Author’s Note: BlackBerry completed its acquisition of Cylance on February 21, 2019 and is currently selling the CylancePROTECT® solution under the newly rebranded name BlackBerry® Protect. All references to the Cylance organization and its branded products and services in this case study utilize BlackBerry branding.
A successful ransomware attack can have disastrous consequences for a small healthcare provider. Such was the case for Wood Ranch Medical in Simi Valley, California, and Brookside ENT and Hearing Center in Battle Creek, Michigan. Both organizations were forced to close their doors after access to patient data was irretrievably lost due to catastrophic ransomware attacks.
The same fate could have befallen Cozad Community Health System (CCHS), where 200 employees provide a comprehensive array of healthcare services to the roughly 23,500 residents1 of Dawson County in central Nebraska. These include a community hospital, outreach, medical, physical therapy, and wound care clinics, as well as assisted living and home health and hospice facilities.
In December 2018, IT Director Jamion Aden was awakened after midnight by an urgent call from his Desktop Administrator, Dustin Holbein. Emergency Room staff at Cozad Community Hospital were requesting immediate assistance because they were unable to print out the paperwork required to transfer a patient to a higher level of care. Holbein had already determined that the printing problem was not confined to the ER. Every networked printer in Cozad Community Hospital was offline. He had also noticed unfamiliar files with odd extensions running on the ER’s file and print servers.
Aden immediately recognized the files as malware. He promptly shut down the infected servers and deployed firewall rules to isolate the servers and their subnet from the enterprise network. Thanks to his quick thinking and decisive actions, Aden averted a Ryuk ransomware attack that could have disrupted patient care, compromised patient data, and extorted tens of thousands of dollars in ransomware recovery and remediation costs. He would subsequently lead a successful effort to upgrade CCHS’s endpoint security infrastructure by deploying BlackBerry® Protect.
Healthcare Providers and Small Businesses in the Cross Hairs
Healthcare organizations like CCHS make attractive targets because of their easily monetized patient and medical data and their often limited staff and security resources. CCHS is doubly challenged because threat groups are targeting small- and medium-sized businesses (SMBs) with greater frequency and impact than ever before. Nearly two thirds (66%) of the respondents to a Ponemon Institute survey reported they had been attacked within the previous 12 months, and the incidence of data breaches increased overall from 54% in 2017 to 63% in 2019.
The ransomware risks for healthcare firms can only increase. Cybercriminals are continually refining their tactics, techniques, and procedures to make their attacks more efficient and profitable. In a recent blog, for example, the BlackBerry® Threat Research team profiled Zeppelin, a form of Ransomware-as-a-Service (RaaS) optimized to attack tech and healthcare firms. Zeppelin is wily and sophisticated, utilizing obfuscation and environment-awareness techniques, among others, to successfully evade signature-based endpoint defenses.
After going underground for a time, Ryuk ransomware re-surfaced as a major threat to the healthcare and public health sector this year. An October 28, 2020 cybersecurity advisory warns of “…credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers”. According to a KrebsonSecurity report, the Ryuk threat group is planning to attack more than 400 healthcare facilities in the U.S. alone.
These plans are part of an ongoing effort by threat groups worldwide to exploit the stresses and dislocations caused by the COVID-19 pandemic. “COVID has undoubtedly caused an increase in attacks on healthcare organizations,” says Thomas Pace, former Vice President, Global Enterprise Solutions at BlackBerry. “The potential impact of attacks on healthcare is severe and significant.”
CCHS’s Ongoing Commitment to Serve Dawson County Residents
Although aware of these cyber risks, CCHS is focusing on its core mission to deliver quality healthcare services to Dawson County residents, where caregivers spent the 2020 holiday season on the front lines fighting the COVID-19 pandemic. “I’ve been inspired by the courage and commitment our caregivers and support staff have demonstrated throughout the crisis,” says Aden. “We owe them all a debt of gratitude.”