Ransomware attacks and other types of cyberattacks in healthcare are growing, not only in amount, but in sophistication as well. 

The recent State of Ransomware in Healthcare report released by Sophos highlighted a 94 percent increase in ransomware attacks in 2021, with 66 percent of healthcare organizations hit by ransomware – up from 34 percent the prior year. 

Healthcare organizations a prime target for ransomware attacks

Not only is healthcare a lucrative target for hackers financially, with large operating budgets and insurance policies, but it is also a low-hanging target with complex, legacy systems. Threat actors know that organizations across the healthcare sector are driven by a need to rapidly restore operations to ensure the health and safety of patients and continued delivery of services – whether in a hospital, across the medical supply chain, or even health insurance plans. 

Lisa J. Pino, Director of the Office of Civil Rights (OCR) wrote a letter earlier this year encouraging healthcare organizations to strengthen their cyber security posture, noting that “more than one health care provider was forced to cancel surgeries, radiology exams, and other services, because their systems, software, and/or networks had been disabled.” This pressure to restore operations is leading to higher ransom demands, with the average demand up 144 percent.

Federal agencies are urging healthcare organizations to take action against the growing threat of ransomware. A recent Cybersecurity Advisory from the Cybersecurity and Infrastructure Security Agency (CISA) warned that the healthcare industry was being increasingly targeted by North Korean state-sponsored cyber actors with the Maui ransomware. Subsequent research indicated this operation was opportunistic, compromising low-hanging targets – which, unfortunately, is often healthcare organizations. As with other ransomware attacks, these incidents were disrupting services for prolonged periods. 

A similar advisory went out this August from the Office of Information Security warning healthcare organizations against threats from the Karakurt ransomware group. In this advisory, details specifically outline that the group is gaining access with stolen or compromised credentials. 

It’s an unfortunate truth that most threat actors don’t break in – they log in. In fact, 61 percent of data breaches involve credentials, with 25 percent of breaches in 2021 attributed to ransomware.

How healthcare organizations can break the cyberattacks in healthcare cycle

By blocking the most common routes of access ransomware attackers use to invade the network: credentials and phishing, healthcare organizations can break the cycle. What’s common across both of these is the user: poor user practices in combination with legacy authentication can oftentimes make it easy for attackers to gain access to the enterprise.

While ransomware is a daunting challenge to fix, the first step can be very simple: prioritizing the human layer by securing user access to critical systems and data using phishing-resistant multi-factor authentication (MFA).

President Biden’s Executive Order 14028 and the follow-up OMB M-22-09 specifically mandate phishing-resistant MFA to defend against sophisticated attacks, including ransomware. Phishing-resistant MFA, provided by smart card or a FIDO2 security key such as YubiKey, is an authentication method that is immune from attempts to compromise or subvert the authentication process. Better yet, phishing-resistant MFA offers the potential to address some of the challenges with legacy MFA such as passwords that lead to poor user experience when authenticating in healthcare settings and the security gaps associated with password sharing.

How Yubico supports the prevention of cyberattacks in healthcare

The YubiKey is designed to meet healthcare organizations where they are on their journey to strong authentication – seamlessly supporting legacy infrastructure as well as modern, cloud-based systems. To learn more about how easy it is to deploy phishing-resistant MFA, download our whitepaper, “Modernizing MFA and going passwordless across the healthcare sector.”

The post Breaking the cycle of cyberattacks in healthcare with phishing-resistant MFA appeared first on Yubico.


VaultumCity is the best trusted place to select and buy your best Yubikeys, Vaultumcity free ship all yubikeys, Vaultumcity is reseller distributor of yubikeys so you can find cheapest best yubikey in Vaultumcity. If you are looking for best Yubikeys in Singapore at VaultumCity website online store.

The shop that sells yubikeys is https://vaultumcity.com/product-category/yubikey/

Our delivers are from Singapore, distribute globally. Buying Yubikey in Vaultum to have best customer and after sales services. All Yubikeys sold at Vaultumcity are quality guaranteed. Please place a large amount order to have great discount for reseller. Contact Vaultumcity at https://vaultumcity.com/contact/ whenever you have any issue with your yubikeys. Buying yubikeys at Vaultumcity to have best newest yubikeys free shipped to your door, FIDO2 U2F SECURITY KEY C NFC, FIDO2 U2F SECURITY KEY NFC, YubiKey 5 Nano, YUBIKEY 5 NFC, YubiKey 5C, YubiKey 5C nano, YubiKey 5C NFC, YUBIKEY 5Ci, YubiKey Bio – FIDO Edition. Yubikeys are best most secure tools for two-factor authentication. You can also buy yubikeys form Malaysia, Yubikey Malaysia is being sold at Vaultumcity with great price and free ship, you have it fastest, just in few days because we’re here in Singapore.

If you are looking for yubikeys in Indonesia, Vaultumcity is a great place to buy yubikey Indonesia, you can have yubikeys to protect your logins in just few days. Vaultumcity ship your yubikeys to your home in Thailand, to help ensure your data is safe and secured.

What about South Korea, Vaultumcity bring your yubikeys to your home in South Korea free-shipped.

Vaultumcity also delivers yubikeys to Japan, any province or city to your hands. Check out and grab your best suited yubikey today at VaultumCity.