Cybersecurity pros offer their 2020 predictions for healthcare
Ransomware, coupled with an expanded attack surface thanks to a proliferation of internet-connected medical devices, are among the top security concerns health players should be concerned about in 2020.
Additionally, a troubling new trend of attacking automatic software and firmware update systems, as highlighted in March 2019’s "Shadowhammer" attacks, is another vector for malware that can be hard to protect.
These trending risks are particularly important due to the proliferation of new medical technologies and because often with these technologies the stakes are higher.
"Ransomware will continue to be the biggest issue as attackers have seen the urgency they can create that can lead to payment," Dr. Saif Abed, CEO of Clinical Cyber Defense Systems, told HealthcareIT News. "Attacks will become more frequent and indiscriminate."
He predicted the "zero trust" approach would emerge as a key strategic approach, an IT security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter.
"The reality will be focusing on the basics," he said. "Know what and who are connecting to your network, identify vulnerabilities and have a patching strategy."
He noted that while much is made of the security issues surrounding medical devices it’s much bigger than that as far the broadening of the attack surface.
"Interoperability coupled with increasing M&A activity in healthcare will be larger driving factors that attackers will exploit," he said. "Unpatched IoT endpoints, whether they’re medical devices or not, will simply contribute to the porosity of networks and the ability to move laterally to maximize harm."
He explained most attackers exploit simple vulnerabilities and, unfortunately, these continue be pervasive..
"Health systems are gradually improving with more leadership in the space but far greater investment is needed in people, processes and technology to get most where they need to be," Abed said.
Mounir Hahad, head of Juniper Threat Labs at Juniper Network, told HealthCareITNews he believes ransomware would continue to pose a significant risk to many verticals, with healthcare "very near the top" of that target list.
"This is because attackers know there are lives at stake in an industry where cybersecurity is not a primary concern for most users--practitioners and staff," Hahad explained. "This makes them an easier target for social engineering attacks and also a wealthy target that cannot withstand long downtimes."
KnowBe4 security awareness advocate Erich Kron predicted that until industries can disrupt the income being generated by ransomware, the threat would continue to grow.
"The healthcare industry is especially vulnerable due to the need for timely access to medical records for treatment, the amount of sensitive data being collected and the threat of substantial fines for non-compliance and data breaches," he noted. "The attackers know this and use this to their advantage."
Kron said the biggest threat to healthcare he sees evolving in 2020 is the threat of exfiltrating and then leaking data when organizations fail to pay the ransom.
He explained that in the past, a good backup strategy, offsite copies of data and the ability to quickly restore data have been enough to avoid paying the ransom.
"However, with the threat of data being exposed, these steps, no matter how well executed can still end up with disastrous consequences," he said. "Just the fact that they attackers can exfiltrate data and have the keys to decrypt it will be a major concern with respect to HIPAA violations in future events."
Meanwhile, cellular 5G technology will allow a much larger proliferation of IoT medical devices as we enter 2020, and the security implications of this are enormous.
"A lot of processing of information will move closer to the edge of networks and will be disaggregated for scale and performance, shining a light on new attack surfaces," Hahad explained.
Kron pointed out that as more equipment is introduced to hospital networks, the ability to monitor, patch and secure devices becomes exponentially more difficult.
"In addition, the increasing complexity of connected equipment significantly raises the stakes with respect to failures in these areas," he said. "Not only do we need to be concerned about taking a connected pump offline or disrupting monitoring stations, we are also having to concern ourselves with securing immensely more complex systems such as surgical robots."