Here’s an alarming figure. More than 1500 cyberattacks occur in the healthcare industry every week. Further research suggests each breach costs more than 10 million $! One of the biggest cyberattacks of 2024 was the Earnest Health attack, impacting the patient data of more than 100,000 patients.
In February 2024, Earnest Health detected malicious activity within its network. So, in this blog, let’s talk about the details of the attack, its aftermath, and the lessons we can learn to boost our security. Incidents like these require you to have a reliable vulnerability management tool.
Who Attacked Earnest Health
Cyber investigators have still not found out who actually attacked the healthcare organization. But a name that emerges is LockBit. A terrifying, well-organized ransomware group quickly claimed they were responsible for the attack but later removed Earnest Health from the blog through which they had actually claimed it.
DarkCloud, another ransomware group, is another name that has popped up on the internet as being the culprit of the cyberattack that affected hundreds and thousands!
But Why Earnest Health
Healthcare is a service, but it holds sensitive and very valuable data that hackers and threat actors want to get their hands on. These hackers breach healthcare organizations and sell the data on the dark web, making millions in the process!
Adding to the issues is that the healthcare sector is also heavily reliant on digital records, especially in recent years. And unfortunately, cybersecurity is an afterthought too!
All these reasons made Earnest Health an attractive target for cyberattackers and the ransomware group LockBit leveraged the weak defense to breach the walls of the organization.
So, how did it happen?
Timeline of the Attack
- Day 1 – February 10, 2023: Early Detection
On Friday, February 10, Earnest Health’s IT staff noticed something fishy. It was a minor issue, but some systems in their network were running unusually slowly. After running some diagnostics, the team assumed it to be a technical issue rather than a cyberattack, leading IT staff to conduct standard troubleshooting procedures. - Day 2 – February 11, 2023: Malware Identified
On Saturday, February 11, after analyzing the logs of the network, some suspicious activity was detected. So the IT team decided to dig deeper, and what they found was not good. The team discovered encrypted files attached to a note asking for a ransom. The ransomware attack was confirmed. - Day 2 – February 11, 2023: Containment Efforts
By the end of the day, the IT team was moving swiftly, trying to minimize the damage by isolating the infected section of the network. But it was too late. Sensitive files and hospital records were already encrypted. - Day 3 – February 12, 2023: Ransom Demand Issued
Early the next day, the attackers sent a ransom threat with a 72-hour countdown to complete the payment. The consequence of nonpayment meant that the attackers would leak all the information. - Day 4 – February 13, 2023: Decision & Response
With the time running out, Earnest Health had to make a decision. On Feb 13th, the organization decided not to pay the ransom and decided to focus its efforts on recovering the data using backups. Security in the network was also enhanced to protect the rest of the network.
The Impact & Damage of the Attack
The consequences of the cyberattack on Earnest Health were devastating. As previously mentioned, more than 100,000+ records of patient data were stolen and encrypted. But here are some other key impacts:
- Operational Downtime: Not just loss of data, due to the encryption of patient records, healthcare workers couldn’t use scheduling systems. As a result, the attack disrupted care and caused significant delays in treatment.
- Financial Losses: Another damage from the attack was Earnest Health’s incurred significant costs related to IT recovery efforts, cybersecurity consultations, and fines from regulatory bodies like HIPAA.
- Reputational Damage: The attack had a more nuanced impact as well: Earnest Health’s name was damaged! The attack affected a patient’s trust too. Would you want to use a healthcare service that could leak your personal health documents?
- Legal Repercussions: Healthcare information is sensitive, and that means proper security should have been in place. Due to the attack, Earnest Health faced potential legal action and compliance audits, but more importantly, it was also sued by the patients whose data was leaked.
So, what can we do not to be the next in line and experience these attacks?
The Preventive Approach to Cyberattacks
Cybersecurity and vulnerability management, especially, are still in the back of the minds of everybody, even in 2024. Trying to scramble, stop, and recover from cyberattacks is not the right way to safeguard our enterprises.
A preventive approach to vulnerability management paired with robust cybersecurity best practices will ensure you mitigate your attack surface and prevent cyberattacks from occurring.
Here are some key pointers we must keep in mind to enhance our cyber resilience.
- Preventive Vulnerability Management: Proactivity is key! Implement preventive vulnerability mitigation, where you proactively mitigate the risk before the attacker has a chance to exploit it.
- Employee Training: The human is the weakest link in the cybersecurity chain is a common phrase. So, training staff to recognize phishing attempts and suspicious activity is important, as phishing is still one of the most common entry points for ransomware. Even in the case of change
- Regular Updates and Patches: Keeping software updated helps prevent attackers from exploiting known vulnerabilities.
- Network Segmentation: Separating critical systems from other network segments makes it harder for malware to spread across an entire organization.
- Data Backup and Recovery Plans: Regular, secure data backups are essential so that operations can be restored without paying a ransom.
Stop Future Cyberattacks with SanerNow
Leverage proactive vulnerability management with SanerNow. Based on the cutting-edge Continuous Vulnerability and Exposure Management framework, SanerNow prevents cyberattacks by:
- Detecting Risks: Powered by the largest risk repository, SanerNow detects vulnerabilities, misconfigurations, exposures, and anomalies to give you comprehensive visibility and coverage.
- Assessing & Prioritizing Risks: Once the scans are complete, SanerNow assesses and prioritizes risks based on the SSVC framework, business context, exploitability, and more to give you the best prioritization possible.
- Remediating Risks: Not stopping after prioritization, SanerNow remediates risks with natively integrated remediation and patches all major OSs and more than 550+ 3rd party applications as well.
Leverage SanerNow to prevent attacks now!
