[ad_1]
In February 2021, with the COVID-19 pandemic raging, the Australian Cyber Security Center (ACSC) released its Health Sector Snapshot for 2020, saying: “Covid-19 has fundamentally changed the cyber threat landscape for the health sector, with malicious actors increasingly targeting and compromising healthcare networks, which are already under pressure in a pandemic operating environment.”
Given the chronic staff shortages currently affecting Australian hospitals, it has never been more important for healthcare providers to ensure their networks are protected from malicious cyber actors seeking to disrupt essential services or compromise business-critical systems in order to profit from the ransom.
The healthcare sector is not alone among critical organizations experiencing ransomware attacks. According to Clarotti’s report, The Global State of Industrial Cybersecurity 2021: Resilience Amidst Disruption, 80% of critical infrastructure organizations worldwide experienced a ransomware attack during the year.
Any attack on critical infrastructure can lead to public disruption or even life-threatening consequences, but healthcare organizations are particularly vulnerable. A vital life-saving procedure may be delayed, monitoring equipment may fail to report a change in vital signs, or transport of a critically ill patient may be disrupted.
Lessons from Germany
The ACSC report describes a case in Germany where a ransomware attack disrupted a healthcare organization’s computer systems and, as a result, someone who was taken to hospital by ambulance was diverted to another hospital 30 kilometers away. They died on the way.
The Ponemon Institute surveyed 597 IT and OT security professionals in 2021 to understand how COVID-19 has affected the way healthcare organizations protect patient care and patient information from increasingly virulent cyber attacks, particularly ransomware. Nearly one in four healthcare providers reported an increase in the death rate due to ransomware.
The findings were described as “an urgent wake-up call for the healthcare industry to transform its cybersecurity and third-party risk programs or risk patients’ lives.”
Healthcare organizations are a prime target for cybercriminals. So what can security teams do to counter these threats and protect their organizations and their patients?
Identifying vulnerabilities
A growing source of vulnerability is the Internet of Medical Things (IoMT), which refers to the many devices that deliver drugs, aid in diagnosis, and monitor patients, which are increasingly connected to the Internet. Many of these devices are known to have vulnerabilities, but are difficult or impossible to patch. Relying on old and unsupported versions of Windows is also common.
A recent report by Cinerio found that 53% of connected medical and other IoT devices in hospitals have a known critical vulnerability. It also found that a third of IoT healthcare devices at the bedside, which patients depend on for optimal health outcomes, have a known critical risk.
Poor security management also exacerbates these risks. IoMT devices are rarely part of the overall security management process and in many cases are not the responsibility of the security team, so they are not audited for issues such as weak passwords or default credentials.
IoMT devices are now generally connected to each other and to hospital IT systems via a shared physical network, but little use is made of network segmentation, which would make it difficult for an attacker to gain access.
All these issues must be urgently addressed when the healthcare system is already stretched to its limits due to COVID-19. So what can be done? Here are some suggestions that will provide a significant increase in security with minimal effort.
Top tips
- Identify all IoMT devices and add them to the security management process. This requires dedicated technology as such devices are often invisible to traditional security tools. If a comprehensive audit is not possible, the most critical devices and processes should at least be prioritized.
- Identify and patch as many vulnerabilities as possible. Also, implement other tools such as firewalls and access control lists as a second line of defense.
- Perform network segmentation. Ideally, this should be done physically; however, this can take a long time. As a powerful alternative, virtual segmentation can be implemented much faster and also allows suspicious activity to be detected and remedied more easily. In addition, enforcing policies that govern network access for specific users, devices, and sessions will limit unnecessary and possibly malicious connections.
- Monitor all IoMT devices for evidence of malicious activity. Specialized security tools are capable of constantly monitoring the IoMT network in the background and automatically flag any suspicious activity. By their very nature, these tools are far faster and more effective at mitigating threats than any human is capable of.
Australian government bodies offer several resources to help healthcare organizations strengthen their cyber security. Some key resources include two reports from the Therapeutic Goods Administration, Medical Device Cybersecurity Guidance for Industry, and Medical Device Cybersecurity Information for Consumers.
All Australian healthcare professionals must remember that cyber security equals patient safety. Healthcare security professionals should take escalating threats very seriously.
It is essential that hospitals receive the necessary investment to give their security teams better visibility, and therefore a better ability to protect against attacks. This minimizes the possibility of lives being lost due to medical equipment being affected by ransomware or other threats.
[ad_2]
Source link