Servers close up. Modern datacenter. Cloud computing. Blade server and storage. 3d rendering
Executive Viewpoint

Digital Staph: Secondary Infections in Cyberspace

Secondary infections now surge in the digital environments of hospitals.

Cybercriminals target the Healthcare and Public Health (HPH) Sector to infect systems with ransomware, notably Ryuk and Conti, for financial gain. Beginning last fall the Russian ransomware gang “Ryuk” targeted hundreds of hospitals in North America – knocking many hospitals offline for days.

Concern over the security of physical health and digital health is converging as cybercriminals set their targets on the healthcare industry. In the last two years, 43 percent of respondents say their healthcare delivery organization experienced a ransomware attack, according to a recent Ponemon report. Of these respondents, 33 percent  say they experienced two or more attacks. These attacks delayed critical patient care by minutes which may have resulted in deaths.

In the past, you would not typically fear for your physical safety in a hospital. However, what about your digital safety?

Today, it’s no longer science fiction. Cyberattacks corrupting connected medical devices and systems can directly threaten patient lives. A few years ago, the FDA announced that 745,000 pacemakers were vulnerable to cyberattacks.

Sensitive medical data at risk

Our medical data is very sensitive and private. Unfortunately, cybercriminals recognize the value of our medical data and will go to great lengths to extort it.

Intel471 noted that from August 2021 to December 2021, there was an increase in ransomware attacks on healthcare organizations in Europe and North American primarily led by the Conti, Cuba, Grief, Hive, LockBit 2.0, Pysa and Vice Society ransomware-as-a-service (RaaS) programs.

“Notorious network access broker “fooble” commonly offers compromised access credentials across several sectors including that of the healthcare sector,” explains Alex Keedy from Intel471. “These accesses are often derived from malware logs and automated marketplaces where stolen credentials are sold in bulk.”

From August 2021 to November 2021, the average ransomware amount demanded from healthcare organizations, according to Intel471, was about US $4 million – with a range from US $15K to US $15 million.

Challenges faced

Healthcare delivery organizations face several challenges, including:

  1. Medical device security — Medical devices are also exposed because they are connected to a greater network. Most connected medical devices do not have enough memory to have a security agent installed on them. Change management is a huge issue as you need to often get the health authority to authorize/change management with the device.
  2. API security – Digital healthcare, applications doctors and medical professionals use are often intertwined with APIs that are not always secure. Attacks on APIs are surging. They are seen as the gateway to modern environments. API security is now an imperative. Fortunately, Mesh7 is now part of VMware to help provide enterprise-class cloud-native distributed API security.
  3. AI – As the AI sector gets closer to singularity, it still has a few Achilles’ heels. One is the dependency of time for the veracity of its mission; the other vulnerability is the integrity of the inputs. As noted in our recent Global Incident Response Report, attacks on time are surging. Cybercriminals corrupt the value of time and the integrity of data. If this tactic was to be used against AI it would turn the AI on the patient and facility.

A shift in priorities is needed

“Cyber threats facing the healthcare sector are challenging, and as part of any risk management program, need to be addressed through strategic planning and thoughtful investment. It’s literally the equivalent of spending thousands now to prevent something that’s preventable or paying millions later to recover from a catastrophe,” says Errol Weiss, Chief Security Officer, Health Information Sharing and Analysis Center (Health-ISAC).

Health-ISAC Inc. is a global, non-profit, member-driven organization offering healthcare stakeholders a trusted community and forum for coordinating, collaborating and sharing vital physical and cyber threat intelligence and best practices with each other.

“Cyber security professionals need tools and information to translate these risks into quantifiable measures (i.e., dollars and cents) that senior leadership and boards of directors can understand — and then properly resource cyber security programs with the right technology and talent,” adds Weiss.

Patient care must extend to cyberspace. Here are some best practices for healthcare organizations:

  1. Deploy Application control
  2. Apply micro segmentation especially to medical devices
  3. Deploy NextGen AV
  4. Automate vulnerability management
  5. Hire an MDR firm to conduct regular threat hunting
  6. Test backups on a weekly basis
  7. Use Multifactor Authentication (MFA)
  8. Deploy API security like Mesh7

We must demand more security from healthcare providers for not only our physical well-being, but for our digital health.

Additional resources: