IGEL Response to CISA Black Basta Cybersecurity Advisory

In response to the increasing cyber threats identified by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS), including the aggressive ransomware campaigns by the Black Basta group, IGEL’s Preventative Security Model™ stands as a critical defence mechanism for the healthcare industry. This model prioritizes proactive prevention over merely reactive measures, ensuring that healthcare organizations are not just responsive but fortified proactively against sophisticated malware and ransomware attacks that exploit endpoint vulnerabilities. As threats like Black Basta continue to evolve, employing advanced tactics such as spear phishing and exploiting critical vulnerabilities within commonly used software, the emphasis on robust endpoint security and comprehensive threat prevention strategies has never been more crucial.

Preventative Endpoint Security for Healthcare

IGEL can support healthcare organizations in 3 key ways:

1. Organizations running IGEL as the endpoint OS significantly reduce the risk of the endpoint as an attack vector helping prevent ransomware and other incidents
2. Integration with multi-factor authentication solutions significantly reduce the threat of attacks that utilize stolen credentials
3. Organizations that have experienced compromised endpoints can recover the existing in place hardware by booting to a USB drive containing IGEL OS. These IGEL OS devices can be placed directly back on the compromised network without concern of reinfection. This will allow users to get back to being productive as soon as possible, only gated by the centralized services being  restored or recovered by IT and will significantly reduce the endpoint recovery time to just a few minutes per device

To date, no IGEL endpoints have been compromised during a cyber-attack due to our Secure by Design approach.

IGEL stands ready to support impacted healthcare organizations in restoring the delivery of patient care services. For more information please contact IGEL

Read the IGEL Security Whitepaper

Securing Healthcare Environments with IGEL’s Preventative Security Model

The IGEL OS Preventative Security Model minimizes vulnerabilities by removing the endpoint vulnerabilities targeted by cyber-criminals. This includes:

• Ensuring no local data is stored at the endpoint which prevents the download of potentially malicious attachments or code to the endpoint.
• The read-only OS ensures that malicious changes cannot be made to the OS itself.
• The Trusted Application Platform ensures a secure boot process, cryptographically checking each module of the operating system and resetting the OS to known good state should tampering be detected.
• Integration with MFA and SSO including Imprivata, Okta, Ping and AuthX reduces the potential of stolen credential attacks while keeping clinical workflows optimal
• Modular design reduces the endpoint attack surface by only deploying the software components and applications that are needed.

Endpoint Resilience and Ransomware Recovery

IGEL’s UDPocket solution can be utilized to recover compromised endpoints. By booting from this USB device, the local disk is completely bypassed meaning that the existing, compromised device can be used to restore patient care services. No need to wait for new devices to be acquired, shipped, delivered, imaged and configured. As time and resources allow, those devices can be re-imaged to a permanently installed IGEL OS to ensure the device is secured and no longer vulnerable moving forward.

Commitment to Cyber Hygiene Regular updates and patches are seamlessly deployed across IGEL-powered endpoints from the IGEL Universal Management Suite (UMS), a key practice in maintaining cybersecurity hygiene. Centralized endpoint management further ensures compliance with the latest security policies, keeping all devices secure and aligned with best practices.

Only Part of the Puzzle

IGEL recognizes that securing the endpoint won’t completely eliminate cyber-attacks. But by eliminating the endpoint as an attack vector and integrating with MFA solutions to reduce the chances of stolen credential attacks (user education will always be a critical aspect to any security planning), IGEL can remove a critical part of the attack chain. To paraphrase; If a CISO has 99 problems, now the endpoint won’t be one.

#StopRansomware #PreventativeSecurityModel