Tech & Innovation in Healthcare

Learn about this malicious scheme and how to protect your practice from harm.

What is RaaS?

Ransomware-as-a-Service (RaaS) is an illegal cybercrime business model where ransomware or malware developers sell their code to other hackers, who are also known as affiliates. The affiliates then take the ransomware code and deploy it to potential victims in hopes someone activates the code and locks up the system. Then, the ransomware attackers can attempt to extort the victims for a ransom.

This model allows potential hackers to enter the world of cybercrime with a low barrier to entry. The hackers could have limited skills to generate the code on their own but can easily carry out attacks on unsuspecting victims. Plus, they can collect a profit without putting in the legwork to develop their own ransomware code.

Additionally, like all business models, there are several different revenue options for RaaS:

• One-time fee: Hackers can purchase the ransomware code.
• Subscription: Much like your favorite streaming service, RaaS affiliates can pay a fee each month to access ransomware tools.
• Profit sharing: Ransomware developers give hackers the code for free, but they receive a large portion of the ransom the hackers receive. According to IBM, this share could be 30 to 40 percent of the total ransom.

RaaS developers and affiliates are poised to make significant money regardless of which revenue model is chosen, especially when it comes to healthcare cyberattacks.

Examples of RaaS in Healthcare

According to the IBM X-Force Threat Intelligence Index, ransomware was the second most common cyberattack type in 2022.

Healthcare data breach costs have increased 53.3 percent since 2020, according to IBM’s Cost of a Data Breach Report 2023. Healthcare also reported the costliest data breaches, for the 13^th straight year, at average cost of $10.93 million. Of course, the cost of some attacks can end up with a significantly higher price tag.

For example, on Feb. 21, 2024, RaaS cyberthreat actors attacked Change Healthcare, forcing the healthcare clearinghouse to suspend several of its services indefinitely. The company determined that the group ALPHV Blackcat was behind the attack and reportedly paid a $22 million ransom.

As of publication, 26 services have been fully or partially restored according to the Change Healthcare update website, but in the end UnitedHealth group (parent company of Change Healthcare) could be $1.6 billion lighter in the pocket due to the ransomware attack.

Furthermore, as one healthcare entity is recovering from a ransomware attack, another healthcare organization is facing their own infection. On May 8, Ascension “detected unusual activity in [its] network systems;” the organization later confirmed it to be a ransomware attack. Ascension states they don’t have a timeline for restoration, but they are working on it.

Note: For more information on the Ascension ransomware attack, check out “Cyberthreat Actors Attack Another Healthcare Entity” later in this issue.

Protect Your Organization Against RaaS Threats

Ransomware attacks are getting more popular due to the ease of which they can be deployed. By sending simple emails with attachments that would garner a closer look by the recipient, hackers can gain access to the organization’s network without any heavy lifting. That being said, CISOs, health IT professionals, managers, and staff members must stay vigilant about cybersecurity to protect the organization and patient data from unauthorized access.

“The Joint Ransomware Task Force (JRTF) is working to disrupt the ransomware ecosystem and protect organizations, including healthcare organizations, from ransomware attacks,” says Funso Richard, CISA, CISM, CDPSE, CCSFP, information security officer for Ensemble Health Partners in Cincinnati, Ohio.

The JRTF along with the Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing & Analysis Center (MS-ISAC) issued an updated Joint Ransomware Guide in September 2023 to provide “ransomware and data extortion prevention best practices.”

The best practices include, but are not limited to:

• Regularly perform device vulnerability scans to pinpoint and deal with the weaknesses.
• Patch and update software and operating systems consis­tently to ensure devices have the most up-to-date software.
• Properly configure devices and enable security features.
• Restrict the use of remote desktop protocol (RDP) and other remote desktop services.

The devices mentioned in the third bullet include all devices on your organization’s property, connected cloud services, mobile devices like smartphones and tablets, and any of your employees’ personal devices, such as bring your own device (BYOD).

Additionally, preparing for a potential ransomware incident is key to ensuring risk management and swift recovery from an attack. Preparation practices include maintaining offline, encrypted backups of important data; establishing, maintaining, and practicing a cyber incident response plan; and employing zero-trust architecture.

By having your encrypted data backups offline, cyberattackers won’t be able to access the data so you can swiftly recover patient information, get systems operational, and rebound from the attack. A cyber incident response plan keeps the organization aware of what will happen when an attack occurs — this can include how to handle data with personally identifiable information (PII), which government agencies to contact, and templates for contacting the public. Zero-trust architecture, or ZTA, helps “prevent unauthorized access to data and services,” according to the Stop Ransomware Guide. When everyone is on the same page in the organization of not trusting anyone online, in emails, or with scam text messages or phone calls, your healthcare practice or hospital will have a better chance of not becoming a victim of a ransomware attack.

“The JRTF’s efforts can have a significant impact on healthcare organizations, especially those that have been targets of ransomware attacks in the past,” Richard adds.

Learn more about ZTA in “Enhance Your Healthcare Security With Zero-Trust Framework” in Tech & Innovation in Healthcare, Volume 3, Issue 8.

Resource: Review the joint Stop Ransomware Guide.