Yet, these sensitive systems are generally not well-protected.

Cybercriminals are keenly aware of this, and they seek to exploit it.

In Ireland and the UK, it is not only that these systems are poorly protected, but most of the healthcare data in the region is also centralised. As a result, it only takes one bad click in an email for a ransomware group to plant its malware institution-wide, taking confidential data hostage to demand a grossly high price for ransom. According to Check Point, UK organisations collectively experienced a surge of cyber-attacks in 2022.

Healthcare institutions are no exception. In fact, the highly confidential nature of healthcare data makes this sector a particularly lucrative target for threat actors. In 2021, the healthcare sector was the third most targeted of all the sectors, with an increase in cyber-attacks of 74%.

Moreover, in 2021, the largest known malware attack against a healthcare computer system occurred against Ireland’s Health Service Executive (HSE). The HSE is a publicly funded healthcare system under the Irish Department of Health, with 54 hospitals existing under its authority.

How did the attack happen? A single employee clicked on a bad link in a phishing email and in one fell swoop, the Russian gang, Wizard Spider, had implanted the infamous Conti malware into the healthcare service’s wider systems. For eight weeks, this malware roamed in silence. Once activated, 80% of HSE’s IT environment was effectively shut down and encrypted. Diagnostics, medical records, and emails were all inaccessible. Critical medical procedures within hospital wards ranging from psychiatry and maternity to oncology and paediatrics needed to be cancelled. Without access to internal records, how could doctors and nurses treat patients? The sensitive sector of healthcare was under huge attack.

While no ransom was paid by HSE, 700GB of sensitive data was stolen. Eventually the hackers dropped the decryption key, but it took another six months for servers to be entirely decrypted. This attack cost HSE upwards of €750 million, including an overhaul of the entire system.

While the largest cyberattack against a healthcare organisation in the region to date, it is far from the only one, and it will unfortunately, not be the last. In June 2023, an attack against the University of Manchester resulted in the exposure of data for over 1 million NHS patients. In 2017, the NHS was attacked by WannaCry ransomware which encrypted over 200,000 system computers, resulting in inoperable equipment and far-reaching appointment cancellations, not to mention the closure of emergency rooms. This one cost €92 million.

Looking beyond financial loss, however, cyber-attacks against healthcare institutions have even graver consequences. According to a survey of a hundred healthcare sector cybersecurity managers in the UK, 65% said that they believed a cyberattack against their systems could result in a loss of life. Think: emergency rooms and dispatchers shut down, cancer treatments cancelled, psychiatry records inaccessible, maternity aid impossible.

What’s more, is the severely growing threat of nation-state actors. We are well used to the tried-and-true cybercriminals seeking to infiltrate servers to achieve their millions of pounds of ransom, but attacks from state-aligned groups are less predictable. In April 2023, the NCSC issued an alert to critical national infrastructure (CNI) organisations with a warning against this emerging threat. The healthcare sector along with those of energy, food, government, water, and others are all under an increasing threat mainly by the following nations: Russia, China, North Korea, and Iran.

State-aligned actors are not motivated by finances, only by destruction. If war wages and a nation wants to cripple the United Kingdom or Ireland (or any country globally, for that matter), it only needs to target the under-protected healthcare institutions of the region. You can imagine that the resulting impact will be devastating.

So, healthcare organisations are often entirely under-prepared to deal with cyberattacks. They are too focused on, well, healthcare. But what can they do to prevent and recover from these attacks?

Interestingly, despite how severe the consequences of these attacks so often are, the methods used are typically very well-known. Phishing, social engineering, and credential theft are the most commonly used points of entry for cybercriminals, not to mention unpatched software and system configuration errors. Common problems with extraordinary consequences. With the correct steps, however, a solution for the vulnerable healthcare sector may be found.

Human error is often the root cause of these attacks, as we can see with the example of the HSE attack. For that reason, it is integral that healthcare institutions require security awareness training for all employees who have access to the organisation’s computer systems. Paired with keeping systems up to date, and overall, maintaining cybersecurity best-practices, healthcare organisations in the UK and Ireland may be able to prevent such catastrophic malware attacks from occurring in the first place.

In healthcare, the first priority is and always will be the saving of lives. But with cybercriminals increasingly targeting critical healthcare institutions with malware, it is important to remember that lives cannot be saved if computers are down, the equipment inoperable, and emergency rooms closed.

By Javvad Malik, lead security awareness advocate at KnowBe4

The post The Rising Threat of Malware Attacks in Ireland and United Kingdom Healthcare Sectors appeared first on .

The risk of attacks for digital therapeutics

DTx is streamlining the care process, moving patients away from paper-based systems, and providing digital access to healthcare records. As these interfaces grow in popularity, the quantity and detail of available health data is also rising. However, so too are cyberattacks – and the potential impact of this data falling into the wrong hands can be devastating. The healthcare field is a critical part of social infrastructure, and so patient information, such as images, scans, diagnoses, and medical reports, is a potential goldmine for anyone seeking to maliciously exploit it.

These kinds of cyberattacks are already disrupting everyday operations and compromising confidential patient data. For example, ransomware is often used to attack DTx apps, locking Electronic Health Records (EHR) so they can only be reopened after the ransom has been paid. What’s more, researchers at The Journal of the American Medical Information Association have reported that almost 2% of apps investigated were labelled as suspicious by at least one antivirus tool and are believed to be variants of FakeApp trojans masquerading as legitimate apps.

With cyber risks rising it’s vital that companies know what the top attacks against digital therapeutics apps are and how to solve them.

