GigaOm

Ransomware attacks against local governments are an increasingly common occurrence in recent years. According to a recent report, 330 ransomware attacks have been carried out against government systems over the past four years, with more than half a million individual records affected. These attacks also often disrupt essential services, such as online portals and payment systems. This can have serious consequences for local governments, as well as for those who rely on the services they provide.

Recent Attacks on Local Governments Highlight the Need for Stronger Cybersecurity Measures

There have been several recent ransomware attacks against local government organizations in the U.S. in recent years.

• In August 2019, in a coordinated attack, 22 municipalities in Texas were simultaneously infiltrated by hackers, resulting in significant impact to their computer systems and disruption to local services.
• In December 2019, the city of Pensacola, Florida, was hit by a ransomware attack that impacted its email and phone systems and online payment systems.
• In May 2021, the city of Tulsa, Oklahoma, was hit by a ransomware attack that impacted more than 18,000 city files, some of them including information such as names, dates of birth, addresses, and driver’s licenses.
• Just this month, the city of Oakland, California, was hit by a ransomware attack that exposed personal confidential data and took down the city’s computer systems for weeks.

The FBI’s Cyber Crime Center noted that “phishing emails, Remote Desktop Protocol (RDP) exploitation, and exploitation of software vulnerabilities” were “the top initial infection vectors for ransomware attacks in 2022.

The aftermath of attacks such as these makes one thing clear: local governments need stronger cybersecurity measures and more robust vulnerability and risk assessment. With continuous vulnerability scanning and comprehensive endpoint management, local governments can reduce their attack surface and give criminals one less entry point to launch an attack.

Limited Resources Pose a Challenge for Maintaining Secure IT Infrastructure

Consistently tight budgets have left local governments particularly vulnerable to ransomware attacks. Many local government organizations must use older hardware and software because they do not have the luxury of upgrading to newer technology. This can lead to systems and applications that may no longer be supported by vendors, with vendors supplying security updates or patches. Limited staffing resources have only compounded this issue, leaving many local government agencies unable to keep up with patching and other IT or security operations such as regular vulnerability scanning.

Many local government organizations have limited resources, small IT teams, and tight budgets, which make it difficult to keep up with the maintenance and support of current and older systems. With more devices being used to get work done, hastened by the pandemic and work-from-home initiatives, many IT and security teams don’t have a clear picture of how many devices are connected to the enterprise, much less whether those devices are up-to-date on patches and other security measures. This means they cannot monitor the health of devices accessing sensitive information, scan for potential issues on the devices, deploy patches, or enforce security controls that would limit their attack surface and reduce their exposure to these types of attacks.

While there are many challenges local governments face in managing and securing their endpoints, it is crucial that they do so. The best way for government organizations to prevent crippling cyber-attacks like ransomware is to implement best practices around patch management and vulnerability scanning.

Leveling the Playing Field

While attackers are targeting local governments more frequently due to outdated and vulnerable systems and limited resources, this does not mean that government organizations must be victims. Tools that consolidate management and security with automation can make these organizations less vulnerable to cyberattacks and reduce the burden on their budgets and staff. By implementing these measures with a tool that does the work for them, they can ensure their systems and sensitive data remain secure and protected.

Implementing best practices around patch management and vulnerability scanning is particularly important in these environments. Older devices may have unpatched operating system vulnerabilities or use software that has reached end-of-life from vendors that no longer release updates, leaving the devices exposed to risk. This does not mean that they should simply be left as-is, though. Other mitigations, especially policy-based security controls, can help reduce the risk from older devices and applications. Unified security and endpoint management (USEM) tools make it easy to implement these best practices by enabling patch management best practices, regularly scanning for vulnerabilities, and remediating vulnerabilities automatically. This ensures that the devices employees use to work and access sensitive data are managed and secure, while cutting off device access if it does not have the proper management and security profile.

Automating vulnerability scanning and patch management can make local governments less of a target for attackers. When vulnerabilities are quickly identified and addressed and software is regularly updated, the risk of a successful cyberattack is significantly reduced, making governments less likely targets in the future.

Find out how Syxsense helps local governments strengthen cybersecurity measures and keep endpoints secure. Schedule a demo today.

According to a report by Comparitech, the healthcare field is attracting a lot of attention from cybercriminals; ransomware, in particular, has created chaos across the sector. In 2021 alone, there were more than 100 ransomware attacks that impacted around 2,300 healthcare organizations, including 20 million patient records. The 2022 report comes out later this year, but the forecast looks grim.

Estimates of the cost of these attacks is upwards of $8 billion and that’s just in downtime. The average number of days of downtime was six, although some organizations were offline a lot longer. In addition to this price tag were ransomware payments that varied anywhere from $250,000 to $5 million, such as TriValley Primary Care’s payment of $250,000, Allergy Partners payment of $1.75 million, and UF Health Central Florida’s payment of $5 million.

It’s clear that medical organizations are being targeted by cybercriminals. While the sheer size of the attack surface can make it seem impossible to change, this doesn’t have to be the case.

The Harm of Ransomware in Healthcare

Ransomware is a dangerous form of malware for any organization. But for the medical sector, it is particularly harmful because patient health and privacy is at risk. The effects of an attack can disrupt key systems or even shut them down, leaving healthcare providers without access to patient data and medical records. In addition, the already high cost of medical care will only increase as organizations struggle to operate efficiently due to ransomware disruption and payouts.

The financial repercussions from regulatory agencies when healthcare organizations fail to secure their systems and a breach occurs can be severe. The Health Insurance Portability and Accountability Act (HIPAA) regulations stipulate security policies to protect patients from unauthorized access to health records and medical history. Failing to comply with HIPAA regulations can leave businesses facing fines of up to $1.5 million, in addition to any payouts related to a resulting breach.

Such attacks are becoming all too common: Scripps Health, a network of five hospitals and 19 outpatient clinics in California, was infiltrated by ransomware in 2021 to the cost of more than $100 million. Two of its hospitals lost access to electronic medical record systems and offsite servers, leaving several units unable to provide care and requiring patients to be diverted to other facilities. Though the initial access vector for the breach remains unverified, an internal email distributed after the attack noted that Scripps added multi-factor authentication processes for remote access and mobile devices and new security software on 98% of all Scripps devices. This suggests that access rights to high-value databases and assets were not protected by foundational cybersecurity controls.

Protecting Hospitals and Patients from Ransomware

Medical organizations can take steps to prevent the spread of ransomware by updating security policies and ensuring the burden of compliance isn’t left to busy healthcare workers. While doctors and nurses provide care to patients, organizations can rely on tools that consolidate vulnerability scanning, patch management, and compliance reporting to monitor and secure their environment.

In the case of Scripps Health, a unified security and endpoint management (USEM) solution with user- and device-based, multifactor authentication controls and integration with existing IT infrastructure, such as Active Directory, could have ensured compliance with security policies that restrict access to confidential records. With USEM, healthcare organizations could automatically verify that users and devices had multifactor authentication set up and up-to-date security controls in place before users could gain access to critical data.

USEM solutions enable healthcare organizations to achieve and maintain compliance with regulations such as HIPAA, ensuring that patient data is protected, and healthcare organizations aren’t subject to the financial burden of fines and payouts.

Find out how Syxsense helps healthcare organizations identify, manage, and secure their endpoints. Schedule a demo today.