A ransomware attack knocked a German hospital’s systems offline earlier in September – turning away a patient with a life-threatening condition. She had to be taken to a hospital 20 miles away, fatally delaying her treatment by an hour.
This is reportedly the world’s first death linked to a cyber attack. As threats against healthcare mount, how can organisations ensure the resilience of their systems?
Cyber threats are incredibly serious, and must be tackled properly. Allan Liska, Recorded Future’s threat intelligence analyst, discusses today’s security challenges and how healthcare providers can guard against them.
Unpatched legacy systems
The healthcare sector hasn’t been very prepared for today’s risks, says Liska. Part of that is the “nature of healthcare”, he adds.
Many systems are vulnerable to attack due to unpatched vulnerabilities. But patching is a challenging task as devices are required to stay online and available, especially in emergency care. In other situations, they can’t be patched because they require vendor approval, he says.
During the pandemic, more resources have been dedicated toward Covid-19 response. Hospitals in the United States are also bringing in less money because less elective procedures are fulfilled, says Liska.
That means upgrades or patches to healthcare infrastructure “aren’t necessarily happening”, he adds. Security staff, especially in the United States, may also be laid off, further compounding the problem.
A lucrative target
Healthcare remains a highly valuable target for malicious actors, says Liska. “Medical records still command a high dollar value on underground markets. That’s in part propped up because nation states are very interested in medical records,” he adds.
Wearables have also grown increasingly popular. There isn’t enough information yet to know how much of a risk wearables pose – but there definitely are security considerations, he adds.
Back in 2018, geolocation data collected via wearables and smartphones revealed the location of secret US army bases. Also, “if you’re sharing sensitive data with a hospital through your wearable, can that data be intercepted?” says Liska.
Understand the landscape and prioritise threats
“At any given time, there are hundreds of threats out there,” and it is impossible for organisations to defend against all of them, Liska says.
Healthcare providers must understand what the threats are, and the likelihood of those threats to that organisation. That allows them to prioritise the most likely threats and allocate resources to that front, he adds.
Recorded Future provides healthcare organisations with this information to help them better prioritise their threat response, says Liska. This narrows down the threat landscape and saves analysts the trouble of hunting down false positives.
The company uses automation to ingest masses of data from a variety of sources like social media, code repositories, or invite-only dark web sites. Machine learning is constantly on the lookout for new sources of data, while AI correlates all the different datasets and provides organisations with a coherent view of the threat landscape.
Apply compensating controls
If healthcare organisations can’t patch legacy systems, Recorded Future helps to implement “compensating controls”, Liska says. Network segmentation is one such control that divides the network into smaller parts, stopping harmful traffic from reaching legacy systems.
The company also feeds its threat indicators into their system to help make these controls more effective. This “builds a wall around those vulnerable systems” and helps them prepare for any impending threats, he adds.
In today’s digital age, security has become a matter of life and death in healthcare. Organisations must shore up their defenses and prepare for what’s to come.