utilities will negatively impact patient care, potentially threatening the lives of those being treated.

“Accessing patient data is worrisome, but the idea of hackers gaining access to components in a specific ward or even a single operating room is alarming,” said Ilan Barda, CEO of Radiflow. “CISOs at facilities should focus on both IT systems and OT environments, starting from risk assessment to threat monitoring. There should be continuous holistic risk management for more mature organizations that combine both IT and OT systems. With Radiflow, teams can monitor  the full range of a healthcare OT security from one central location.”

The US Department of Health and Human Services (HHS) had warned about the alarming trends in 2021, with 68 global attacks on healthcare facilities in Q3 of this year alone. Companies such as Radiflow, partnering with MSSPs around the globe, have spent over a decade protecting OT facilities by creating purpose-driven technologies to monitor complex always-on systems, such as those found throughout hospitals. “CISOs today need to allocate resources carefully. To optimize their resource allocation, they can use CIARA OT-BAS tool to monitor for weak points and assess their risk exposure,” said Barda.