Digital transformation has been a blessing for healthcare organisations and the general population. The prevalence of cloud systems and Internet of Things (IoT) devices have made healthcare services more accessible and diagnostic operations more efficient. However, it has also opened the doors for sophisticated cyber attacks.
Last year, cyber attacks targeting the healthcare sector reached record highs. In the midst of a global pandemic, such attacks critically affected organisations’ ability to serve patients. In the US alone, attacks on the healthcare sector affected over 45 million people. In the UK, over 297 million patients’ data was breached during the pandemic.
This increasing number of attacks is also having a wider economic impact, as disruptions are causing wait times to dramatically increase across public healthcare systems, often impacting organisations’ ability to meet patient demands.
It’s high time healthcare organisations prioritised adopting proactive practices to boost their security resilience.
Why healthcare is a prime target for cybercriminals?
One of the main reasons behind this unprecedented influx of healthcare cyberattacks is the critical nature of the industry itself. Threat actors utilise the fact that such organisations need to function without any disruption in order to facilitate timely patient care. Therefore, they find it easier to assert pressure on healthcare organisations through attacks like ransomware and extort financial benefits.
Another reason is the valuable nature of healthcare data. Such organisations store hundreds and thousands of private patient records, whether it’s their names, addresses, credit card info, or even social security numbers. Breaching healthcare records means that threat actors can land upon an abundance of private information, which can be repurposed to craft future attacks or even sold on the dark web.
Moreover, these attacks are seen as low-value commodities in the cybercriminal community. Investigations by Trustwave SpiderLabs – Trustwave’s research arm – have found illicit vendors offering direct access to the networks of specific healthcare providers for as little as $2-$17.
So, how can healthcare organisations bolster their security infrastructure and increase cyber resilience? Here are some of the important proactive guidelines:
-
Emphasise email security
Email has long been the weapon of choice for cyber attacks on all businesses, and the healthcare industry is a top target for email-borne threats like data theft and ransomware.
A solid email security solution should be the first line of defence, but it will only be successful if it can identify several harmful indicators, such as IP reputation, strange URLs, and the existence of hidden malware files.
Staff training to detect typical indicators of malicious emails can be beneficial, but employees should not have the sole responsibility for detecting attacks. Instead, training should emphasise the significance of following correct regulations, such as verifying payments and transfers via a secured external channel other than email.
-
Double down on security awareness training
While regular healthcare industry employees should not be responsible for detecting and blocking cyberattacks, a well-trained team may make a significant difference in averting crisis. Attackers will rely on health professionals being too preoccupied with helping their patients to focus on security.
Security training is frequently restricted to a few one-time PowerPoint-driven workshops, which do nothing to raise awareness. Instead, healthcare providers should undertake more in-depth drills that simulate catastrophic occurrences like ransomware attacks. This will allow decision-makers to get expertise in making quick judgments under duress, better preparing them for when a true crisis arises.
-
Strengthen authentication and password practices
Most threat actors aim to get their hands on login credentials belonging to privileged user accounts. This is often easy to obtain, when there is a massive open market for stolen data on the dark web. The Trustwave SpiderLabs team found large volumes of stolen login passwords and browser sessions on the dark web, which allowed access to critical healthcare facilities.
This is why strong password practices are critical for any organisation. Employees might not be even aware that their passwords have been compromised and are being sold on the dark web. Organisations should mandate their workforce to use complex and non-guessable passwords. IT teams should incorporate strong hashing techniques when saving and storing passwords. As a priority, multi-factor authentication should be implemented throughout the organisation.
-
Prepare for ransomware attacks
It’s no surprise that ransomware is often regarded as the most dangerous cyberattacks for most industries, especially the healthcare industry. The threat of downtime, losing access to critical resources and assets, and having sensitive data leaked can be crippling for any organisation. Such cyberattacks can be more damaging for healthcare industry organisations, because of their destabilising consequences. If critical systems or equipment are shut down, human lives may be jeopardised.
While a robust email security system can prove effective in preventing ransomware attacks, organisations should be prepared that some attackers will always get through – no matter how well-guarded your gates are. In this scenario, it’s important to attain effective Managed Detection and Response (MDR) capabilities, supported by an experienced team of threat hunters.
This will potentially help to identify and eliminate ransomware threats in real-time, before threat actors can land on their desired assets. A Managed Security Service Provider (MSSP) is one of the most cost-effective methods to achieve these capabilities on a tight budget.
-
Secure your IoT networks
IoT-enabled technology has greatly aided healthcare practitioners in automating and facilitating remote working. However, if these linked devices are not adequately monitored and patched, they can create an easy way for threat actors to compromise the entire network
Because hospitals are likely to have hundreds of devices installed throughout their facilities, keeping them all updated and patched may be a time-consuming and resource-intensive process. Many medical professionals also struggle to obtain the necessary downtime to upgrade critical equipment.
A more effective approach would be to automate the device upgrade and patching process. If software and security updates are automated, critical devices can effectively run on the latest patch or version as soon as it’s released by the developers.
Future acquisitions should also be scrutinised by providers to verify they include important security functions and are available for maintenance and upgrades.
-
Identify supply-chain risks
Healthcare providers are at the heart of complex and extended supply networks. Medical material suppliers, consultants, hardware, and facility maintenance are only a few examples, along with an increasing variety of digital services.
These vendors frequently have extensive network connectivity or data access, making them an ideal target for threat actors looking for a route into the healthcare provider’s network. Organisations may potentially be victims of a second-hand breach if a company trusted to host or handle their data is targeted.
Supply chain risk can be reduced by vetting the security level of all third-party connections. This can be achieved without invasive network scans through publicly available information such as DNS server configurations and the presence of insecure ports open to the internet (e.g., MS-TERM-SERV, SMB et al).
-
Assess your defences
Security is never a one-time event. Even if the correct solutions are in place, the personnel are well-trained, and procedures are watertight, it is critical to evaluate defences on a regular basis and look for ways to enhance them.
Regular vulnerability checks are required to stay up with the ever-changing IT and cyber threat landscapes. Application and network penetration testing will take things a step further by harnessing the imagination of experienced security people to find and exploit a crack.
Penetration testing may also be considered by larger healthcare providers, such as hospitals, to identify any external or internal vulnerabilities to their IT systems.
Overall, it boils down to how resilient and strategically focused an organisation’s security infrastructure is. By leveraging advanced security controls and specialised cybersecurity partners, healthcare organisations can navigate safely in today’s increasingly connected digital environment.
By Ed Williams, EMEA Director of SpiderLabs at Trustwave
