Ransomware might seem like the reigning infosec nightmare, but cryptomining and its nefarious brethren cryptojacking have come along to steal that throne. 

“For the last few years, ransomware was a cybercriminal king. However, in the last quarter the trend has changed. A new player has begun to grow in strength on the malware market – cryptominers,” Comodo Threat Labs said in a recent report. “That is not surprising. With a market capitalization greater than $264 billion at the end of March 2018, cryptocurrencies represent a rich target for perpetrators.”

The question then becomes what should hospital IT and security teams do about it? 

While any cyberattack surpassing malware that locks down data and demands bitcoin in return is legitimately scary, the underlying thread is that basic cyberhygiene goes a long way toward both types of threat.

“Practice situational awareness such as ‘See something, say something,’” HIMSS Director of Privacy & Security Lee Kim said ahead of the Healthcare Security Forum, where she will be speaking on June 11 in San Francisco. “Look for the unusual.”

Kim, who compiles and writes the monthly HIMSS Healthcare and Cross-sector Cybersecurity Report, pointed to suspect CPU time as well as operations such as Windows Task Manager or listing processes on Unix boxes as keen examples to take into account.

Don’t think ransomware is going away or ignore other basics: block pop-up ads, keep web browsers and OS security patches current, and educate and train users to know exactly what phishing attacks and other social engineering tricks look like as well as what to do when they spot one.

“For phishing, if possible, use old-school methods of communication to verify that an e-mail is legitimate, Kim said. “Pick up the phone or, if it apparently came from a coworker, drop by their office. Just because it appears to come from a colleague, friend, or trusted business partner, don’t let your guard down.”

In addition to mastering the basics, hospitals should practice the art of cyberwarfare to know their enemies — and that pertains more broadly to cybersecurity than just cryptojacking and OrangeWorm.

“It’s not just nation-states, non-state actors or criminals, it can also be other corporations. Know where your assets are and how they are secured,” Kim said. “Think like an attacker and a defender. Know how the enemy moves, what they go after, and who they may be – this intelligence can go a long way. Also remember that intelligence is never static. It’s a full, iterative cycle and you need good analysts on your team, too, if you really want to keep up with what’s happening.”

Kim will be sharing HIMSS research on crytpominers, Organgeworm and other top cyberthreats at the upcoming Healthcare Security Forum.

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com