November 06, 2020 By BlueAlly
Hospitals, along with other care and research facilities, are at the forefront of the global effort to fight COVID-19. As the Red Cross warned the U.N., “If hospitals cannot provide life-saving treatment in the middle of a health crisis […], whole communities will suffer.”
Unfortunately, while it was hoped that the critical healthcare sector would be spared by cybercriminals, that has not been the case. The pandemic has instead seen a steep rise in cyberattacks on the healthcare sector. And unlike with other industries, there isn’t the option for most healthcare employees to work remotely from home.
Why is healthcare at high risk?
- Stressed infrastructure: Healthcare IT infrastructure is often complex, overburdened and reliant upon legacy systems that require specialized staff to maintain.
- Rogue devices: To accommodate COVID-19 patients, healthcare facilities had to implement off-the-shelf remote monitoring technologies (including routers, cameras and sensors), often using risky default credentials and with insufficient due diligence.
- Untested telehealth: Healthcare institutions may have adopted remote health applications and remote monitoring equipment without proper penetration testing and verification, potentially increasing the attack surface exponentially.
- Third-party risks: It is difficult to ensure all connected third-party vendors, suppliers, service providers, government agencies, universities and NGOs maintain the same cybersecurity standards, a weakness that attackers often exploit.
- Overburdened staff: Healthcare staff are already overburdened, leading to lax security habits such as leaving workstations unlocked when stepping away to treat patients.
How has the pandemic has increased that risk?
- More attacks: At least 41 healthcare providers experienced ransomware attacks in the first half of 2020. One Fortune 500 healthcare organization was hit by Ryuk ransomware, which has impacted all of its U.S. sites.
- Larger breaches: The number of records compromised in cyberattacks and data breaches is rising, according to HIPAA Journal: “Costs are also rising. An IBM study found that the average cost of a healthcare data breach stands at around $7.13 million globally and $8.6 million in the United States. This represents a 10.5% year-over-year increase.”
- Patient casualties: One patient died in transit to another hospital, after a hospital in the city of Düsseldorf was unable to admit her because its systems had been knocked out by a cyberattack. This incident prompted a murder investigation by local authorities.
- Hampering vaccine efforts: Vaccine research efforts have been hampered by data theft and ransomware.
What Can You Do?
While cyber-defense initiatives in Israel, the UK and worldwide are beginning to have an impact, it is still mostly up to the healthcare institutes themselves to fight off this offensive. Here are some fundamental actions that could immediately improve the cybersecurity posture of your healthcare facility.
- Increase awareness and email security: Better awareness will reduce the chances of staff downloading suspicious documents or clicking suspicious links.
- Protect internet-facing devices: Only necessary ports should be opened to the internet. Researchers found vulnerable RDP ports increase the likelihood of a successful ransomware attack by 37%, and certain hackers are specifically stealing and selling RDP credentials on the dark web.
- Prevent credentials theft: Once inside, attacks spread across the network via readily available tools such as Mimikatz, which utilize aggressive password spraying and other credential-stealing techniques. Having robust passwords will reduce the chances of these succeeding.
- Implement endpoint security: Having an advanced endpoint security solution on all endpoints and servers is necessary for improving your healthcare organization’s cybersecurity resilience.
In medicine, it’s often said that an ounce of prevention is worth a pound of cure. This is true in cybersecurity as well. Healthcare institutions are bearing the brunt of cyberattacks during the COVID-19 pandemic. Fortunately, there are steps you can take to protect your organization.