By Nicole Bucala, vice president of business development, Illusive Networks
Cyber-attacks against the healthcare sector have been making headlines lately, ranging from attacks on coronavirus drug makers to telehealth and IoT devices. One of the largest medical cyberattacks in U.S. history occurred in September when Universal Health Services was hit with what appears to be a ransomware attack, affecting the company’s 400+ locations for several days. The hospital system’s medication system was all online, making treatment difficult. The staff had to revert to using pen and paper, including hand-labeling medicines, which isn’t just arduous and inefficient; it also increases the potential for mistakes.
Healthcare organizations continue to have the highest average costs associated with data breaches. The 2020 IBM Cost of a Data Breach Report found that the average healthcare data breach costs $7.13 million, up 10% from the year prior.
As this sector becomes a bigger target for bad actors, it’s important to evaluate some of the biggest vulnerabilities and how these can be combatted with an active defense approach.
Ransomware On The Rise
Attackers in search of profit breach the IT network with ransomware, locking down files, shutting down systems, and holding them hostage until the victims pay to get their assets back. Unfortunately, these hospitals may be filled with COVID-19 victims, operationally already at the brink of disaster. Any margin of error on hospital operations is highly likely to cost lives, as it did in Dusseldorf, Germany when a ransomware attack hit its University Hospital in September. The malicious software encrypted 30 servers, with an extortion note left on one of them. The hospital’s systems gradually crashed, and the staff wasn’t able to access data. Due to operational re-routing of emergency patients, a woman in need of life-saving treatment died.
Nation-State Attackers Continue To Wreak Havoc
Nation-state attackers operate under a variety of mandates: sow confusion and discord during election cycles, steal corporate IP, and so on. These days, they are engaged in this generation’s “space race” to be the first to triumph with COVID-19 prevention or therapy. They are trying to steal priceless patient data, clinical trial, or other COVID-related insights from hospital IT networks. In early October, for example, medical software company eResearch Technology was hit with a ransomware attack believed to have been orchestrated by a nation-state actor. The Philadelphia-based company supplies pharmaceutical companies with tools for conducting clinical trials, and the attack slowed down a number of them, though the company hasn’t said how many customers were affected.
Medical Devices And The IoT
Though it may seem far-fetched, cyber-terrorists can disrupt the normal functionality of medical devices such as MRI machines, insulin pumps, and other machines and equipment. Even a slight malfunction on such a device can lead to patient illness or even immediate death. Due to the FDA approval process they must go through, these devices aren’t able to be patched by traditional cybersecurity technologies, and a typical security solution like endpoint detection and response (EDR) that’s agent-based can’t be deployed on them.
This isn’t a new concept. As far back as 2013, at least one well-known hacker was demonstrating the ability to hack into insulin pumps and warning about cardiac implant cybersecurity. The latter concern came after an episode of Homeland featured a terrorist hacking into a politician’s pacemaker to instigate a heart attack. Though Internet of Medical Technology (IoMT) device makers go to great lengths to secure their products, cybercriminals continue to show the lengths they will go to to achieve their goals.
How Deterministic Approaches Like Endpoint-Based Deceptions Help
These threats are serious, but they are not insurmountable. To beat an attacker, you need to think like an attacker. When a security team thinks like an advanced attacker, it can know what the attacker is after and can focus on those assets. As far back as 2015, experts were recommending shifting the IT security budget ratio of prevention to detection and response from a 90%-10% split to a 60%-40% split. Detection has become a critical aspect of security.
IT security teams need to implement an active detection campaign that includes the ability to seek lateral movements within the network. Deception technology is a category of security tools designed to detect attackers who are already in the network and prevent them from doing damage. It works by distributing deceptions that mimic genuine IT assets throughout the network. Instead of relying on traditional signatures, deception technology alerts are generated by real attacker movements within a network.
This happens in real-time and means there are no false alerts. The IT team knows exactly what’s happening and can mitigate the attack, protecting the computer systems that keep people alive.
A Well-Rounded Security Point Of View
For the foreseeable future, cyber attackers will be focusing ever more of their efforts on the healthcare industry, targeting valuable, confidential, and life-saving information. As fast detection and response are crucial in these types of attacks to prevent loss of life, automation and deterministic alerting over anomaly-detection based methods will be preferred. In addition, being able to view the attack landscape, map attack pathways, and know where the high-risk critical assets are will be fundamental for building a strategy for pre- and post-breach penetration. Use the guidelines above to make sure your organization has the understanding and tools needed to defeat healthcare hackers.