Tampering with patient data

There are numerous ways that cyber attacks on digital therapeutics apps can lead to significant data breaches and interruptions in digital services. In many instances, attackers input false medical conditions to fool doctors and cause harm to patients. This is achieved by using static and dynamic code analysis, instrumentation, and other tools to understand how an app functions or harvest data.

By incorporating robust defences – such as code obfuscation, anti-tampering, runtime application self-protection (RASP), memory injection prevention, data encryption at rest and in transit, mobile developers can help ensure the integrity of their apps and protect patient data. Trojan attacks

Trojans allow attackers to gain backdoor access to systems that they can use to secretly monitor patients or healthcare professionals or steal sensitive data through. Using various techniques, hackers can pirate DTx apps, making minor changes that leave the illusion of authenticity intact. They can then use these trojans to harvest personal data, perform unwanted browser redirects, and even access credentials.

To combat trojan attacks, developers of digital therapeutics should be implementing strong app hardening solutions and code obfuscation that prevents reverse engineering. In addition, they may consider keylogger prevention and preventing their apps from running on emulators, simulators, or virtualized devices. Enforcing secure communication protocols and, again, strong man-in-the-middle defences will be excellent for protecting data.

Ransomware threats

When it comes to health-related applications, cyber-criminals often exploit or compromise mobile applications to get their hands on sensitive data that can be used to blackmail patients or extort cash payments from the victims or healthcare providers. Protecting all data using strong encryption of data at rest, in transit, and in memory, as well as strings and resources stored in the app bundle can be effective ways of keeping hacker’s hands off the data they seek. In addition, protecting the mobile clipboard, blocking overlay attacks as well as preventing the abuse of Accessibility Services can provide a robust defence against attempts to weaponize DTx apps.

Malware programmes

Android and iOS phones are highly susceptible to malware programmes. Hackers build malware to exploit the applications’ sandboxes, or else to target SD cards, keywords, and other sensitive data – often by jailbreaking or rooting the device to gain superuser or elevated privileges. With this higher level of control, the hacker can launch much more effective attacks against DTx apps.

To prevent such threats and attacks, DTx developers and security professionals should prevent their apps from running on jailbroken or rooted devices, while also blocking advanced rooting and root hiding tools like Magisk, as well as blocking the use of powerful dynamic instrumentation frameworks such as Frida

Data leak and exploit

Patients are at risk of being compromised by DTx apps that could expose their data, such as medications, x-rays, and diagnostics. The most straightforward breach hackers use to access healthcare data is the access login.

Developers should combine data encryption and strong mobile malware defences to prevent keylogging and app overlay attacks. They should also incorporate loss prevention methods, such as preventing copy-paste functions and camera rolls from the app.

Protect customers’ rights to security

Healthcare data is often very intimate, and patients have the right to expect their information to be securely stored on mobile apps. By implementing some or all these recommended defences, developers can ensure that not only are they providing high quality healthcare services, but also that their users are comfortable their data is safe.

Article by Alan Bavosa, the VP Security Products of Appdome

The post The Top Cyber Attacks Facing Digital Therapeutic Apps appeared first on .

Today, virtual consultations are the norm, as are prescriptions held in the cloud. In hospitals, beds are now connected devices, artificial intelligence (AI) is deployed for early cancer detection, and some operating theatres come with robotic arms for support. In a healthcare setting, there is now technology at every turn.

The downside of digitalisation

Unfortunately, this drive for digitalisation comes at a price. By virtue of expanding the technological footprint, a bigger target is created for bad actors. Health data – a constant target for cyber criminals given the personal information involved – has become more exposed. Indeed, every device, connection, and digital data point is now a potential window of attack.

For an NHS that’s already dealing with the strain of the patient backlog and staffing crisis exacerbated by the pandemic, it’s a major concern. The consequences of a cyberattack could be huge, from large fines to putting lives at risk.

Healthcare is a prime target

The National Cyber Security Centre (NCSC) tackled more than 2.7m attempted online scams last year. This included removing more than 1,400 NHS-themed phishing campaigns, an 11-fold increase on 2020, including fake messages about vaccine rollouts and certificates.

Apart from playing on people’s health concerns with targeted phishing campaigns, criminals are also targeting the healthcare sector directly. In May, a group of Russian hackers threatened to shut down British hospital ventilators after an alleged member of their cybercrime gang was arrested in the UK. Looking at data from the last six months, our April 2022 Threat Labs Report found that the healthcare sector was second only to individual consumers as the number one target of cybercriminals. In fact, healthcare was the second most targeted sector in Q4 2021, bearing 12% of total attack detections. In the face of such relentless and targeted criminality, the key question for the NHS is – what can be done?

Collaboration is key

According to our Cyber Readiness Report, 86% of British security professionals think there is room for improvement in the level of cybersecurity partnerships between the government and organisations. While investing in more modern cybersecurity solutions can minimise risk for the NHS, government support needs to go beyond budget. It should extend to working more closely with the cybersecurity sector to maximise the benefits of public-private partnerships, particularly focusing on cyber threat intelligence sharing.

Healthcare needs to be agile

The NHS and its infrastructure needs to be agile. As digital transformation continues in the sector, adaptive security will become even more important. Organisations within the NHS can improve their front line of defence by implementing an intelligent, proactive security system that can constantly reshape itself to match a specific threat landscape.

Improving automation, remediation, and resiliency capabilities will be crucial to defending against increasingly sophisticated attacks. With machine learning and AI, the NHS can gain the insight needed to predict and prevent emerging threats targeting healthcare institutions, identify root causes, and automate processes to enable a quick response – anticipating new threats and adjusting to keep attackers at bay.

Integrate security operations

After years of gradual digitalisation, many NHS organisations are now working with a patchwork of cybercrime and cybersecurity solutions. This can create challenges: alerts get missed and the IT security team’s time is wasted pivoting between tools to look for anomalies.

To address these SecOps challenges, organisations should consider evolving their siloed security by implementing a flexible, scalable XDR (extended detection and response) architecture that can seamlessly integrate with their current security tools. When data is fed into a centralised platform and correlated with other data in a native and open environment, alerts become actionable, SecOps team achieve single pane-of-glass visibility into every system and security gaps can be removed.

Employee training is also critical, given the increase in phishing and email-based scams. It is essential they understand cyber threats and their role in mitigating incidents. Basic cybersecurity hygiene training for staff improves cyber resilience.

NHS must adapt and evolve as fast as cybercrime

The NHS has come a long way, but now is not the time to slow down. More devices, more connections and an increasing reliance on technology to run day-to-day operations requires a new approach to cybersecurity: swapping static, siloed security for embedded ‘living security’ that can flex to match the threat landscape. Only then can the NHS adapt and evolve as fast as cybercrime criminals do, ensuring that digitalisation doesn’t open the organisation up to attack.

By Fabien Rech, VP EMEA, Trellix

The post Helping the NHS Guard against Cybercrime appeared first on .

Despite this, protecting patient data is still a vital consideration that will allow providers to improve their services. This applies even more post-pandemic, with digital services being used more frequently. McKinsey research found 86% of international healthcare experts believe digital health eco systems will generate significant economic impact, while 82% believe they’re a crucial offering for existing customers.

That said, providers will need to address several security challenges to ensure that the smart health devices of digital transformation projects aren’t hacked, and that vital healthcare data is protected. This becomes even more important when considering the ageing global population.

Healthcare data needs to be secured

Dark web activity has risen over 300% since 2017, with more sophisticated technologies being integrated into criminal markets. This arms would-be hackers with greater anonymity and presents security challenges for providers, with the healthcare sector accounting for a third of security breaches last year, leading to 1.5 billion users’ personally identifiable information (PII) being compromised in the US alone. Most breaches occur due to hackers gaining access through third-party vendors, with the average cost per breach amounting to $6.45 million.

These data leaks cause considerable harm to patients, with identity theft leading to false medical claims and other financial repercussions. Organisations are also being affected, with potential fines and other legal consequences resulting from the mishandling of patient data, damaging the trust placed in healthcare providers. For example, the recent data breach involving the NHS lead to thousands of patient records being leaked, causing speculation on fines and even criminal proceedings, despite reports of these leaks being unintentional.

Patients need to be protected

Data breaches are a nightmare for any organisation, but the consequences of neglecting cybersecurity also extend to the quality of care – and the health of patients by extension. Maintaining appropriate standards of care requires functioning health devices, whether they’re hearing aids, insulin pumps, pacemakers, or others from a range of technologies that are often medical requirements.

These devices form an ecosystem connected to the Internet of Things, which means hacking one device renders the entire network vulnerable, presenting far more dangerous and even fatal consequences for patients. Once hackers gain access, they’ll be able to grab digital health records, launch ransomware attacks, and release viruses that will disrupt the operation of devices.

Hackers can also intercept and edit data from medical tests, causing doctors to prescribe incorrect treatments leading to health complications. It also problematises radiology, as evidence of harmful diseases like cancer could be removed from analysis results, leaving both doctors and patients unaware of severe health risks.

These challenges are compounded by an ageing global population. Research from the World Health Organisation suggests the proportion of those over 60 will nearly double from 12%-22% by 2050, while the number of those over 80 is expected to triple over the same period. Moreover, two-thirds of the elderly population will be living in low or middle-income countries which may lack adequate healthcare standards.

Digital adoption holds the potential to benefit this group significantly, with solutions like healthcare robotics aiding with assisted living and end-of-life care, prolonging personal independence, and reducing the pressure on public health services.  However, the increasing use of assistive technology and digital transformation also provides another security entry point for hackers, which means these devices could also be compromised. Aged care providers have already become a preferred target of cyber criminals, with approximately $40 billion being stolen from elderly patients every year in the US alone.

How to protect patient data

Overlooking cybersecurity could jeopardise healthtech innovation, as a small number of data breaches, device failures, or patient deaths could prevent further consideration of digital adoption, leaving health services without an essential series of healthcare tools. This could apply even if providers were to have hundreds of success stories, so it’s essential that robust, trustworthy security protocols are established, and that cyber resilience conversations start happening in healthcare.

That said, selecting the right solutions can be difficult, and providers will need to consult tech SMEs who can help navigate the security landscape and build robust, dependable device ecosystems. Security technology employs several methods to protect patient data, including data encryption, system monitoring, and anti-virus software. By adopting the right tech and providing quality training, healthcare organisations will protect their data, and deliver the best possible care to patients in need.

By Bipin Bhaskar, Client Partner, Digital Engineering, Persistent Systems

The post Why Security is the Most Overlooked Part of Digital Transformation in Healthcare appeared first on .

In addition to the external pressures created by the rapid increase in attacks, are internal issues and a generally poor level of security displayed across the healthcare system. For instance, despite expanding networks and fleets of medical devices, the vast majority of US hospitals still do not have a dedicated “chief” of security on staff. That’s a lot for IT to manage especially given the new security concerns of their rapidly digitized environments which has led to a lack of security cohesiveness across every organization.

The result of the relative weakness is that hospital boards are also seeing the recent price tags of ransomware attacks. A Ponemon/IBM Security study cited the average cost of a breach in 2021 at $4.24M for all industries. Healthcare, however, is more than double that number at $9.23M. What’s more, the more high-profile cases are showing total losses far greater; with one topping $100M, as announced in May this year. These are trends that the industry simply cannot ignore.

