In the past year, approximately 75% of healthcare organizations that experienced ransomware attacks were targeted during weekends or holidays. This trend emphasizes the critical importance for these entities to enhance their staffing strategies during periods when they are particularly vulnerable, according to Jeff Wichman, the director of incident response at Semperis, a cybersecurity firm.
Wichman stated that organizations should ideally increase their staffing levels on weekends and during holiday seasons. He highlighted that attackers are aware that many staff members are off-duty during these times, creating a prime opportunity for breaches. “If attackers know that we, as citizens, take time off on weekends, organizations should be ramping up their staffing,” he noted.
However, numerous healthcare organizations face staffing shortages, making it challenging to maintain adequate coverage during these high-risk windows. Wichman suggested that these organizations look to partner with external providers, such as a managed service provider that can offer a security operations center capable of monitoring and responding to incidents around the clock. Ensuring that these partners are also sufficiently staffed during weekends and holidays is crucial.
Organizations must also fortify their incident response capabilities through extensive preparation and training. Wichman emphasized the need for practicing recovery drills and understanding the actual time required to restore operations may not align with theoretical expectations. He cautioned against the misconception that recovery is simply a matter of pushing a button to restore data, pointing out that several critical steps are involved in a successful recovery process.
In his discussion with Information Security Media Group, Wichman further elaborated on key issues in cybersecurity, including the necessity for rigorous backup validation and testing, and common missteps in identity management that can lead to significant vulnerabilities. He also addressed the evolving regulatory landscape concerning cybersecurity and its potential implications in the coming year.
As a seasoned professional with over 20 years in the field of information security, Wichman brings a wealth of experience, having managed responses to a range of incidents, from minor email compromises to extensive ransomware cases.
From a cybersecurity perspective, this situation aligns with multiple tactics and techniques outlined in the MITRE ATT&CK framework. The timing of attacks suggests potential initial access methods could include phishing or exploitation of public-facing applications during off-hours. The low staffing levels on weekends may offer attackers opportunities for persistence and privilege escalation if not adequately monitored.
This evolving threat landscape underscores the pressing need for healthcare organizations to bolster their cybersecurity defenses and adapt their operational strategies to mitigate risks effectively. With the rising frequency of targeted attacks, particularly against critical infrastructure such as healthcare, organizations must prioritize their preparedness to safeguard sensitive data and maintain operational integrity.
