Connected devices, legacy systems leave hospitals wide open to cyber attack
The spread of Internet-connected medical devices, combined with insufficient access controls, has helped enable a rapidly growing attack surface that's highly vulnerable to cyber attack.
WHY IT MATTERS
Those were among the findings of a healthcare security report published by network detection specialist Vectra, which also warned of unpartitioned networks and the reliance on legacy systems.
Lapses in the proper implementation of a security plan, or gaps in policies and procedures, could also result in errors by staff members, creating a soft spot for attackers to exploit.
These are all vulnerabilities that could be exploited by cybercriminals bent on stealing personally identifiable information and protected health information – activity that could also play havoc disrupting healthcare delivery processes.
The study, based on network traffic data monitored by Vectra over a six-month period, found the most prevalent method attackers use to hide command-and-control communications in healthcare networks was hidden HTTPS tunnels.
The report also noted a spike in behaviors consistent with attackers performing internal reconnaissance in the form of internal darknet scans and Microsoft Server Message Block account scans.
Internal darknet scans occur when internal host devices search for internal IP addresses that do not exist on the network. SMB account scans occur when a host device rapidly makes use of multiple accounts via the SMB protocol that is typically used for file sharing.
The report noted machine learning and artificial intelligence could assist healthcare organizations in better securing networks, workloads and devices, and provide data security by analyzing behaviors across systems.
Many unsecured legacy systems still exist, and downtime for patching is a challenge in environments that run 24/7, according to the report, which noted healthcare networks have a 3:1 ratio of devices to people and found any device with an IP address can connect to the network.
The report found the most common method attackers use to hide data exfiltration behaviors in healthcare networks was hidden DNS tunnels.
While many healthcare organizations experienced ransomware attacks in recent years, the report found that ransomware threats were not as prevalent in the second half of 2018.
THE LARGER TREND
Meanwhile the healthcare security market is poised for major growth – up to $8.7 billion by 2023 according to a Frost & Sullivan study released this week.
The growth would be driven largely by new purchases and deployments as healthcare organizations realize that emerging tech such as internet-of-things, cloud hosting and artificial intelligence are only adding to the complexity of safeguarding patient data.
And as the Vectra report highlights the critical importance of identity and access management controls, a case study this week in Healthcare IT News offers an object lesson in the ROI that can be found in forward-thinking deployments of those technologies.
ON THE RECORD
"Healthcare organizations struggle with managing legacy systems and medical devices that traditionally have weak security controls, yet both provide critical access to patient health information," said Vectra head of security analytics Chris Morales in a statement.
"The increase in medical IoT is beneficial for patients but makes securing healthcare systems a challenge due to limited security controls around these devices," added Brett Walmsley, chief technology officer at Bolton NHS Foundation Trust, in a statement supplied by Vectra. "Having the visibility to quickly and accurately detect threat behaviors on and between all devices is the key to good security practice, regulatory compliance and managing risk."
Nathan Eddy is a healthcare and technology freelancer based in Berlin.
Email the writer: firstname.lastname@example.org
Healthcare IT News is a HIMSS Media publication.