Rick McElroy, head of security strategy at Carbon Black, discusses how regular education of employees, greater awareness of modern threats and the prospect of building out larger threat hunting teams can all go a long way in helping to curb attacks against healthcare providers.
It would appear from the daily stories that we read in the media that many healthcare organisations are fighting a losing battle, as insider threats and cyber criminals intent on gaining unauthorised access to patient medical records continue to threaten an industry that is struggling to protect critical patient data.
Without a doubt, the NHS generates swathes of data that has the potential, if in the right hands, to help patients better control their own health outcomes while enabling health professionals to take better care of their patients. However, in the wrong hands this data can have devastating consequences, putting individuals and NHS Trusts at risk. In fact, the potential real-world effect these attacks can have is substantial. You only have to look at both the WannaCry and NotPetya ransomware attacks of 2017 to see the devastating impact as these cyberattacks crippled computers in hospitals across the UK and, according to a report from the Department of Health published in 2018, cost the NHS £92 million.
WannaCry hack cost £92m and more than 19,000 cancelled appointments
The WannaCry hack, which shut down hundreds of thousands of computers around the world with messages from hackers demanding ransom payments, hit a third of hospital trusts and around 1% of all NHS care was disrupted over the course of a week. The hack caused more than 19,000 appointments to be cancelled, costing the NHS £20 million immediately and £72 million in the subsequent clean-up and upgrades to its IT systems.
Cyber attackers have the ability to access, steal and sell patient information on the dark web. Beyond that, they have the ability to shut down a hospital’s access to critical systems and patient records, making effective patient care virtually impossible. And, with increased adoption of medical and IoT devices, the surface area for healthcare attacks is becoming even larger. The problem has been further compounded by limited cybersecurity staffing and stagnant cybersecurity budgets in the industry.
The silver lining has been that awareness of the problem has never been higher. While the industry has traditionally lagged when compared with, say, finance or retail, the healthcare ransomware attacks of 2017 acted as a stark reminder of the impact such attacks can have.
Healthcare cyber heists in 2019
At Carbon Black, we have recently undertaken research in collaboration with 20 of the industry’s leading healthcare CISOs to investigate the state of cybersecurity in the healthcare industry. We were keen to determine how attackers have evolved over the past year and the biggest concerns CISOs face. We found that almost all (83%) of surveyed healthcare organisations said they’ve seen an increase in cyberattacks over the past year. And 66% of the respondents said their organisation was targeted by a ransomware attack, with 66% saying that all attacks have become more sophisticated. Nearly half (45%) said they’ve encountered attacks where the primary motivation was destruction of data.
In light of these findings, below are our five key recommendations that we would like to share with healthcare organisations to help in their fight against such cyberattacks:
- Increase endpoint visibility. With the growing sophistication of attacks, CISOs need to look at any connected asset as a potential target. This includes electronic medical record systems, medical devices, payment processing systems, and more.
- Establish protection from emerging attacks. With the potential attack surface growing and evolving quickly, healthcare organisations need to stop as many attacks as possible before they breach the network perimeter. This means leveraging a variety of technologies from whitelisting to streaming analytics to behavioural prevention.
- Run automated compliance and vulnerability assessments. With the risk of supply chains being attacked and NHS organisations subsequently compromised CISOs should be auditing systems regularly and establishing remediation steps across all their security infrastructure.
- Work with healthcare-focused MDRs if needed. There are a variety of managed detection and response service providers out there who specialise in the unique challenges faced by healthcare organisations. When resources are short, these shops can quickly improve your security posture.
- As always, backup your data. Destructive attacks, including ransomware, don’t need to destroy your business. Employ best practices for data backup to ensure your data is never at risk.
Prevention is the best cure
In healthcare, prevention often stands to be the best cure. This holds true for both physical and digital health. A person’s digital (and often physical) health can be directly tied to the cybersecurity posture of their healthcare providers. Good posture means patient data and healthcare infrastructure systems are in a robust state and can do their job with low risk of disruption, while poor posture risks interruptions to patient care and loss of critical personal data.
And, for these healthcare providers, it appears some progress is being made. Regular education of employees, greater awareness of modern threats and the prospect of building out larger threat hunting teams can all go a long way in helping to curb attacks. As we’ve learnt from our survey it does not appear that the volume and frequency of attacks will be abating anytime soon. Therefore, extreme vigilance among healthcare security teams will be required to help stem the tide in 2019 and beyond.