Introduction:
1、How hospitals can protect themselves from cyber attack
2、Cybersecurity in healthcare: How hackers get in and how organizations can protect themselves
How hospitals can protect themselves from cyber attack ♂
Hospitals and health care systems have become a major target for hackers. The announcement that LifeLabs, Canada’s largest medical testing company, paid a ransom to retrieve the data of 15 million patients is just the latest in a string of cyber attacks aimed at stealing data or extracting money from health care organizations.
In September, the computer systems of three Ontario hospitals were crippled by a ransomware virus, an attack in which hackers encrypt data and demand payment to unlock it. And earlier in 2019, a similar attack hit Health Sciences North, shutting down computer systems across northern Ontario.
Hospitals are a popular target for several reasons, says Mark Gaudet, a cybersecurity expert at the Canadian Internet Registration Authority (CIRA). For one, they hold a great deal of valuable confidential data, and the move to electronic medical records has made those data more vulnerable. Hackers can get around $1 per record if they sell them in bulk, or up to $1000 for the records of specific people, he says.
Even if the hackers merely lock the data, hospitals can’t afford to lose access for long and might be more willing than other organizations to pay a ransom. “We provide life and death services,” says Dr. Joshua Tepper, CEO of North York General Hospital. “For that reason, we’re perceived as a high-value target.”
According to Gaudet, hospitals are also a relatively easy target because they have a “broad attack surface.” It’s hard to control physical access to equipment, he explains, and many medical devices use older operating systems that are difficult to update and easier for hackers to exploit.
But the biggest vulnerability for health care systems and hospitals is the same as for any other organization targeted by hackers, Gaudet says. “The main vector for attacks is people, through phishing or the more targeted spearphishing attacks,” in which hackers gather information using deceptive emails or websites, he explains. “Ninety percent of breaches start with a person.”
Health care workers seem to be more vulnerable to these kinds of attacks than others. One American study found that health care workers clicked on one out of every seven simulated phishing emails — a worryingly high rate, according to Gaudet.
That seems to be the cause of the September attack in Ontario that affected Michael Garron Hospital in Toronto. The virus spread from a single corporate laptop — likely someone clicked a link in a scam email or website, says Shelley Darling, director of communications for the hospital.
Although the attack did not lead to any patient information leaving the hospital’s system, nor any payment to the hackers, the effect on hospital operations was severe. It took 10 days to restore access to most systems including electronic medical records, and even longer to restore some less critical systems, says Dr. Patrick Darragh, the hospital’s chief medical information officer.
In response to the attack, the hospital required all staff to take further training in cybersecurity and beefed up its firewall, says Darragh. According to Gaudet, such steps can reduce the risk of future incidents substantially. He says the training offered by CIRA, for example, which includes simulated phishing attacks, can decrease clicks on malicious links by two-thirds. “Hospitals need to create a cybersecurity culture,” says Gaudet. “They already do a good job on privacy and data management, but on cybersecurity they have a long way to go.”
Even with strong firewalls and fully trained staff, future breaches are probably inevitable. Tepper says hospitals need to have procedures in place to minimize the disruption, as they do for any other emergency, like a fire or flood. In the attack on Michael Garron Hospital, for example, email and pagers were affected, so it was difficult to disseminate information throughout the hospital quickly. Darragh says the hospital collected cellphone numbers, which are now kept on a list for future emergencies. And with electronic records unavailable, the hospital needed to ensure that all staff, particularly younger staff, were able to revert to using paper charts.
Cybersecurity in healthcare: How hackers get in and how organizations can protect themselves ♂
This audio is auto-generated. Please let us know if you have feedback.
As technology advances at a rapid pace, even the most sophisticated organizations struggle to keep up — especially when it comes to cybersecurity. Many healthcare organizations still operate on outdated systems, exposing them to increasing cyber threats. In 2024, these issues have escalated, bringing healthcare cybersecurity to a critical juncture.
This year, cyberattacks on healthcare organizations have dominated headlines, heightening public awareness and drawing urgent attention from executives and boards who now grasp the far-reaching risks to their customers, partners, business and reputation. A recent study by Bain & Company and Klas Research found that 75% of healthcare providers and payers increased their IT spending after major attacks in early 2024.
Why healthcare?
According to Palo Alto Networks’ Ransomware Review for the first half of 2024, healthcare has become the second most targeted industry globally, according to data from threat actor leak sites. This spike is alarming but not surprising, as healthcare organizations are uniquely vulnerable for three key reasons:
Real-time patient care: Any disruption to healthcare services has immediate, potentially life-threatening consequences, making organizations desperate to avoid downtime.
Sensitive data: Healthcare providers store highly valuable protected health information (PHI), which is a prime target for cybercriminals.
Complex ecosystem: The extensive web of partners and third-party vendors that also need to use healthcare organizations’ networks (e.g. tech providers, internet of things, etc), allows multiple entry points for bad actors, and means a disruption can cause a ripple effect against multiple entities.
These factors make healthcare a particularly attractive target for hackers seeking financial gain through extortion or espionage by stealing patient data, ransoming organizations or selling sensitive information.
How criminals are getting in
For healthcare attacks, the top initial access points leveraged by cybercriminals are phishing, information-stealer malware and unpatched systems with weak user credentials. The top threat types in healthcare include Distributed Denial-of-Service (flooding a network or server with traffic to make it inaccessible or degrade its performance), supply chain attacks, web application attacks, ransomware, data breaches and insider threats.
These attacks are happening through greater exploitation of vulnerabilities on a mass scale, with increasing speed. Through my work with Unit 42, we’ve seen that in nearly 45% of incident response cases, attackers have exfiltrated data in less than 24 hours. Previously, organizations had some time between disclosure and patching; that is no longer the case as attackers can scan for and weaponize vulnerabilities in mere minutes or hours.
There has been significant upticks in extortion, often accompanied by ransomware. In these cases, cybercriminals may demand payment in exchange for returning system functionality or not exposing critical patient information. Numerous cybercrime groups are targeting healthcare today, such as LockBit 3.0, BianLian, Inc., and Medusa – who are collectively responsible for more than 50 unique compromises from January through April in 2024.
What healthcare organizations can do
To strengthen their defenses, healthcare organizations must adopt a proactive approach:
Increase visibility
To protect your organization, you need complete visibility of both internal and external attack surfaces as they constantly evolve. This includes a clear understanding of data from endpoints, applications and identity sources across headquarters, data centers, cloud environments and remote locations. Collection of threat telemetry and monitoring across all these areas is critical.
Reduce complexity
Consolidation and integration are key to simplifying your security architecture. Forensic investigation often reveals valuable information in logs, but this data is difficult to leverage when siloed or spread across too many disconnected systems. A fragmented approach to prevention, detection and response adds unnecessary complexity, making it harder to act quickly.
Drive real-time response
Technological advancements enable real-time responses by correlating telemetry from across your enterprise. Automating threat detection and prioritization helps security teams focus on the most critical issues, reducing manual effort and improving overall response times. This capability is essential for identifying and containing incidents before they escalate.
评论已关闭