These circumstances fuel several predictions for healthcare cyber security in 2022 which we don’t believe are a stretch by any means:

Hacking Strategies Will Continue to Evolve

We all saw what happened to cyber-attacks on hospitals in 2020. Fueled by the pandemic, triple digit increases in attacks on health systems were ignited because hackers knew hospitals would be completely engrossed in the pandemic and were easy targets. As a result, hackers blasted healthcare delivery organizations at an estimated cost of $21 Billion. For the most part, it was a “spray and pray” tactic that worked very well given how distracted and vulnerable hospitals were during that time. Given all the lessons hospitals have learned to stay ahead of patient surges, we can expect them to be better prepared for future attacks. Unfortunately, the bad actors have also learned a lot. They are better equipped to know what was successful and what was not and will fine-tune their attack models. Expect their largely “spray and pray” tactic to morph into a “bait and prey” strategy where, before launching an attack, they will assess which hospitals are lower hanging fruit based on their weaknesses and potential bounties.

Hospital Boards Will Mandate Action

As the chess match continues between hackers and healthcare security teams during 2022, hospital boards will push senior management (i.e., from CEO to CIO to CISO, etc.) to ensure the level of cyber security is raised. The overall risk to financials from ransomware attacks is now too great to overlook. It’s not the payouts that will be the main concern, it’s the revenue loss from potential shutdowns, as well as the fallout on reputational damage. According to an CyberMDX/Philips Ipsos study published this year, hospitals lose as much as $80,000/hour in revenue whenever operations are shut down. Recent attacks have been known to shut facilities down for days and weeks, and as we previously mentioned, one California based healthcare system reported $91.6m of lost revenue during the 4-week recovery period. That’s a lot of revenue to make up. In addition, cyber insurance is getting tougher to obtain and afford so boards will better understand its limitations and recognize this as another reason to want more assurances that operations will not be disrupted.

Supply Chain Will Demand Attention

Finally, we are all impacted by the post-pandemic supply chain issues. While it’s not hard to see those issues as lingering factors in 2022, what many may not recognize are their relationship to cyber security. Suppliers can be entry points for bad actors to get to their real targets. Remember Target? Home Depot? The same strategy to penetrate through retailers can also be applied to healthcare providers. Similarly, if a third party’s equipment that is widely deployed in hospitals were to have a vulnerability exploited then it could spread to many healthcare facilities and networks – à la Solarwinds style. The other way this can be impacted is if the supplier itself is attacked and shut down. If it’s a major supplier of a highly in demand medical necessity, that kind of bottleneck can have severe ramifications.

So what can providers do? It’s important to put things – especially the Internet of Things – in perspective. The foremost priority of any hospital is quality care. In the past, that meant having the best physicians, staff, accommodations, and medical supplies and equipment. Today, however, it must include protection of all the things that ensure quality care – from medical equipment to medical data, all the way down to whatever powers those systems and devices. As we move into 2022, the importance of IoT and medical device security will become undeniable. It is no longer an IT concern. It’s a vital part of the holistic mission for any health delivery organization.

About the author

Azi Cohen is the CEO of healthcare security leader CyberMDX. Before CyberMDX, Azi Co-Founded WhiteSource, a provider of open-source security software, where he also served as SVP of Global Sales. Azi has over 25 years of experience in IT and is an active angel investor. He holds a B.Sc. with honors in Engineering of Information Systems from Technion – Israel Institute of Technology.

The post Cyber Security in 2022: What it will Mean for Every Health Delivery Organisation appeared first on .

Paradoxically, the speed of these changes mean that IT administrators are aware of the security risks. Helped by some recent cases- as over 1.5m records were breached across 39 healthcare data breaches in February 2020 alone, according to recent research by the HIPAA Journal– best practices have made their way into the minds of IT staff; importance of protecting their cloud data, regularly testing backups, and more broadly, having a solid disaster recovery plan in place.

However, this has led to the seemingly benign and unsophisticated functions to go under-scrutinised: namely, sharing of data. In a sector increasingly intertwined with industry, with research laboratories locked into a global competition, healthcare organisations need to match the standards expected in the Corporate and Defence sector. Beyond the need to protect valuable research data, these organisations deal with vast amounts of highly sensitive and confidential patient data and need to abide by global standards such as GDPR and ensure that data is shared in a controlled manner. As the pandemic spurred on remote working and prevented non-essential contact, the collaborative working system across our healthcare system that allows for referrals and multiple wards and units working together relied more heavily on sharing patient data digitally. And with this, the amount of data being shared increased vastly, making it more difficult to and track control what is being shared and when.

This is where it becomes essential to move these organisations to a modern file transfer solution, which allows to combine more convenience with added security for all parties involved.

So, what should an IT administrator be looking for in a modern and solid file transfer solution in 2022?

Encryption: this is an absolute must-have, with preferably a military-grade encryption level, typically AES-265, to ensure files cannot be read if the storage is ever breached. A robust solution does not leave weaknesses in the overall design: the strongest possible encryption is a waste of time if user chose encryption key easily guessable. Modern solutions, such as Synology’s C2 Transfer add extra security layers by calculating encryption based on the email of the sender, helping add additional complexity.

Identity check: When sharing confidential files, there is always a risk that the link is intercepted, possibly sent to the wrong email for example. It is therefore essential that the solution “checks” that the person looking to access the link is authorised. To ensure this vital check does not come at the expense of the user experience, a unique One-Time-Password can ensure research files do not end up in the wrong hands.

Controlling who shares what: The minute we give staff the possibility to share data, we should expect that the wrong data will be shared with the wrong person. It is therefore essential that users can restrict file access. Ensure the file transfer solution allows to control the number of downloads allowed, ideally a simple option to “download only once” will mean that after the intended person accesses the data, the link will expire. If an entire team of researchers need to access the data, then it is vital users can set expiry dates after the link is inactive.

