Third parties are a major source of ransomware attacks –here’s what you can do about it

Healthcare organizations are particularly vulnerable to ransomware attacks, and nearly half of these attacks enter through third-party access points. The good news is that vendor privileged access solutions can mitigate these risks for your organization. 

Ransomware attacks are scary in any industry, but the implications for healthcare delivery organizations (HDOs) are particularly frightening. In addition to the financial and reputational consequences for the organization, a ransomware attack on healthcare can have devastating consequences for patients.

A recent attack on a healthcare management services organization based in California quickly spread to hospitals in Pennsylvania, Connecticut, Texas, and Rhode Island before the spread was stopped by taking the organization’s systems offline. Multiple hospitals and clinics had to close emergency rooms and divert ambulance services as they shifted to a paper system.

A widespread problem

This attack was by no means an isolated incident. Successful ransomware attacks continue to disrupt HDOs across the globe. A recent Ponemon Institute study on the impact of ransomware on patient safety shared survey findings that showed nearly half of respondents experienced a ransomware attack in the past two years. The significant impact of these attacks extends to patient care delivery, with:

• 70% having to transfer or divert patients to other facilities
• 58% facing delays in procedures and tests, resulting in poor patient outcomes
• 45% seeing increased complications from medical procedures

Third parties are a major point of vulnerability

Among the 47% of survey respondents reporting a ransomware attack, 46% point to a third party as the source. This marks an 11% increase from the 36% reported in the previous year’s survey. This finding clearly shows the necessity of being able to effectively assess, identify, and remediate third-party risks and security gaps.

But there’s good news: the right vendor privileged access management (VPAM) solution can help. To secure third-party access, your VPAM solution should have, at a minimum, the following capabilities.

Third-party identity management

As third-party users are not employees, the normal ways of managing their access do not apply. That’s where VPAM comes in. VPAM can provide an easy way to define access rights by vendor organization and user group, while also allowing for “self-registration” of new vendor users. In this way, organizations benefit from a workflow that allows new users at a third-party organization to prove their employment, register for access, provide the reason for access, then acquire the necessary credentials to swiftly and securely begin taking care of business.

Employment verification before each access

Again, as third-party users are not employees, it becomes difficult or impossible for an organization to know when that user has been terminated or left the partner company. That’s why it’s so critical that all third-party users prove their active employment status prior to each connection, especially when they have privileged access to mission-critical systems or data.

Multifactor authentication

Multifactor authentication (MFA) should be enforced for all users prior to the initiation of all privileged sessions. That said, it is often costly, complicated, or even impossible to roll out your corporate MFA solution to non-employee vendor identities. The right VPAM solutions will provide your organization with a native method of MFA that makes this important authentication technique easy to enforce for third parties.

Zero Trust network access

Third-party vendors will almost always access assets remotely, and because of the risk associated with this class of users, it’s imperative that organizations employ the most secure remote access methods possible. A virtual private network (VPN), which provides direct network access, should be avoided for third-party users, in favor of more modern technologies such as Zero Trust network access (ZTNA). ZTNA defines the “perimeter” within the application down to the host and port, and keeps the user off the physical network. This allows third parties to access what they need to, and nothing more.

Benefit from third-party contributions while mitigating risk

Outside partners, vendors, and contractors are essential in business today, but the risks of third-party access can have particularly devastating consequences in the healthcare industry. Find out more about VPAM, along with additional guidance on how your organization can mitigate ransomware risk, by reading our tech note.