Best practices for ransomware protection in hospital groups

SATURDAY, DECEMBER 30, 2023

According to the news, there has been confirmed a ransomware attack on the computer system of Udon Thani Hospital, demanding several million baht. No details have been provided on the size of the patient database in the news.

Udon Thani Hospital Center, a large provincial hospital in the northeast region under the Ministry of Public Health, is identified as one of the Critical Information Infrastructure organizations providing services to citizens. This incident is not the first of its kind in Thailand, where hospitals have fallen victim to ransomware attacks.

Hospitals are attractive targets for ransomware due to the wealth of sensitive data they possess and the severe disruptions they can cause to the public. These attacks present cybercriminals with significant financial gain and an urgency to pay ransoms, as the consequences extend beyond the organization to impact broader societal and economic stability.

Palo Alto Networks's 2023 Unit 42 Ransomware and Extortion Report reveals insights that ransomware demands continued to be a pain point for organizations this past year, with observed payments as high as US$7 million. The median demand was US$650,000, while the median payment was US$350,000, indicating that effective negotiation can drive down actual payments. Thailand ranks 6th in the APAC region in the number of ransomware attacks but holds the first spot in Southeast Asia.

“Organizations must stay vigilant against evolving threats as they become more sophisticated with new technologies. In this context, a zero-trust cybersecurity approach is crucial due to device proliferation driven by the medical IoT environment and increasing cloud adoption. To stay ahead of emerging threats, organizations need a threat intelligence team that monitors global attacks and potential risks to the organization,” Piya Jitnimit, Country Manager for Thailand, shares insights into best practices and cybersecurity strategies.

Recommendations from Unit 42 Ransomware and Extortion 2023 Report:

●    Prepare a Playbook for Multi-Extortion
●    Ensure Complete Visibility via Extended Detection and Response (XDR) Technology
●    Implement a Threat Intelligence Program
●    Proactively Manage and Reduce Your Attack Surface Inventory
●    Implement Enterprise-Wide Zero Trust Architecture
●    Pressure Test Your Incident Response Plans and Program
●    Protect Your Cloud Architectures

Hospitals are crucial organizations where computer failures directly impact patients' lives. As such, Piya requests attackers to consider the sensitivity of the sector and the lives of the people involved.