As essential as these features are, IT administrators cannot solely rely on the goodwill of users. This is where policies become useful, as they allow you to enforce that “whoever shares a file must set a number of downloads” or alternatively, “must set an expiry date”. Whatever the size of the organisation, you will want to set boundaries for more junior users and give more flexibility to senior member such as professors, it is therefore good to see if the solution entails groups and policies.

Solid infrastructure & fast transfers: whilst this may sound more like a purely sales feature, it is vital that staff adopt your file transfer solution. Beyond a well-designed interface, the speed of upload and time for the receiving party to download and access are absolutely critical to that adoption. What is the risk of going for a cheaper provider, who may have limited servers throughout the world and therefore slower speeds: users will revert to file transfer apps they may use personally, but not integrated into the university’s infrastructure, and over which you have no control or visibility, potentially open to being hacked and your data being leaked.

This brings us to a last important consideration: a modern file transfer solution needs to integrate with the rest of the healthcare system’s set up. Whilst convenience can directly benefit, more prosaically, tying the file transfer platform into the same account system will mean a lower risk of breach.

So, to all IT administrators in the healthcare industry, in this fast-evolving environment, it is imperative to anticipate the coming challenges, and ensure that you can not only recover swiftly from security breach but avoid the breach altogether by ensuring users are interacting and sharing data on a modern and secure file transfer platform.

By Nicole Lin, Managing Director of Synology UK

The post External File Transfers – Do they need to be Risky Business? appeared first on .

The coronavirus pandemic has led many people in healthcare to think differently about emergency resilience. But what will the next major emergency be?

Having recently completed his tenure as chief executive of University College London Hospitals NHS Foundation Trust, Professor Marcel Levi said earlier this year that it was an “illusion” to think organisations can “precisely prepare for what is coming our way”. He was speaking to veteran commentator Roy Lilley in March at an Institute of Health and Social Management meeting, in which the suggestion emerged that the next big disaster facing healthcare might even be global cyber-attack.

Growing cyber threats facing healthcare

Such concerns are apparently not unjustified. Many people will remember the impact of the 2017 WannaCry ransomware attack that infiltrated NHS systems throughout the country. And despite its impact, this attack was reportedly not specifically targeted at healthcare organisations.

According to cyber security expert Leif Nixon, attacks facing healthcare across the world are now on the rise. He remarked in an article this summer that in the US, for example, there has been a “steady stream of flash messages from the FBI, the Department of Homeland Security and other security organisations about increased threat levels against healthcare systems”.

In the UK too, threats continue to be taken seriously as vulnerabilities in systems continue to be identified. For example, NHS Digital continues to issue cyber-security alert notifications to health and care organisations, ranging from weekly threat bulletins to immediate high-severity alerts. At the time of writing this article, during 2021 alone some 230 alerts have been featured on a dedicated page on the organisation’s website. This includes six “high” severity alerts, the latest of which was issued in September 2021, and several of which describe work to resolve “critical vulnerabilities” in a number of well-known technology suppliers’ systems.

The 2020 annual review from UK’s National Cyber Security Centre (NCSC) also detailed the extent of some of the threats facing healthcare. Eleanor Fairford, the organisation’s deputy director for incident management is quoted in the document, stating that the NCSC “actively redirected our efforts to defend the health sector and because it was such a priority, it rose to our second most supported sector”. The centre said it had deployed experts to support NHS trusts through cyber incidents they had faced, and that around a quarter of incidents the organisation responded within a year were related to coronavirus.

A matter for leaders

The threat to healthcare organisations from increasingly sophisticated cyber adversaries is very real.

The security of patient information is one serious area of risk, with patients’ medical records containing highly sensitive personal information. But more than that, as Nixon points out in his analysis, healthcare organisations need to think about how to safeguard their systems from a range of threats. This might mean thinking about the security of administrative systems, medical devices, and even the systems that control the infrastructure of the hospital – such as power and lighting. With the potential to impact on operations and other aspects of healthcare provision, exploited cyber weaknesses could in some circumstances directly impact on patient care.

These are just some of the things that NHS leaders might consider as they prioritise cyber security. In fact, leaders of integrated care systems and other healthcare organisations in the NHS were issued with a new reminder in September to ensure that all digital projects and programmes are “cyber secure by design”. This was set out in the What Good Looks Like framework from tech unit NHSX. The framework, which advises leaders what they should do to support successful digital transformation, goes on to mention ‘cyber’ no fewer than 18 times throughout the document.

Could vendors help?

Even equipped with guidance and government support, the evolving threat might seem like an insurmountable challenge for many, especially for smaller organisations in healthcare that might have limited resource.

But those organisations are not alone. Since the WannaCry attack hit headlines four years ago, an appetite to accelerate cloud strategies has accelerated in the NHS and UK public sector more widely. This has been complemented by public cloud vendors bringing more offerings to the market and bandwidth becoming accessible at more manageable price points.

The significance of this is that moving some applications to the cloud could alleviate some or the burdens on pressured NHS IT and security teams. Technology providers can lend their expertise more easily in some instances and ensure that systems are patched without delay. Consistent deployment approaches achievable through the cloud for some solutions, could also help to avoid local mistakes and variation that could create vulnerability risks.

This does not remove responsibility from trusts entirely. Cloud deployments need to be correctly configured to be secure, with appropriate resilience put in place. And there are varying degrees of responsibilities that NHS organisations might choose to outsource through the cloud to vendors. But the benefits of removing complexity from on-premise solutions is appealing for many in the health service – with the added benefit of being able to draw on the often far more extensive security expertise and resource of large cloud providers.

