MITRE Unveils Ransomware Resource for Hospitals, Healthcare Providers

March 03, 2021 - MITRE recently unveiled a newly created ransomware resource, which is designed to help hospitals and other healthcare providers develop and maintain resilient security processes and policies in response to the ever-evolving threat landscape.

It’s the second nonprofit effort focused on ransomware support for the healthcare sector announced in the last month. The Center for Internet Security (CIS) expanded a free offering of its malcious internet domain blocking and reporting service for all US hospitals on February 17.

The MITRE Health Cyber Center provides a host of resources tailored to specific roles within the healthcare enterprise, including business managers, technical managers, IT, or cybersecurity practitioners.

Those leaders can review the resource library page to search for the best materials to fit their specific needs, broken down into key topic areas. These include insights into cyber resiliency, threat sharing, and MITRE ATT&CK tactics.

“[Smaller or rural] organizations typically have smaller IT and security departments, with a handful of talented people wearing many hats, and each responsible for several major operational IT areas,” MITRE Lead Cybersecurity Engineer Joanne Fitzpatrick explained in the announcement.

“Staff tend to be experienced in the operations of their own organization, but often have little access to growth/training/professional development on cybersecurity issues, such as threats and attacks. Lack of time or budget is usually the reason,” she added.

These organizations may also have fewer or no staff available to dedicate to specific cybersecurity areas, such as threat model or attack surface assessments, she explained. However, no matter the size of the organization, all providers are at risk under the current threat landscape.

In response to these risks and security gaps, MITRE released its Ransomware Resource Center to support healthcare entities in bolstering defenses. The hope is that hospitals and healthcare entities will leverage these tools to prepare, respond, and recover from cyberattacks.

By leveraging the resource, leaders can develop overall enterprise cybersecurity risk management processes, needed safeguards, and the appropriate activities needed to identify when a cybersecurity event occurs.

The lead resource table categorizes the tools around the five stages of the NIST standard framework: identify, protect, detect, respond, and recover. The relevant tools for each stage are also included within the topic areas.

The resource also includes relevant information for incident response plans and appropriate plans for building resilient processes, as well as best practice steps for restoring services and capabilities after a ransomware attack.

These processes are then related back to the ransomware threat, such as identifying the systems and critical processes that may be vulnerable to ransomware and deploying defenses specifically designed for shoring up security gaps specific to the encryption malware threat.

“Since [hackers' primarily want to extort money from an organization, they don’t really care about its size, location, or nature of their databases,” said Fitzpatrick. “From the perspective of hospitals and health facilities in rural or underserved areas, however, their ability to protect themselves from a ransomware attack, or to be able to operate through such attacks, may be more limited than their larger counterparts because their IT infrastructure may be less mature and their resources may be more limited.”

"Many healthcare organizations choose to start with an assessment that asks and answers some key questions: What are our most important assets? What are the strengths and vulnerabilities of our current system? What are the roles and responsibilities around the organization if we come under attack? MITRE has created numerous cyber tools that help organizations ask and answer these important questions," she added.

MITRE intends to add to the resources to continue its support of the broader healthcare community, using unbiased guidance and best practices developed over the years.

Threat actors ramped up targeted attacks against the sector in 2020, with twice as many cyberattacks on providers and at least 560 healthcare providers facing successful ransomware attacks.

These targeted and pervasive attacks are expected to continue and thrive into the coming year, making it crucial for healthcare entities to ensure all endpoints are secure through appropriate tools, including monitoring, response plans, and the implementation of multi-factor authentication.

Security researchers are also urging healthcare entities to begin the shift into a zero trust security model, which is crucial for bolstering access controls and endpoint management.