In an effort to help improve healthcare organizations’ resilience against ransomware, MITRE this week unveiled its new Ransomware Resource Center, offering an array of tools and strategies for IT and infosec professionals to better guard against the growing epidemic of costly malware.
WHY IT MATTERS
The Ransomware Resource Center tailors its many offerings around the role of the healthcare professional who might be accessing them – whether business manager, technical manager or IT or cybersecurity practitioner – and also around the five stages of the National Institute of Standards and Technology (NIST) Cybersecurity Framework: Identify, protect, detect, respond and recover.
It also offers a well-stocked resource library that’s searchable and can be filtered for the materials that might be the most useful.
The tools are drawn from MITRE’s own expertise, from government sources and from provider best practices. The goal is to convene a variety of resources in a single accessible and intuitive location, say MITRE officials, and to help “network defenders, IT administrators and business managers better prepare for, respond to, and recover from ransomware attacks.”
In a Q&A on the MITRE website, Joanne Fitzpatrick, lead cybersecurity engineer in MITRE’s Cyber Solutions Innovation Center, said particular attention was paid to small and/or underfunded IT and security staff.
“There are two key considerations,” she explained.
“First, such organizations typically have smaller IT and security departments, with a handful of talented people wearing many hats, and each responsible for several major operational IT areas. Staff tend to be experienced in the operations of their own organization, but often have little access to growth/training/professional development on cybersecurity issues, such as threats and attacks. Lack of time or budget is usually the reason.”
Moreover, at under-resourced organizations, there’s often “little-to-no extra staff available to dedicate to specialty cyber topics, such as threat modeling or attack surface assessments,” said Fitzpatrick.
“Second, we recognize that both small and large healthcare organizations may be targets for adversaries. Size does not matter. We’ve witnessed successful attacks at all types of health organizations. Adversaries may even exploit a smaller hospital as part of their attack navigation to exploit a larger, partnering organization.”
THE LARGER TREND
MITRE points to a recent report that showed 560 healthcare facilities suffered a successful ransomware attack in 2020 – and another that saw a 45% increase in exploitation attempts just in the past four months.
“We are currently fighting not only the COVID-19 pandemic, but also an epidemic that is spreading through cyberspace: ransomware,” said newly appointed Homeland Security Director Alejandro Mayorkas recently. “In addition to disrupting city governments, schools and companies, ransomware has also been disrupting hospitals and health care facilities, who are already strained, going above and beyond the call of duty during this ongoing crisis.
“Last October, CISA, together with other government agencies, warned of the growing threat of ransomware targeting the healthcare and public health sector,” he added. “Previous ransomware attacks illustrate the risk to COVID-19 vaccine deployment efforts that depend on key production and logistics facilities.”
Healthcare IT News recently put together a primer for how healthcare organizations should respond to such an attack.
ON THE RECORD
“We hope the Ransomware Resource Center will make two key contributions,” said Fitzpatrick. “It will inform hospitals and healthcare organizations about how to prepare, respond to and recover from such an attack. It also will share freely with the broader community the unbiased guidance and best practices that MITRE cybersecurity and cyber resiliency professionals have provided for years to our many federal government sponsors.”