The WannaCry ransomware attack has reinforced the fact that the healthcare sector faces very-real threats online.
WannaCry demonstrated to the general public that a cyberattack can bring a healthcare system to its knees overnight, with medical professionals left needing to handwrite notes, cancel operations, and unable to access patient data.
Organisations such as the NHS and other healthcare systems around the world remain desirable targets, which is why effective cyber defences are imperative.
It is, therefore, vital that those responsible for securing network systems understand these emerging threats and the adversaries behind them.
As cybercriminals and other malicious cyber actors continue to demonstrate their interest in targeting healthcare organisations; it is crucial to recognise the integral role of the deep and dark web. After all, most breaches, and the resulting compromised healthcare information, are in many ways intertwined within these regions of the internet.
The deep and dark web
The dark web refers specifically to a collection of websites that exist on an encrypted network. They cannot be found via traditional search engines or visited using traditional browsers.
The deep web, meanwhile, refers to all web pages that search engines cannot find.
It is on the deep and dark web that cybercriminals have been known to develop and discuss many cyber attacks before they occur.
The threats posed by the deep and dark web can be broken down into three main concerns:
1) It allows the sharing of best practices
Wherever people congregate, they talk. Although cyber-criminals like to compete, they also often share best practices.
This information sharing is why the deep and dark web facilitates so many of the dangerous threats targeting businesses.
There is an interconnected, agile nature to the cyber-criminal ecosystem, and, regardless of their language, skills, location or affiliation, cyber criminal groups tend to share a strong desire to reap the benefits of cross-community collaboration, information sharing, and even mentorship.
2) It provides a way to sell and monetise criminal gains
The deep and dark web provides a way for cyber criminals to monetise the crimes they commit.
Often the exchange is data for Bitcoins, but it can take a wide variety of forms. At its simplest, however, the deep and dark web and its many illicit marketplaces serve as an underground economy for cyber criminals.
3) It acts as a network and communications portal
The deep and dark web provides a relatively-anonymous and fairly-safe place in which cyber criminals, terrorists, and other threat actors can communicate.
Cybercriminals communicate and collaborate through illicit forums on the deep and dark web.
While cybercriminals have been stealing and selling healthcare data for years, many have realised that healthcare organisations which are eager to regain access to critical data may be willing to pay ransoms worth more than the data’s black-market value
As new forums and marketplaces emerge, some may decline whereas others continue to attract new members.
Healthcare organisations face a number of threats, some of which include: ransomware, third-party vendor risks, fraud, and insider threats. All of these are underpinned by the underlying economic value of the data they hold and the criminal schemes that data facilitates.
While cybercriminals have been stealing and selling healthcare data for years, many have realised that healthcare organisations which are eager to regain access to critical data may be willing to pay ransoms worth more than the data’s black-market value.
Ransomware attacks can ultimately yield sizable financial losses and result in a crucial loss of confidence in the compromised institution.
Unfortunately, many organisations lack the tools, expertise, and manpower required to mitigate these attacks.
We know that cyber attackers are using the deep and dark web to co-ordinate attacks on healthcare organisations
The healthcare industry’s rapid adoption of emerging medical technologies has rendered many organisations more susceptible to cyber threats posed by the vendors of these technologies.
This is because many vendors face intense competition and pressure to produce more goods faster than ever before, often leaving security as an afterthought.
As healthcare organisations typically do not receive visibility into vendors’ supply chain security practices, dangerous vulnerabilities may go undetected until after a compromise has occurred.
While threats posed by malicious insiders raise concerns across industries, those in healthcare can be especially detrimental due to the high black-market value of stolen personal health information (PHI) and serious consequences for victims.
PHI abuse can include identity theft, insurance fraud and tax fraud, which often goes undetected for years.
For malicious insiders with access to valuable PHI databases, selling such access can provide a fast and profitable return.
The number one way to mitigate the risk emanating from adversaries who are utilising the deep and dark web is to understand and effectively monitor their activity in that space.
Ransomware attacks can ultimately yield sizable financial losses and result in a crucial loss of confidence in the compromised institution
If you know what your adversary will do before he or she does, you can act to mitigate the threat and implement the defences needed to guard against an attack.
Language expertise is also vital to using the deep and dark web for defensive purposes.
Understanding how criminals speak and the true meaning behind their interactions is vital.
The most-successful analysts come with a huge depth of understanding that takes years of specialised work to acquire and build.
Outside of the deep and dark web there are a number of actions healthcare organisations can take to address threats pro-actively and bolster their security.
I would advise strongly that CISO and CIOs put in place robust systems to ensure that people, processes and technology all are up to date and aligned. Defence requires constant vigilance and agility.
If you know what your adversary will do before he or she does, you can act to mitigate the threat and implement the defences needed to guard against an attack
Practically speaking, using two-factor authentication, patching and updating software, maintaining firewalls, changing default passwords, raising employee awareness of cyber security best practices, and creating off-the-grid-back-ups will all help in protecting an organisation from the many threats they face.
We know that cyber attackers are using the deep and dark web to co-ordinate attacks on healthcare organisations. For them, the rewards following a successful breach can be significant.
On the flip side, the damages incurred by the breached institution could be catastrophic.
It is, therefore, critical that cybersecurity, including effective monitoring of the deep and dark web, remains a priority.