Only a few years ago, placing a solution like a picture archiving and communication system (a platform used to examine crucial patient imaging) into the cloud, was a niche idea for trusts. Now, we are seeing the reverse, with cloud a key requirement in many major regional procurements.

Preventing supply chain weaknesses

Procurement in itself is an area where more and more NHS healthcare organisations are starting to pay even closer attention to cyber threats and resilience in the supply chain.

Diligent organisations in the NHS have long required that suppliers meet a range of necessary standards, whether that’s the ISO27001 international standard on how to manage information security, or meeting Cyber Essentials Plus tests, for example.  If a vendor is certified in these kinds of areas, then confidence can be gained that the vendor is serious about cyber security. Companies meeting the requirements for these standards are usually known for making sure infrastructures are as secure as they possibly can be against outside influences, and that penetration testing is done to a required cadence.

But it is only more recently that some procurements are starting to ask similar questions of the wider supply chain of a prime contractor.

I have been stunned by the amount of vendors operating in the UK space that do not have the key standards.

This is something many responsible companies do routinely check of their own subcontractors. Sectra has an approved supplier process for example, in which we are not allowed to include vendors in our solutions that don’t meet minimum requirements. And if we find vendors are not compliant, they either address the requirement or are removed from the process. But the existence of some companies in other supply chains, suggests this may not be a consistent approach across all prime contractors.

It is welcome to see the NHS now asking these questions more routinely as part of the procurement process. When it comes to cyber security, you are only as strong as your weakest link. Where this is built into the process, the opportunity for assumption of checks being done is removed.

Diligence is key, but not a guarantee

Diligence at different levels of organisations from leadership down is a fundamental requirement. This article has covered only a small fraction of considerations in facilitating a cyber secure NHS. But there are no guarantees that any approach to cyber resilience will be successful, however well designed. Attackers can still find and exploit weaknesses, and in the case of healthcare the consequences for loss of data or loss of service can be severe for providers and for patients. Just as Professor Levi observes, it is not possible to prepare for every scenario. Organisations must have contingency plans for when things do go wrong.

The post Could Cyber Security Threats be the Next Big Healthcare Emergency? appeared first on .

It’s a fierce adversary, too. Hospitals being offline presents a critical threat to patient care, and in many cases during the pandemic health staff were forced to document records by hand when denied access to electronic patient health information (ePHI), or internet-served medical equipment due to cyber-attacks. This shouldn’t have to be the case. In the business of life and death, healthcare organisations simply cannot afford to negotiate for days or weeks while their systems are held hostage.

The threat of ransomware shows no sign of abating, either. In the healthcare sector alone, a third of NHS trusts were successfully attacked with ransomware between 2014 and 2020, causing an estimated 206 days of downtime, while the U.K.’s National Cyber Security Centre (NCSC) warned in its most recent annual review that it had handled over three times more ransomware incidents between September 2019 and August 2020 than in the previous year.

This all points towards healthcare organisations facing an increasing volume of ransomware attacks. Recent events across the Irish Sea serve as further evidence too, with an attack on Ireland’s healthcare system in May reducing appointments by more than 80%, creating a knock-on impact for patients.

Some actions are already being taken to defend against ransomware, but what can providers do to further mitigate the risks they pose?

The open nature of hospitals leaves them vulnerable

Devices are omnipresent in hospitals: they’re in every doctor’s office, portable monitor at nurses’ stations, scanning room and operating theatre. They give healthcare staff to access critical, live data which informs how they can best care for patients. Unfortunately though, the easy-access design that makes these systems so useful also makes them – and the swathes of patient records and vital information they provide – vulnerable to hackers.

It is important to design healthcare IT with cybersecurity with this in mind, but unfortunately, many healthcare organisations are yet to heed this lesson. Plenty still run old software such as Windows XP leaving them open to vulnerabilities that wouldn’t be a problem with modern operating systems and patches. Others aren’t reacting to attackers’ efforts to commandeer medical Internet of Things (IoT) devices with increasing frequency, either. You only need cast your mind back to the large scale WannaCry attack on healthcare systems, which saw many internet-connected medical devices taken offline and many hospitals left without vital equipment for the duration of the attack, to know how that scenario could play out.

Ransomware on the rise

Ransomware ‘kits’ are easy to purchase on the dark web, meaning anyone can exploit vulnerable IT systems. Healthcare services are an attractive target for hackers because they usually store ePHI records, which include confidential information about individual patients. In practice, however, these records aren’t always stored in line with industry standards, plus the records cannot be deleted after a set amount of time, as is standard protective practice in many other industries.

In addition to this, attackers are becoming far more skilled at targeting the IT weaknesses of their target organisation. Many spend a long time lurking on systems before making the attack, often taking advantage of old faults, or leftover user accounts from old contractors, which could be prevented if modern tech and zero-trust protocols were used.

Once they have achieved access, the attackers’ next objective is to harvest credentials with more access and look for more machines and more valuable data to extort. Once they have gained the right credentials, they often take these steps:

• First, they extract large amounts of sensitive data, such as personally identifiable information (PII).
• Then, using the credentials they have stolen to avoid detection, they take control of users’ identities and look for ways to ‘live off the land’. This means taking advantage of pre-installed programs and processes on a compromised computer. Using the victim’s own tools against them makes attackers appear legitimate, making it difficult for security teams to identify malicious activity. Plus, attackers don’t have to bother building or distributing new tools, which takes time and resources and can raise red flags.
• Finally, they execute their ransomware kit using built-in software distribution channels that the organisation trusts and uses routinely. This is a highly effective tactic, as it allows the attackers to disable – or sometimes completely circumvent – existing security controls.

