Health-ISAC Hacking Healthcare 5-27-2024

This week, Hacking Healthcare™ stays on the topic of U.K. ransomware. Join us as we examine recent reports of an upcoming consultation that might radically shift how the U.K. government allows entities to respond to ransomware incidents. We provide a brief overview of what has been reported, and then we provide some useful background information and context around how some of the alleged proposals might work.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

PDF Version:

View PDF

Text Version:

Welcome back to Hacking Healthcare™.

Potential U.K. Ransomware Payment Policy Overhaul

Last week, we discussed new ransomware guidance published by the U.K. National Cyber Security Centre (NCSC) in collaboration with several national insurers.^[i] That document took a seemingly common-sense approach to the issue by providing victim organizations with some considerations to inform their decision-making. However, new reporting suggests that the U.K. is about to consider a significant overhaul of their ransomware policies that involves mandatory reporting and a licensing regime for those wanting to make a ransom payment. Let’s explore what this might look like and how it could impact healthcare.

Report from Recorded Future News 

According to Recorded Future News, the U.K. government is preparing several proposals that will be published in a June public consultation.^[ii]  These proposals will allegedly include mandatory reporting of ransomware attacks, a licensing regime for victims that wish to make a ransomware payment, and even a possible outright ban on critical infrastructure entities from paying ransoms.^[iii]

With the actual proposals unavailable at this time, we will have to wait and see what ends up materializing. However, there is still a lot we can analyze and put into context in our Action and Analysis section.

Action & Analysis
**Included with Health-ISAC Membership**

Upcoming International Hearings/Meetings

• EU
  1. No relevant meetings at this time
• US
  1. No relevant meetings at this time
• Rest of World
  1. No relevant meetings at this time

^[i]https://www.ncsc.gov.uk/files/Guidance-for-organisations-considering-payment-in-ransomware-incidents.pdf

^[ii] https://therecord.media/uk-proposal-mandatory-reporting-ransomware-attacks

^[iii] https://therecord.media/uk-proposal-mandatory-reporting-ransomware-attacks

^[iv]https://www.reuters.com/world/uk/uks-labour-has-17-point-lead-over-conservatives-first-poll-since-vote-date-set-2024-05-23/

^[v] https://therecord.media/uk-proposal-mandatory-reporting-ransomware-attacks

• Related Resources & News
• Health-ISAC Hacking Healthcare 8-26-2024
• What is Threat Intelligence? A Comprehensive Overview
• Why Cybercriminals Target Healthcare Data and How Organisations Can Protect Themselves
• Federal Authorities Work to Boost Health-Care Cybersecurity
• Health-ISAC Hacking Healthcare 8-9-2024
• Health-ISAC Medical Device Blog – VEX
• Podcast: Health-ISAC Featured in Cyberwire Daily episode 2021
• Health-ISAC Hacking Healthcare 8-2-2024
• Protecting Healthcare Organizations with Human-Centric Email Security
• American Hospital Association and Health-ISAC Joint Threat Bulletin