protecting healthcare from cyberattacks - who's next?
TRANSCRIPT
![Page 1: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/1.jpg)
Protect ing Hea lthcare from Cybera t tacks - Who's Next?
1
Solutions Architect, Proofpoint
Chris Montgomery
DISCLAIMER: The views and opinions expressed in this presentation are solely those of the author/presenter and do not necessarily represent any policy or position of HIMSS.
Managing Director & Healthcare CISO, Proofpoint
Ryan Wit t
![Page 2: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/2.jpg)
2#HIMSS21
Welcome
Managing Director & Healthcare CISOProofpoint, Inc.
Ryan Wit tSolutions Architect
Proofpoint, Inc.
Chris Montgomery
![Page 3: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/3.jpg)
Healthcare OverviewThe leader in protecting people from advanced threats and compliance risk
Magic Quadrant leadership across:
Enhancing knowledge of HC
security challengesSecure Email Gateway
Information Archiving
Security Awareness Training
Leading Visionary
Leader for 7consecutive years
Leader for 6consecutive years
Leader for 7consecutive years
Cloud Access Security Broker
Healthcare Advisory Board
Trusted protection partner for health institutions
70% of 10 largest health systems
60% of top 30 not for profits
80% of top 20 hospitals
50% of top 10 children’s hospitals
70% of the “Blues”
74% of HC accountsin F100
twenty largest pharma orgs60%
3
![Page 4: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/4.jpg)
4
Cybersecurity Current State
Protecting Healthcare from Cyberattacks - Who's Next?
![Page 5: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/5.jpg)
#HIMSS21
2020 Was All About People Being Attacked…
5
2020 Cybersecurity Survey
![Page 6: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/6.jpg)
#HIMSS21
…And The Impact On Patient Safety…
6
2020 Cybersecurity Survey
![Page 7: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/7.jpg)
#HIMSS21
…And the Initial Point of Compromise
7
2020 Cybersecurity Survey
89% ViaEmail
![Page 8: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/8.jpg)
#HIMSS21 8
• 2021 Data Breach Investigation Report (DBIR)
• Significant pivot from network to people based attacks
2021?? Same Story, Different Year
![Page 9: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/9.jpg)
Targeted Threat Landscape by Attack Type: 2020 –2021
Spoiler Alert –it’s all about people being
attacked
![Page 10: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/10.jpg)
BEC:51%
Everything else: 49%
Source: Coveware Q4’20 Ransomware Report
Source: FBI/IC3 Source: 2021 Verizon DBIR
It’s Not Just Ransomware…
Ransomware: 90% successful attacks
via email
BEC: Larger losses than all
other threats combined
Data Breaches: 85% involve human element
Top 3 enterprise risks are all people-centric
![Page 11: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/11.jpg)
Supplier Fraud Accounts for Healthcare Largest Losses
11
Other BEC variants
Supplier Fraud
Source: Proofpoint/HIMSS: Addressing supply chain risk and patient safety, 2021
97%of monitored healthcare organizations have received a threat from a supplier domain via impersonation or BEC
different domains
200K10K
emails from over
Average healthcare organization received
98% received an email-basedthreat
![Page 12: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/12.jpg)
Modern Threat Landscape
More complex multi-stage threats
Malicious URLs
from file sharesin Q4 2019
SharePoint
One DriveOffice Forms
All Others
53.7%of malicious URLs from legitimate file shares
from Microsoft
Attacker Innovation: RYUK Infection Chain
![Page 13: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/13.jpg)
Source: Proofpoint threat data
98% of Proofpoint customers attacked
by a supplier/vendor
59,809,708malicious messages from Microsoft in 2020 from
2,510,154compromised accounts
Microsoft still not stopping many threats, but enabling millions
Compromised accounts fuel the entire threat landscape
Changing nature of work creates perfect storm for insider risk
Source: Proofpoint research
31% increase in insider threat incidents
$11.45M average incident loss
Source: Ponemon Institute, 2020 Cost of Insider Threats Global Study
Work From Anywhere Accelerates Risks
![Page 14: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/14.jpg)
14
Real World Healthcare Attack Examples
Protecting Healthcare from Cyberattacks - Who's Next?
