By : Sanjai Gangadharan, Regional Director, SAARC, A10 Networks
The industry witnessed mounting cases of ransomware threats in 2015. In fact, according to industry reports, India ranked third in Asia for ransomware attacksand 86 percent1 of the ransomware attacks were Crypto-ransomware in nature. Ransomware is a type of malicious software for data kidnapping in which the attacker encrypts the victim’s data and demands payment for the encryption key.
This phenomenon isfast becoming the choice ofattack by cyber criminals to target healthcare organizations. A recent survey by Healthcare IT News and HIMSS Analytics, revealed that about 50 percent of healthcare organizations said they have no way of identifying these types of attacks. It’s disturbing that their customer data could be at risk right now, and they may not even be aware of it. In our view, healthcare organizations are at risk of ransomware attacks primarily because of SSL encrypted traffic.
In this article we look at some of the key reasons why the healthcare sector is an attractive target for ransomware attacks, and how SSL inspection is an essential for defending against it.
Why Healthcare Organizations Are Being Hit-
- Unlike other businesses, healthcare organizations aren’t equipped to deal with sophisticated attacks.
- Patient data is crucial in life-and-death situations, so healthcare organizations don’t have the luxury of holding out on paying the ransom.
- Because of Health Insurance Portability and Accountability Act (HIPAA) patient privacy regulations, the majority of communications require SSL encryption.
Leveraging a Good Thing to Do Harm
Healthcare security professionals embrace SSL encryption and agree that it’s necessary for patient privacy protection. But hackers are using it to their advantage by locking down valuable patient data and then demanding a ransom for the decryption key. Once ransomware gets into your system or network via malware embedded in email attachments or drive-by downloads, it hides behind various obfuscation techniques to evade network security defenses.Malware can be concealed in encrypted traffic to bypass controls put in place by healthcare organisations.Today, 8 of the top 10 websites in the world use encrypted traffic – think Facebook, LinkedIn, Google India, YouTube and more.
The Antidote: SSL Inspection
SSL inspection is an essential for defending against ransomware. Here’s why:
- Intrusion detection systems (IDS)/intrusion prevention systems (IPS), network monitoring, and other traditional defenses can’t inspect encrypted traffic. It’s estimated that close to 70 percent of current Web traffic is encrypted. Yet despite this, 80 percent of organizations with firewalls, IPS, or Unified Threat Management appliance do not decrypt SSL traffic. This could be because,as NSS Labs discovered, the average performance of seven leading NG Firewalls fell an average of 81 percent when decrypting SSL traffic with 2048-bit keys. So, unless advanced SSL decryption technology is deployed to enhance their existing security devices, most healthcare organisation can’t effectively inspect SSL traffic.
- When ransomware is installed, it operates as a command and control server that reaches out to the attackers in order to get the encryption keys. This communication is hidden in encrypted SSL traffic to avoid detection. SSL decryption exposes it so that the security infrastructure can stop ransomware before it downloads the encryption key, pre-emptively stopping the attack.
An Ounce of Prevention
We hope we’ve raised awareness about how you can prevent ransomware attacks through SSL traffic inspection. Technology products like A10 Networks’ Thunder SSL Insight (SSLi) removes the blind spots created by encrypted traffic and helps halt ransomware attacks before they hold your healthcare data hostage and put your patients and your organization at risk.
With the Indian healthcare sector going through a digital revolution bolstered by Government initiatives like ‘Smart Cities’ built on the backbone of IoT, there is a dire need for robust security solutions to combat threats posed by ransomware. Prevention is better than cure!