Fending off cyberattacks: healthcare institutions build up their defenses

July 30, 2020
IT administrators must develop a proactive stance to ensure cybersecurity footprint

Cyberattacks against healthcare providers and institutions on the rise. There has been a notable spike in the past few months of these outbreaks which can be linked back to the rise in COVID-19 cases. At a recent American Bar Association event, a Justice Department official stated that the healthcare industry is seeing a rise in attacks to gain valuable research information. Google reports a rise in malware and phishing emails related to COVID-19. And studies by Bitdefender indicate that the cyberattacks at hospitals rose by almost 60 percent in March over February along with a sharp spike in ransomware attacks in February, March and April.

When combined, these data points paint a clear picture of cybercriminals using this pandemic for their own gain by taking advantage of healthcare institutions who are overwhelmed by COVID-19 patients. With staff working remotely – and on perhaps more vulnerable computers – the rapid deployment of virtual or telemedicine solutions and the hasty addition of new devices and equipment on the network, it is even easier for these individuals to find a vulnerability.

Rather than watching their defenses crumble underneath this continuous onslaught, healthcare institutions and hospital IT departments are fortifying their defenses while they handle the influx of patients. And these steps will continue to be integral to the future of the healthcare system as technology plays a significant role in the “new normal” of healthcare operations.

Reducing vulnerabilities: Why unsecure medical and IoT devices present a significant threat to clinical networks 

Similar to how the nurses, doctors, and caregivers are working hard to provide quality patient care, the IT department dedicates extra effort to protect against the rise in cyberattacks and securely connect new devices to the network. Healthcare IoT and medical devices are increasingly in use, with Gartner predicting healthcare provider IoT revenue to rise from $25 billion to $29 billion. These devices range from patient tracking wristbands, equipment tracking for crash carts, ventilators, portable X-ray machines, and vital-sign monitors and individual wearables. All of these devices communicate across the hospital network providing doctors with valuable patient information that is entered into electronic health records (EHRs). The transmitted data allows for doctors to provide more affordable care and for limiting their exposure to potentially infected patients. Clinicians can work faster and in safer conditions. And each of those devices acts as an entry point for cybercriminals to exploit.

IoT devices are extremely vulnerable as is evidenced by the most recent threat of Ripple20. Hundreds of millions of devices are suspectable due to the use of the Treck TCP/IP software library. This widely used software library means that devices used in various industries – including healthcare – can be easily hacked. Now, the most direct and instant thought of fixing the issue would be patching these devices. However, that will take significant time for each manufacturer to create a patch and for IT administrators to patch these systems.

Yet IT cannot wait for patches either. Time is a critical factor for all healthcare institutions as Ponemon Institute research found that most data breaches are not found for 55 days at a hospital. A significant period of time where the activity on the network, including devices connected to a patient is vulnerable. And when each endpoint or device increases the risk exponentially of a cybercriminal getting access to information, the risk to a healthcare institution skyrockets. The attackers know that hospital networks are complicated where IT has little visibility into what is connected to the network, where they are located and who is using them. This leaves IT, administrators, with only one way to reduce vulnerabilities by getting proactive.

Building up defenses: How IT leaders can better manage their network of devices to protect against outside threats

When counteracting the vulnerabilities, IT administrators need to shore up their defenses and plug the holes that cybercriminals use to worm their way into a network. An in-depth approach of three steps will build up a hospital’s IT strength to fight off cyberattacks proactively.

1.   Visibility

It all starts with visibility into the network. Hospitals must know what is connected to the network at any given time as they can’t protect what they don’t know about. Using deep packet inspection (DPI) technology, IT administrators can discover the connected medical and IoT devices at their location. The detailed information of location, status, and security posture is essential to creating a strong defense – and it must be a continual data collection effort, not just a point in time. This understanding is fundamental and not only assists with security, it facilities ongoing management, capital planning, and maintenance for patches and updates.

While this sounds simple and part of normal IT operations, this initial step is not common across healthcare institutions. And in these unprecedented times of COVID-19, the greater likelihood of devices being added and not tracked is highly likely. This makes it difficult for IT to have a clear picture of each device and its unique vulnerabilities.

With insight into what devices are on the network, then IT can monitor its behavior and determine whether it is adequately protected.

2.    Monitoring

Effective monitoring of devices and their interactions with the network allows for IT to find any anomalies and, if needed, block them to prevent data exfiltration. It is more than just know what it is on the network – it is about understanding how the device behaves, interacts, and communicates. Visibility into the devices as well as manufacturer documentation assists in creating the baseline of its protocols. Thus, when there is a break in the pattern of how it is operating, it can be easily detected and contained before it spreads.

For example, Torrance Memorial, a hospital in the Los Angeles area, faced a potential threat with the Urgent/11 threat earlier this year. By conducting and inventory risk assessment quickly, the hospital’s team had greater insight and visibility into their devices. And while the Urgent/11 threat was a non-issue, the team is prepared for other concerns as they arise through continuous monitoring and implementing remediation policies as needed.

3.    Segmenting

The final step is creating a solid defense is the use of segmentation. Pre-defined policies assist in containing the impacts of successful attacks. This, along with the adoption of baseline segmentation measures, controls the attack surfaces. Segmentation enriches the existing actions of firewalls and other defenses for a comprehensive security solution.

An integrated, proactive security approach is critical to creating a strong defense against cybercriminals who are intent upon stealing patient and hospital information – even at the time of a pandemic. IT can have greater confidence in provisioning new devices onto the network to handle the influx of patients and the demands of the nursing staff.

About the author: As CEO and co-founder of Medigate, Jonathan Langer leads the vision and strategic direction for the company. He brings nearly two decades of cybersecurity experience to Medigate. Formerly a leader in the Israeli Defense Intelligence Corps, Jonathan commanded a team of technical analysts focused on the research of cyber-related domains.