Explaining extortion

During their attacks, ransomware threat actors look for ways to stealthily disrupt backups, delete shadow copies and unlock files to maximise their impact. In many virtual hostage situations, attackers will not only demand a ransom payment for decrypting target data but also threaten to leak it unless additional payment is made. According to F-Secure research, nearly 40% of ransomware families discovered in 2020 utilised such double-extortion methods.

The release of the data isn’t always the end of the story, either. The NCSC recently shared a cautionary tale of an organisation that paid millions in bitcoin to recover its files but failed to take necessary steps to identify the attack’s root cause and secure their network. As a result, the same attackers came back just two weeks later, using the same techniques to re-deploy the same ransomware, forcing the organisation to pay another hefty ransom. For this reason, it is important to address the root of the ransomware attack – how did it get there?

How can healthcare get ahead of ransomware attacks?

As ransomware attacks become more sophisticated and highly targeted, healthcare organisations must proactively ramp up their security posture to protect critical infrastructure and preserve patient care and trust.

The implementation of a ‘Zero Trust’ framework and the principle of least privilege within healthcare is a must. This essentially means organisations should not automatically trust or give access to any ‘thing’ or user until it has proven its identity. Once online, this user should then only have access to the information they actually need. In a hospital, these identity-centric controls might look like an oncologist only having access to their own patients’ records, rather than all oncology patients. If a hacker gets access to that oncologist’s login, for example, then they only gain access to a few patients’ records, and the potential damage is significantly reduced.

Least privilege, access and identity restrictions should form the core, identity-centric foundation for a defence-in-depth endpoint security strategy based on a Zero Trust approach. Not only can identity security solutions help detect and block ransomware itself, but by “trusting nothing and verifying everything” they also work to stop identity and privilege abuse at critical points in the attack chain. As a result, threats can be found and stopped before they do harm.

Once these controls are in place, healthcare organisations can focus on enhancing cybersecurity awareness and skills training, revisiting digital security fundamentals and hardening and backing up critical hospital systems to protect against future attacks. They provide us with a vital service, so it’s important that they take steps to keep themselves running in the safe way that they and the public deserve.

By David Higgins, EMEA Technical Director, CyberArk

The post Why Ransomware Presents a Unique Threat to Healthcare Organisations appeared first on .

Rise in attacks on the healthcare industry

In recent years, digital technology has been widely adopted in healthcare and this has provided great opportunities to further healthcare and services to patients. It also means these institutions hold copious amounts of sensitive data, such as patient information like medical records, addresses, laboratory tests in addition to a variety of essential medical machinery, such as life support machines and IVs. However, it presents enormous risks in protecting data and maintaining critical systems from being disrupted by cyberattacks. In fact, in 2020, 92 ransomware attacks affected over 600 healthcare organizations, exposing more than 18 million patient records and costing an estimated $20.8 billion.

Additionally, hospitals are particularly attractive targets for cybercrime as they hold the same amount of financial data as banks. Both organizations retain customers’ personal addresses, dates of birth, and most importantly payment details, all of which are extremely sought after by cybercriminals. Yet, the healthcare sector only has a fraction of the security protection of banks, while suffering from an increased lack of visibility into their IT, Operational Technology (OT) and Electronic Healthcare Record (EHR) environments.

Furthermore, because cyberattacks have become such a problem within the healthcare industry, in the UK, The National Cyber Security Centre has also issued continuous warnings and support to organizations within this sector to remain vigilant of cybercrime. We saw the catastrophic impact a cyberattack had on Ireland’s health service which led to downed systems and cancelled appointments in late May this year.

Complex healthcare security systems with a fraction of the support and resources

Healthcare organizations are also easy prey for attackers as they have complex environments which are extremely difficult to secure. To further complicate matters, they often lack the resources and bandwidth to effectively secure them. In essence, healthcare organizations have three different layers of technology within a single infrastructure.. Firstly, there is traditional IT, such as laptops or desktops, and secondly, there is OT, such as clinical and medical devices.

This type of environment is similar to that found in other industries, such as manufacturing. However, in manufacturing, they will have IT systems in their offices and OT systems on their shop floors or in the field. This makes it easy for them to segment the responsibility of managing one kind of technology in a single location. However, in healthcare, a hospital will have IT and OT in the same room rather than separate locations, making it more difficult to secure as a whole.

On top of this, hospitals also utilize Electronic Health Record (EHR) systems, which collect and store all of the patients’ health information, acting as the operating system for the entire hospital. When all three of these technologies are meshed within a single environment, it creates security gaps as very few security solutions offer insight into all three technologies.

Virtual Care also includes security

The healthcare industry is undergoing a digital revolution. If securing IT, OT and EHR systems was not complicated enough, the advent of telemedicine has only complicated matters further. Telemedicine has seen exponential growth in recent years with 76% of U.S. hospitals already connecting with patients and consultants using videos or other technology, while six in ten healthcare organizations are already using IoT. With more technology and connected devices introduced into medical environments, there are more entries of attack for cybercriminals.

In addition to telemedicine, the introduction of 5G has also welcomed a world of opportunities for hospitals. 5G can allow technology to run up to 100 times faster than current cellular connections, changing how medicine is delivered. By using 5G, medical professionals will be able to send large files, such as patient scans and health records within seconds rather than hours, doctors can perform less invasive treatments and medical systems will be able to deliver remote monitoring to more patients due to 5G’s lower latency and higher capacity.

