Guest Column | May 6, 2020

Don't Lose Sight Of These 5 Common Threats During Uncommon Circumstances

By Jeff Horne, CSO of Ordr

Threat Intelligence Solutions

When INTERPOL warned healthcare organizations of an anticipated increase in the volume of ransomware attacks targeting hospitals during the pandemic, it got attention. The beleaguered industry, already a favorite mark for malicious actors, could ill afford to fall prey to the extortion of locked systems and data while remaining focused on their response to the COVID-19 outbreak.

And yet, amid the crisis, such warnings can give the incorrect impression that certain attacks are more worthy of attention than others. Cyberattacks are not an either-or proposition. Just because some malicious actors might increase their efforts at infecting a hospital with ransomware doesn’t mean other types of attacks will abate. To the contrary. Malicious actors are not humanitarians. They will take advantage of a pandemic, or any other crisis if they think it will increase their chances of success.

Stay Focused, Stay Vigilant

So, while it’s great to be reminded of current malicious operations, it’s more important to maintain a consistently high level of vigilance. Cyberattacks are a constant threat, and the healthcare industry finds itself particularly vulnerable on multiple fronts right now. The Center for Internet Security identified five threats common to healthcare. They are:

  1. Ransomware
  2. Data breaches
  3. DDoS attacks
  4. Insider threats
  5. Email compromises and fraud scams

IT operations at many hospitals and healthcare organizations are rapidly expanding to accommodate treatment for patients affected by the pandemic, while simultaneously supporting administrative staff who now need to work remotely. This sudden and unexpected growth is illustrated by the experience of one large hospital that, during March, saw their IoT footprint expanded by 9,000 devices, ten percent of which were classified as IoMT (internet of medical things) devices.

Whether it is a rapid increase in employees needing VPN and remote desktop access over the internet, medical devices, building and environmental controls, TVs, laptops, or any of the many other devices that connect to the internet through your organization’s network, it is a chaotic time in healthcare. All network devices need to be accounted for by IT and security operations teams to properly secure them. These devices need to be regularly checked for vulnerabilities and proper configuration. Highly vulnerable and at-risk devices need to be properly segmented.

Furthermore, staff need to be made aware of operational security protocols and reminded to remain vigilant against things like phishing attacks, visiting risky websites, and connecting to insecure and unfamiliar Wi-Fi access points.

Best Practices To Thwart Malicious Attacks

Consistent with INTERPOL’s warning, we have seen an increase in ransomware attacks against hospitals and healthcare organizations. The majority have used relatively simple phishing emails to deliver malicious links and attachments designed to fool healthcare employees. But we also have seen several instances of healthcare organizations opening up vulnerable versions of Remote Desktop and Oracle WebLogic portals to the internet, compromising the affected enterprises.

To address these attacks, we recommend the following best practices as a baseline for both employees and network operators to defend against the observed malicious tactics:

  • Phishing mitigation:
  1. Use strong, unique passwords for all systems
  2. Do not open an email from unknown senders
  3. Do not click links or open attachment from emails unless they are from a trusted source
  4. Ensure both your operating systems and antivirus software are up to date
  5. Make sure you have secured backups of important data stored on a protected secondary system
  • Network security:
  1. Implement increased spam/phishing detection capabilities on the email server
  2. Ensure that regular backups of critical information are taking place and kept on secured redundant systems
  3. Scan the perimeter of the network to detect any unprotected systems that can be reached over the internet
    1. If you have Oracle WebLogic or RDP on the perimeter exposed to the internet, make sure that all systems are at the latest security patch level
  4. Warn employees about an increase in phishing and ransomware attacks

Because every enterprise is complex and composed of different elements, every healthcare organization should take additional steps specifically designed to protect its unique needs and to follow developments in cybersecurity, especially as it pertains to healthcare. Right now, for example, sophisticated malicious actors are targeting vulnerable services used to support remote workers during the pandemic. This creates another layer of vulnerability that is likely to be part of the new normal of a post-pandemic workplace.

Whatever that new normal looks like, we must adapt to changes in both the threat and technology environments to protect our vital hospitals and healthcare organizations—and the future of healthcare.

About The Author

With over twenty years of experience in the security sector, Jeff Horne became Chief Security Officer of Ordr in March 2020. He was previously CIO and CSO at Blacklined and is a Member of the Review Board at Black Hat. Connect with him on LinkedIn.