Recent Ransomware Attacks on U.S. Hospitals Highlight the Inefficiency of Rules-Based Cybersecurity Solutions

A number of recent high profile ransomware attacks on U.S. hospitals have demonstrated the urgency for organizations, municipalities, and critical services to take a proactive approach to protecting networks with a predictive AI solution.

USA Today reported late last month that the FBI identified a major ransomware assault taking place against five U.S. hospitals – a threat to the U.S. healthcare system that cannot be ignored and has cost hospitals tens of millions of dollars in recent years.

Ransomware is an increasingly used offense by intelligent cybercriminals who encrypt sensitive data like patient and billing records until a hospital agrees to pay a large sum for ransom (usually in Bitcoin or other digital currency) to get it unlocked.

This year ransomware attacks have spiked – 50% increase in just the past 3 months alone. The percentage of healthcare organizations impacted by ransomware globally nearly doubled, from 2.3% in the second quarter to 4% in the third quarter. Health care was followed by manufacturing, software makers, government/military and insurance and legal firms.

Michael-Paul Yelland, MixMode Security Engineer, comments that while ransomware is ultimately an endpoint problem, using a traditional rules-based system to protect the perimeter is no longer a viable defense.

“Writing a rule to try and prevent an attacker from entering an endpoint is almost useless because there are infinite different ways to try and attack. Therefore, there is no way to write every single possible method of entry into rules without leaving some percentage of vulnerability,” Yelland says.

Once the attacker gets to the endpoint it’s over. The lock down and machine-driven encryption happens in seconds.

Instead, MixMode takes a predictive approach using Third-Wave AI (as defined by DARPA) to prevent ransomware-type attacks. The only hope for comprehensive ransomware prevention is to do it on the network before the endpoint is penetrated.

Utilizing a comprehensive platform that looks for anomalies and not specific rules is the best possible way to prevent ransomware attacks. When cybercriminals begin scanning and doing a variety of things on the network wires, MixMode’s self-supervised AI will notice the activity and alert the user that something is going on. There is a lot more time spent trying to get into the endpoint then there is actually on the endpoint extracting files.

Additionally MixMode is able to provide a forensic export of all traffic during an attack.

As we mentioned in our analysis of last year’s City of Baltimore ransomware attack, improved security posture can also only be strengthened and reinforced with a strong in-house incident response capability and forensic record of network traffic. When attacks like this occur, the ability to not only identify the source quickly but also “replay” the traffic to see who else was infected is a must-have feature in a modern security system.
To learn more about MixMode’s self-supervised AI and how you can better protect your network against rising ransomware attacks, schedule a demo today.