Cyber-attacks targeting healthcare facilities ruthlessly exploit personal, vulnerable and highly sensitive information. It’s one of the few industries where attacks can lead to life and death scenarios.
Perhaps more than any other industry, healthcare faces unique and ever-changing risks from insider threats to errors and privilege misuse. Healthcare facilities face several unique cybersecurity threats, largely due to the sensitive nature of the data they handle and the critical services they provide.
Vast treasure troves of sensitive data across a mix of legacy in-house and modern third-party systems and medical devices complicate a healthcare organization’s attack surface and make breach events more devastating.
According to the 2024 Verizon Data Breach Investigations Report system intrusion breaches rank in the top three attack patterns targeting healthcare organizations, alongside web applications and social engineering. Notably, personal data has eclipsed medical data as a preferred target for threat actors.
Ransomware attacks are an increasingly popular tactic used for data exfiltration. Attacks cause operational disruptions, crippling financial losses and reputational damage. Take the February 2024 Change Healthcare ransomware attack as one example. Attackers reportedly had access to internal systems for over a month and through this period were able to exfiltrate mass amounts of sensitive data.
The attack itself caused massive disruption to providers across the country due to prolonged outages; it’s estimated that between 1 in 3 Americans (or nearly 110 million people) were affected by the breach. The total cost of attack response is estimated to top more than $2.45 billion — $1 billion more than initially reported.
The Ascension ransomware attack in May 2024 similarly caused widespread and long-term outages across the organization’s 142 hospital sites. Doctors and nurses had limited access to digital records for patient histories and had to resort to paper and faxes to treat patients — electronic health record (EHR) access wasn’t fully restored until more than a month following the breach.
Confirmed data exfiltration including protected health information (PHI) and personally identifiable information (PII). Multiple lawsuits are in process and current projections peg the cost of breach at $1.6 billion.
Ransomware attacks are adopting more sophisticated and undetectable techniques including fileless and in-memory attacks that can slip past traditional, signature-based defense measures with ease.
The latest approaches in ransomware protection emphasize not just resilience, but also the critical need for visibility and autonomous adaptability. Optimized exposure management is key to achieving the proactive, preventative approach that security practitioners require to understand a healthcare organization’s unique attack surface and effectively prioritize vulnerability remediation.
Bupa is an international healthcare company offering health insurance and healthcare services to more than 38 million customers worldwide. While headquartered in the United Kingdom, the company operates in 190 countries across multiple business units. The Bupa Latin America Information Security team provides security services to operations at multiple locations across Latin America.
The team frequently applies a variety of tests (including a ransomware simulator) to ensure resiliency against new and emerging threats. Upon learning about Morphisec AMTD, the team commissioned a proof of concept (POC) on a prepared computer loaded with existing security controls.
“We have a very robust set of security controls implemented including Extended Detection and Response (XDR) with Microsoft Defender, and our tests indicated they were producing excellent results,” said Alexander Realpe, Head of Security and Risk for Bupa LATAM. “But then Morphisec came in, ran a test on one of our computers with all controls in place, and showed how easy it is to create a back door.”
The POC demonstrated how easily the team’s endpoint detection and response solutions could be successfully bypassed. Bupa LATAM cybersecurity specialist Erick Vargas ran the POC and observed that “Morphisec proved that it’s able to protect against ransomware and fileless attacks.”
In the simplest terms, traditional security tools are like doors and locks. Morphisec takes protection further. It hides the door, hides the lock, and then moves them all around so threat actors don't know where to attack.
- Alexander Realpe | Head of Security & Risk for Bupa Latin America
Today's ransomware employs numerous stealthy and evasive techniques to remain undetected within an organization’s system until the optimal moment for causing maximum damage. By this point, the extortion process is already underway and often irreversible.
Attackers continuously develop new, unknown variants with unrecognizable signatures that evade Next-Generation Antivirus (NGAV) and Endpoint Protection Platforms (EPP). They also utilize fileless and in-memory methods, which leave no indicators of compromise detectable by Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), or Managed Detection and Response (MDR) solutions.
Threat actors thoroughly study a network and its vulnerabilities before fully establishing their presence. Morphisec's anti-ransomware stack offers true ransomware prevention by detecting and stopping ransomware in its earliest stages.
“In the simplest terms, traditional security tools are like doors and locks,” said Alexander. “Morphisec takes protection further. It hides the door, hides the lock, and then moves them all around so threat actors don’t know where to attack.”
One such example occurred in late 2023, when Morphisec prevented Mispadu loader (a banking trojan used for monetary and credential theft) that had bypassed Microsoft Defender — Mispadu loader is a highly active and extremely evasive threat.
“One cool feature is the fact that Morphisec doesn’t rely on normal EDR detection patterns,” said Erick. “It doesn’t analyze behaviors. Instead, it sees something accessing an application and blocks it right off the bat. Having this effectiveness at the impact phase greatly impacts reaction time.”
Morphisec’s comprehensive Defense-in-Depth anti-ransomware capability provides four distinct security layers that prevent ransomware, do not affect productivity or performance, and integrate seamlessly with your cybersecurity tech stack:
Morphisec Automated Moving Target Defense (AMTD) prevents ransomware, as well as supply chain, zero-day, fileless, in-memory attacks and other advanced threats using system polymorphism in memory to hide operating system and application targets from adversaries in an unpredictable manner. The platform has negligible performance impact and does not require additional staffing.
“Morphisec is the last line of defense. The amount of detections where Morphisec has kicked in is really low — and that’s a good thing. We know that when everything else fails Morphisec is there to protect us,” said Erick.