In cybersecurity, the Healthcare and Public Health (HPH) sector faces an ever-evolving array of threats. The notorious Clop ransomware group has recently made headlines, targeting organizations with sophisticated attacks. These incidents underscore the need for robust cybersecurity measures, particularly in managing application assets and user access management.
The clop threat: A wake-up call for healthcare security
Clop, a Russian-speaking group linked to the infamous TA505 and FIN11, has aggressively targeted the HPH sector. Known for leveraging vulnerabilities in systems like MOVEit and GoAnywhere MFT, Clop has demonstrated the ease with which attackers can exploit weaknesses in digital infrastructure. These attacks, mainly using the GoAnywhere MFT zero-day vulnerability (CVE-2023-0669), added to CISA’s Known Exploited Vulnerabilities Catalog, highlight the urgent need for healthcare organizations to reassess their cybersecurity strategies.
CISA’s guidance: A roadmap for enhanced security
The Cybersecurity & Infrastructure Security Agency (CISA) provides a blueprint for addressing these emerging threats. Central to their recommendations is the importance of comprehensive asset management, especially in applications. Healthcare organizations are advised to maintain a detailed inventory of all applications, assess their security posture, and ensure they are updated with the latest security patches.
Access management is another critical area. The rise in sophisticated attacks like those by Clop emphasizes the importance of robust access control mechanisms. This includes implementing phishing-resistant authentication methods, such as FIDO2, strict access controls, and regular audits to ensure that only authorized individuals can access sensitive data.
The risk of nonstandard applications
In the backdrop of these threats, nonstandard applications present a unique challenge. These applications often rely on traditional password-based authentication and lack integration with identity providers (Azure AD, Okta, Sailpoint, etc.). Outside of not supporting SSO, these applications also lack support for lifecycle management, i.e., joiners, movers, and leavers. What is normally automated through your identity provider, now becomes a slog of manual and error-prone work for your IT team. This disconnect makes nonstandard applications vulnerable targets for threat actors like Clop.
Applications that fall into this category have many names (nonstandard, decentralized, disconnected, or unmanageable applications). No matter what you call them, they are a considerable risk for the HPH sector. Research from the Ponemon Institute found that 63% of organizations experienced an incident caused by nonstandard applications.
Empowering the healthcare sector
By aligning with CISA's guidance and understanding the tactics of groups like Clop, healthcare organizations can better prepare themselves against these threats.
Healthcare organizations should consider the following steps:
Navigating the complex cybersecurity landscape, especially in healthcare, demands a strategic focus on access management. Organizations must adopt proactive, vigilant approaches, aligning with best practices in access control as recommended by agencies like CISA. In an era where threats like Clop are prevalent, prioritizing robust access management for all applications, not just those connected to your identity provider, is necessary and a cornerstone for maintaining a resilient and secure healthcare data environment.
For more insights contact us and follow us on social at @CerbyHQ.