In Sweden public as well as private stakeholders have been subjected to ransomware attacks over the past year. A ransomware attack against medical care services, which are currently under extra pressure due to covid-19, could have devastating effects.
"Phishing campaigns or targeted ransomware attacks against medical care services have already been observed, and have occurred, in other countries. Criminals are furthermore trying to exploit the situation in various ways. There is a risk that this could happen in Sweden as well, and a special information effort is now underway to improve protection of the health and medical care sector, with the focus on preventive measures against ransomware", says Hedvig Kylberg, an administrator at MSB’s Operational Cybersecurity Unit.
A ransomware attack can lead to all or parts of an organisation’s IT system, and the data there, becoming encrypted and inaccessible to employees. In many cases information is also stolen, and then the attackers threaten to publish sensitive information unless a ransom is paid. In order to protect itself, the organisation needs to have an idea of the consequences such an attack would have on its activities as well as on patient security.
While complete protection from attack is difficult to achieve, preventive measures such as a continuous IT security regime with sound procedures for backup copying and recovery, as well as training of employees, will facilitate management and limit the damage. The capacity to quickly restore the IT system, so that operations can resume normally and costs for dealing with the attack are kept low, can make a significant difference. It is important to continue prioritising maintenance of IT security also when an organisation is under pressure for other reasons, even if these procedures may cause brief interruptions to services.
Several government agencies have worked together to draw up recommendations directed at managers of IT infrastructure in medical and health care services, as well as decision makers, technicians, and users of the organisation’s IT system.
The recommendations in Increasing the health sector’s resistance to ransomware attacks should be seen as guidance and support. Each organisation within the health and medical care sector should be able to use this in making risk analyses and decision guidance, in training and communication, in a way that is deemed appropriate for the activity in question. Further target group adaptation of the recommendations may thus be necessary, for example. Additional support for efforts to increase resistance against many cyberthreats is available in the report.
Cybersecurity in Sweden – recommended security measures. This presents ten areas in which measures should be prioritised. Note that these recommendations are not a substitute for a systematic security regime.
CERT-SE is Sweden’s national CSIRT (Computer Security Incident Response Team), charged with supporting society and its institutions in their work to manage and prevent IT incidents. The response team is part of MSB. https://www.cert.se/2020/06/oka-motstandskraften-mot-ransomware