However, 5G not only introduces new opportunities to medical professionals and their patients. It also creates new opportunities for cybercriminals as well. As medical professionals start to favor 5G over the hospital’s secure Wi-Fi network, more sensitive activities, data, and devices will be available outside of the hospital’s operating systems making it more difficult to protect. Furthermore, the likelihood of using insecure networks and unmanaged devices also increases, which will present privacy and compliance hurdles

As digital transformation continues to sweep across the healthcare sector, medical environments and endpoints will become a significant target for hackers. Moving forward, security professionals must question their own assumptions and views of cyber threats in order to stay a step ahead of attackers. Healthcare organizations have a duty to care for their patients and that includes protecting their sensitive information and having the necessary visibility across devices and networks. This requires a dedicated endpoint security with secure access edge security (SASE) that will protect the healthcare organization’s staff, patients, devices and information.

The post Mobile Healthcare Security in the Modern Age appeared first on .

However, IoMT devices are also a major security concern. Recent data from Irdeto reveals that a staggering 80% of med tech firms have suffered a cyber-attack in the past five years, and thousands of new technological devices that are connected to large, singular networks have left healthcare organisations even more exposed to cyber-attacks.

Access points aplenty

A hyper-connected healthcare industry with thousands of access points is a highly lucrative target for threat actors who have refined their extortion tactics. Patient data is extremely valuable, and a typical electronic health record (EHR) for an individual contains highly sensitive data such as name, home address and date of birth – plenty of information for cybercriminals to harvest.

Also, one of the biggest potential vulnerabilities of the health industry is its complex IT infrastructure that has a very high number of access points and connected devices. Operational technologies include connected MRIs, iPads and desktop computers used by staff members, wireless routers in hospitals, and other electronic devices that can be connected to a singular network.

Ransomware also remains as the main cyber threat for hospitals, and the Irish healthcare system’s most recent hack exposed how much of a target the healthcare industry really is. What’s more, the NHS is still dealing with the fallout of the WannaCry hack that happened over four years ago that affected hundreds of thousands of clinics and hospitals in the UK.

The impact of IoMT and operational technology

It is important to remember how much the IoMT and operational technology, or OT, have transformed the healthcare industry, especially in recent times. OT has facilitated ground-breaking medical research, allowed workers and patients to connect during one of the most challenging periods the industry has faced in centuries and has also enabled staff to partake in remote working – something that was previously considered unachievable for many healthcare organisations.

But transformative medical technology comes with great responsibility, and it is critical healthcare professionals must shore up on their cybersecurity knowledge as threat actors keep tabs on vulnerable healthcare networks that they can exploit. Engaging cybersecurity training, from phishing simulation videos to group training sessions on how to properly use OT systems, can make a positive impact on generating cybersecurity awareness among healthcare professionals.

However, doctors and nurses that use vulnerable work devices and networks are busy providing patient care and often lack the time to fully bolster up on their security knowledge. This poses a particular challenge for overstretched IT security teams, especially as insider threats are responsible for over half (60%) of data breaches.

Small and often overworked IT teams are yet another potential vulnerability for the industry if they fail to keep up with all the demands that sufficient cybersecurity requires. Often having budgets slashed and being required to do more with less, IT teams require additional help when safeguarding the world’s most valuable data.

So, how can the healthcare industry effectively protect vulnerable IT infrastructure whilst using IoMT devices, remaining compliant and safeguarding precious patient data with a declining budget and high risk of insider threat? The solution is privilege access management.

Technology solutions for first-class defence

A robust privileged access management (PAM) solution can meet all necessary security requirements. Setting up an access manager component will give security teams visibility into, and control over, privileged access. Managers can then define privileges for any user, ensuring that the user can only see the systems and complete tasks for which they authorised to do so.

In addition to assigning privileges, security teams also require visibility into login activity, and any actions from privileged users make while they are in the system. This helps security teams to identify unusual activity on the network before a potential security incident happens.

Healthcare organisations can further boost their security by adopting real-time and automated session management capabilities. This means that session manager can detect and monitor inappropriate activity on its own, along with having the power to automatically terminate such a session or to raise real-time alerts, so that administrators can take a closer look at it before taking necessary action. Being able to automatically shut down unusual session activity on OT or to raise real-time alerts for security teams is critical for healthcare organisations as this can stop threat actors in their tracks.

What’s more, PAM solutions that can record all sessions give an audit trail for regulatory compliance and can be used as a training tool for employees. This will educate and help healthcare workers to recognise whether pieces of equipment, such as MRI scanners, have been updated incorrectly or suffered a true mechanical malfunction – another useful method of identifying unusual activity that may be a threat to the organisation.

For solutions to be appropriate, they need to be low impact so that service delivery is not affected. Solutions must also be easily and quickly implemented, results-oriented to ensure vulnerabilities are mitigated, and incorporate security-by-design principles, to minimize IT workload whilst maximising security throughout systems.

Education on cyber-risk is also key to overcoming the challenges healthcare professionals face. Training that is engaging is proven to be highly effective, and healthcare organisations can bolster security by regularly test the security skills and knowledge of employees via phishing simulation videos.

Combining technology and education for maximum impact

The IoMT has transformed the healthcare industry organisations during the pandemic, but new systems and devices that are now widely adopted by healthcare organisations have created new risks and challenges. Attack surfaces have widened as cybercriminals kept a close eye on vulnerable networks, and the entire healthcare industry need to act fast to shore up defences.

Therefore, it is essential that the healthcare industry combines an effective cyber security platform with training if we are to stay ahead of today’s evolving threat landscape. Any comprehensive healthcare and IoMT cyber strategy should provide secure remote access, enable audits and compliance, and keep all employees up to date on the risks through training. Armed with secure solutions and regular cyber-security training, healthcare organisations can be fully equipped to function in a digital-first world and fight off any external threats.

By Majid Mohammed, Healthcare Strategist at WALLIX

The post The Internet of Medical Things (IoMT): Safeguarding Increasingly Vulnerable IT Systems appeared first on .