By Jack Chapman, Vice President of Threat Intelligence, Egress Software
Wherever you are, your local hospital is an important part of any community. We have been testing these organs more than at any point in our lives in the last three years. Thankfully, the widespread resilience of doctors, nurses and staff has provided the rest of us with a benchmark for human capabilities and important glimmers of hope for the future.
But just as we have learned to live with one crisis, a new threat has emerged.
Most hospitals operate in complex and technological ecosystems supporting critical machines with a variety of legacy solutions. We are increasingly relying on WiFi to operate, connect and communicate with these ecosystems.
In fact, hospitals are a treasure trove of the Internet of Things (IoT), both a blessing and a curse. While the IoT approach has significant technical advantages, it is also important to understand that these systems can attract unwanted attention.
The truth is that wireless networks are one of the biggest vulnerabilities in healthcare and are routinely exploited by cybercriminals. For the most part, hospitals are public places where anyone, including cybercriminals, can easily walk in, connect, access, and compromise unsecured devices.
There is an obvious irony that the same device that saves a patient’s life might be a weak link in the entire hospital network. In the face of cyber threats, devices connected to a wireless network, such as MRI machines, are necessary for the functioning of hospitals. The idea of making them unusable is not negotiable. Or is it?
Knowing this, threat actors want to gain access to hospital networks in order to take over sensitive machines for ransom. Due to the fact that medical technology is prohibitively expensive, cybercriminals are often resorting to additional pressure to pay because it feels like a cheaper and faster solution than replacing a machine. Even so, the decryption key provided by the attacker only works about 20% of the time.
For cybercriminals, controlling these machines is just the beginning. What hackers are interested in is not only the ransom payment, but also the data. Accessing the machine can either access patient data stored on the device, or it can travel laterally over a network to access Protective Health Information (PHI) from other systems.
So, in addition to holding ransom, gangs are increasingly using so-called double extortion schemes to pressure victims by threatening to expose or sell this data. Some criminals use the hacked patient data to screw hospitals and further use a triple extortion method that further increases your chances of getting a ransom.
3 steps you can take to protect your hospital from cyberattacks
The team responsible for the technology ecosystem that operates within the hospital must:
three steps.
- Understanding the Ecosystem
Healthcare organizations rely on vast networks of legacy and IoT devices to perform their day-to-day operations, making them very difficult to protect without full visibility into their scope and assets.
As more connected devices are added to the network, it can be difficult for medical chief information security officers (CISOs) (if they have devices in hospitals) to gain full visibility into what devices are in use, despite their best efforts.
Regardless of staffing, a hospital’s security team should regularly perform full audits of all IoT devices to assess the level of risk to the organization. There is also a risk assessment and follow-up that a new device must perform before it is connected to the network.
With a more comprehensive understanding of the environment, healthcare CISOs and/or security teams can take important steps to mitigate risks and identify vulnerabilities.
- Network segmentation
Healthcare CISOs must adopt a strategy of segmentation and isolation of vulnerable devices, especially those without endpoint security. If your device does not need access to the Internet to perform its primary functions, turn off access. Whitelist the device to only connect to networks and other devices that need it, and isolate the public network from the rest.
This allows security teams to prevent threat actors from gaining access through devices before they flank through your organization’s network. However, it is important to find a balance between effective segmentation and smooth operation. To do this, we need to ensure that our devices and information remain accessible to those who need it.
- Patch, Validate and Test!
Healthcare organizations are increasingly being targeted by cybercriminals. Because of this, good security fundamentals must apply not only to technology, but to people and processes throughout the organization.
These actions include patching, training, risk assessment, backup, disaster recovery, prevention and protection software. But often this is not enough.
Too often organizations believed they were adequately protected when they were not. Because these organizations are often complex and evolving in nature, it is also important to validate and test that appropriate security achieves its goals.
About the author
Jack Chapman, vice president of threat intelligence at Egress Software, said: He is an experienced cybersecurity expert, serving as Vice President of Threat Intelligence at Egress, tasked with deep understanding of the evolving cyberthreat landscape to stay one step ahead of cybercriminals. Jack uses this insight and extensive R&D skills to oversee product development for Egress Defend, an inbound threat detection and prevention solution that mitigates all zero-day phishing attacks. Jack can be contacted online at: LinkedIn and on our website https://www.egress.com/
Fair Use Notice: The “fair use” law allows other authors to make limited use of the original author’s work without permission. Under 17 US Code § 107, “It is not copyright infringement to use copyrighted material for purposes such as criticism, commentary, news reporting, education (including multiple copies for classroom use), scholarship, or research.” As a matter of policy, fair use is based on the belief that the public is free to use portions of copyrighted material for the purposes of comment and criticism. Fair use privileges are perhaps the most important restrictions on the exclusive rights of copyright owners. Cyber Defense Media Group is a news reporting company that reports cyber news, events, information and more free of charge on its website Cyber Defense Magazine. All images and reporting are conducted exclusively in accordance with the fair use of US copyright laws.