Post AvWHjjPyn3dxQVF7Ue by ChrisJohnRiley@infosec.exchange
(DIR) More posts by ChrisJohnRiley@infosec.exchange
(DIR) Post #AvWHjTDL2I1bAfCnZI by ChrisJohnRiley@infosec.exchange
2025-06-25T09:13:15Z
0 likes, 0 repeats
Why is Finnish Healthcare Doing So Well Against Ransomware?Perttu Halonen (National Cyber Security Centre Finland, FI)#FIRSTCON25
(DIR) Post #AvWHjUh9WvT3lQA7g8 by ChrisJohnRiley@infosec.exchange
2025-06-25T09:20:51Z
0 likes, 0 repeats
Despite Ransomware being such a Global phenomenon, Finland has seen a low level of reports of compromise.- Mainly public healthcare - Small economy - Specialist support from NCSC-FI- Small country, low hierarchy - No healthcare company in FI has paid Ransomware #FIRSTCON25
(DIR) Post #AvWHjW2oVsO9wtIw52 by ChrisJohnRiley@infosec.exchange
2025-06-25T09:26:34Z
0 likes, 0 repeats
Ransomware attacks are mainly financially motivated. Rational targeting is towards larger targets with the lowest effort. Cybercrime gangs work internationally, so country boundaries don't prevent this.Ransomware incidents are talked about publicly more than other types of cybercrime, making the incidents comparable.5-8% of Ransomware attacks are healthcare sector. 67% of healthcare organisations fell victim to Ransomware (this number seems skewed and should be taking with a pinch of salt).#FIRSTCON25
(DIR) Post #AvWHjWwp9dBwkbVfNo by ChrisJohnRiley@infosec.exchange
2025-06-25T09:31:30Z
0 likes, 0 repeats
Finland specifically (2022-2024) saw 74 reported cases.Despite Finish healthcare being 9% of GDP, they only equate to 3% of Ransomware cases in that period.Attacks have been limited to admin and appointment systems, and had low/no impact on patients or their data.#FIRSTCON25
(DIR) Post #AvWHjXaAnKfQidv5iS by ChrisJohnRiley@infosec.exchange
2025-06-25T09:39:03Z
0 likes, 1 repeats
Finland has held regular ICT fairs to provide comprehensive peer-to-peer networking and support since the 1970's. This has built a landscape of frequent communication, even between competing companies.NCSC-FI promotes scanning and support for healthcare to reduce attack surface. Complexity and legacy systems are not much different to other regions (e.g. USA).#FIRSTCON25
(DIR) Post #AvWHjdw1B1hqQ8BcbA by ChrisJohnRiley@infosec.exchange
2025-06-25T09:41:15Z
0 likes, 0 repeats
Vastaamo incident from 2020 was a blackspot on the Finish healthcare landscape. Due to the data leaks, deaths occurred.https://en.m.wikipedia.org/wiki/Vastaamo_data_breach"This hacking incident had a wide impact on healthcare industry's obligations to secure their networks and increase their accountability."The follow-up to this tragedy forced Ransomware and security of data into the limelight politically and technically.#FIRSTCON25
(DIR) Post #AvWHjjPyn3dxQVF7Ue by ChrisJohnRiley@infosec.exchange
2025-06-25T09:44:05Z
0 likes, 0 repeats
53% of American healthcare organisations pay Ransomware.No Finish healthcare organisations have paid.This sends a clear message.#FIRSTCON25
(DIR) Post #AvWHjoFWpLFqPXOLOi by ChrisJohnRiley@infosec.exchange
2025-06-25T09:49:01Z
0 likes, 0 repeats
The Finish language may have been an additional disadvantage for attackers in the past, this was seen for years in low quality SPAM. With improvements in LLMs and automation, the language barrier is lower or no longer an issue here.Threat landscapes change regularly, so we'll see how LLMs make changes moving forwards.#FIRSTCON25