![Page 15: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/15.jpg)
#HIMSS21
How COVID-10 Impacted Cybersecurity • Initially, significant portion of campaigns
featured COVID themed lures
• Early-stage campaigns focused on stoking a strong emotional response– PPE, ventilators
• Mid-stage campaigns focused on tax rebates, government policy updates, work from home incentives
• Late-stage lures focused on delivery service, vaccines, etc.
15
![Page 16: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/16.jpg)
#HIMSS21
Case Study – Pharma Life Science
16
• From TA505, known for large scale
crimeware campaigns
• Favored malware - SDBot RAT and
Get2 Downloader
• Targeted pharma market (78% of
250K message campaign)
• Focused on COVID-19 clinical
researchers
![Page 17: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/17.jpg)
#HIMSS21
Case Study – Health Insurers
17
• Lure – “Updating Our Privacy Policy Settings”
• Email spoofed to make it look like it comes from “Blue Cross Blue Shield Association”
• Link to a cloned portal purporting to be from Blue Cross Blue Shield of Michigan
• Goal – credential harvesting
![Page 18: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/18.jpg)
#HIMSS21
Case Study – Targeted Credential Phishing (Provider)
18© 2019 Proofpoint. All rights reserved
• Low volume, highly targeted
• Lure – Imposter email purporting to come from institution CEO re COVID travel restrictions
• Requested employees to download document from spoofed Microsoft website
• Once credentials provided, redirects to genuine WHO website to substantiate lure
• Goal – Credential Phishing
![Page 19: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/19.jpg)
#HIMSS21
Case Study – Children’s Hospital
19
• Lure – “Get Your Economic Stimulus
Payment”
• Use of Social Engineering –
referenced “US CARES Act”
• Target – pediatric care institutions
• Goal – PII / PHI, presumably for
identify theft
![Page 20: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/20.jpg)
20
Who in Healthcare is Being Attacked
Protecting Healthcare from Cyberattacks - Who's Next?
![Page 21: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/21.jpg)
#HIMSS21
Getting to Know Healthcare’s Very Attacked People
21
![Page 22: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/22.jpg)
Attacker’s View of 10 Hospital Health System
![Page 23: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/23.jpg)
23
The Malware Elephant in the Room
Protecting Healthcare from Cyberattacks - Who's Next?
![Page 24: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/24.jpg)
The Plague of Ransomware
“But the fact remains, despite the best possible efforts, our nation’s health-care providers —and all organizations— remain vulnerable to threat actors. ”
https://www.sandiegouniontribune.com/opinion/commentary/story/2021-06-10/opinion-scripps-ransomeware-attack-cybersecurity
![Page 25: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/25.jpg)
#HIMSS21
How Does Ransomware Enter Healthcare
25
Clicks on Malicious MessagesRepresent Attacker Success
![Page 26: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/26.jpg)
#HIMSS21
How Cyberattacks Become a Patient Safety Issue
26
Ransomware Explodes in Q2 2021
![Page 27: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/27.jpg)
Who Are Ransomware Actors Targeting?
Spoiler Alert –it’s all about people being
attacked
![Page 28: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/28.jpg)
Attackers Focus on Release of Information Department
Spoiler Alert –it’s all about people being
attacked
![Page 29: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/29.jpg)
#HIMSS21
Ransomware Actors Feel the Heat
29
![Page 30: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/30.jpg)
#HIMSS21
Recommendations • Adopt a people-centric security posture
• Use data on who’s being attacked to influence security strategy
• Train users to spot and report malicious emails
• Deploy robust email security and ability to prevent exfiltration (DLP)
• Build strong business email compromise defense system
• Adopt Zero Trust to enable remote working
• Isolate risky websites, URLs, and “happy clickers”
• Secure O365 and other cloud apps
30
![Page 31: Protecting Healthcare from Cyberattacks - Who's Next?](https://reader034.vdocuments.mx/reader034/viewer/2022051315/627ac7bd0fd03c2cd541a409/html5/thumbnails/31.jpg)
#HIMSS21
Thank you!
Ryan WittManaging Director & Healthcare CISOProofpoint, [email protected] Twitter: @WittRZ LinkedIn: https://www.linkedin.com/in/ryanzwitt/
31