CyberMDX: How to prevent cyber attacks in healthcare

Cyber attacks in healthcare increased by 45 per cent globally towards the end of 2020 - double the rate of attacks in other sectors, with hackers taking advantage of the perfect storm of new technologies being implemented at speed and staff efforts focused on the pandemic. 

Azi Cohen joined CyberMDX earlier this year having spent most of his career working to protect financial institutions. He did so because of a desire to help healthcare organisations address their security issues. 

By comparison to the finance sector, healthcare organisations are often are more vulnerable to cyber attacks. "Financial organisations are better protected today because the industry has invested quite a bit of time and money into improving the situation - they spend approximately 15 per cent of their annual IT budgets on cybersecurity. By comparison, most healthcare organisations lack dedicated cybersecurity teams and probably spend only around 4 or 5 per cent on this" Cohen says. 

The motivation of the hackers is financial. A health record contains not just social security and driver’s license numbers but also employer details, insurance details, and prescription data. "Hackers can use this information to file fraudulent insurance claims, buy drugs or medical equipment with it, and they can even file fraudulent tax returns. The data in a person’s health record contains enough detail to help steal identities. If bad actors aren’t looking to do something themselves, they could sell the information in a kit and fetch one or two thousand dollars on the dark web." 

However the main use is not to exploit individual data, but to launch a ransomware attack, where hackers infiltrate the hospital’s network, gain access to the health , and lock the hospital out of the system, holding the patient data hostage until the hospital pays the ransom.

The impact of the pandemic

Hospitals are particularly vulnerable given the amount of medical devices and systems they use. "The average US hospital has over 30,000 connected medical devices and endpoints, many of which are running vulnerable, unpatched and outdated software" Cohen says. "This provides almost endless endpoints for hackers to try.

"While there are several hundred large hospitals and healthcare networks in the US with structured resources in place to handle security concerns (i.e., security team, CISO and CIO), there are thousands of smaller healthcare delivery organisations that do not.

"Instead, they have to rely on general IT departments to handle everything. In these situations the IT teams are tasked with formal IT roles and, in addition, are meant to find time to also cover the massive job of securing, patching, updating and monitoring the thousands of devices they have within the network" Cohen says.

The COVID-19 pandemic highlighted these vulnerabilities, as all efforts were concentrating on caring for large numbers of patients, coupled with having to implement new technologies very quickly such as virtual consultations, and leaving far less time to consider the security implications. 

"What would usually be done in a slow and steady process had to happen overnight" Cohen says. "To add insult to injury, a barrage of bad actors decided the greatest public health scare of the last century was the perfect opportunity to hold hospitals hostage and jumped in to attack these weaknesses. By some estimates, attacks on healthcare organisations increased by 500 per cent or more while they were dealing with the global pandemic." 

How to prevent cyber attacks

One of the best ways to prevent cyber attacks lies with the hospital staff. "All personnel must have a basic understanding of proper cybersecurity protocols, and hospitals should invest in employee training around what to do with potentially suspicious emails. They also must ensure their medical terminals are locked when not in use. What’s more, systems should only be accessed by credentialed staff members to not expose hospitals to unnecessary threats."

"It’s much easier to prevent an attack than to undo the damage of one that’s already happened. Early detection and mitigation are the key to optimal security. You can’t protect what you can’t see so this effort must begin with establishing visibility across your entire network to achieve an accurate inventory of all your devices" Cohen says. 

"We highly recommend doing a gap analysis or risk assessment. This will allow you to analyse your medical devices and understand what your risk profile is based on security vulnerabilities, version compatibility, and the compliance alignment of each of the devices on your network. 

"Lastly, hospitals should always employ monitoring solutions to ensure that any anomalies are detected and reported. Should a security threat be detected, hospitals that have the proper tools in place can keep the threat isolated and prevent the hacker from moving around within the network." 

Automation and monitoring

In the long term, Cohen says that investing in automation is vital to prevent cyber attacks. "With the massive number of devices and endpoints in even a small hospital, security teams cannot hope to achieve an adequate level of security manually. Specialised tools designed for IOT and medical devices will provide security teams with constant monitoring and crucial early detection capabilities that will allow hospitals to mitigate and isolate potential security breaches. 

"It’s critical to always be surveying your cyber hygiene so you can constantly improve and close gaps. A continuous risk and vulnerability management plan that is always on and monitoring will keep you vigilant.

"Lastly, we think a change in the way security is approached in the healthcare industry is important. A move towards dealing with the rising issues means a device-centric risk management approach is a key advantage that can be leveraged against attackers" Cohen says. 

"Layering security around each device - including unmanaged devices (the operation part) – provides unique remediation and network-based mitigations to reduce the likelihood of an attack. While the healthcare sector needs to do this over the long-term, the good news is that the tools and technology exist - they don't have to wait, they simply need to take action.