LAS VEGAS – At the HIMSS21 Healthcare Cybersecurity Forum on Monday here, Errol Weiss, chief security officer at H-ISAC, offered the audience a fair warning: Anyone looking for good news and encouragement about the current cyberthreat landscape still had time to leave the room.

Yes, the news seems discouraging, if not frightening, on all fronts these days. The massive Solar Winds breach was a major wakeup call of course, said Weiss, and got a lot of media attention.

"But what's next?"

The bad news is that the bad guys are continually "growing in sophistication," he said. (And increasingly, those bad guys are nation-state actors such as China, Russia and North Korea.)

Cybercrime is rampant, and ransomware attacks targeting healthcare have become an epidemic, with the ransom demands spiraling ever higher.

Weiss pointed to a few other recent trends that are "worrying."

For instance, right-to-left override attacks, which can fool unsuspecting users of running executable code from what they think are benign file types, have recently been exploited much more commonly.

Another recent trend is a social engineering trick that dupes people into calling a phone number and inadvertently installing malware on their own machines, said Weiss. The recent spread of state-sponsored spyware has been another big concern.

"It's just getting worse and worse," said Brian Cady, director of information security architecture at Providence St. Joseph Health.

"One thing that really scares me for the future is AI-based attacks," he said.

If a company can develop an AI that can play Atari Breakout, after all, it's not a stretch to think of a criminal group developing something similar to perpetrate cyberattacks, and "just set it up to run," said Cady.

"These are people for whom this is their job," he said. "They show up, they work 9 to 5, and this is what they do."

And the real challenge is that security practices in healthcare still generally aren't keeping pace with the speed of these new and sinister developments.

Cady pointed to one recent study that looked at a two-year period and found that "misconfigurations and errors in cloud deployments led to $5 trillion in losses" over those two years – 20% of which was in the healthcare industry.

Meanwhile, the drumbeat of new ransomware attacks just continues.

And it's "going to continue because the payback is just so significant," said Cady. "It's like, 'Why did you rob a bank?' 'Well, that's where the money is.' And as long as the money is there, people are going to continue doing this."

Some people took heart in the fact that Revil, the group purported to be behind the Colonial pipeline attack, suddenly seemed to have a change of heart after the U.S. response.

But if they've taken a break from plotting new conquests, "they aren't just sitting on the beach or playing with jet skis," said Weiss.

"This is not a teenager in a hoodie doing these kinds of attacks; these are elaborate, sophisticated, organized criminal gangs," he added. "They are highly specialized. They are highly commoditized. They are retooling. They are reconfiguring. They are rebuilding."

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com
Healthcare IT News is a HIMSS publication.