According to experts, the coronavirus is not only a threat to human health: healthcare providers are also the target of an increasing number of cyberattacks.
As in most infected countries, the Covid-19 pandemic pushed the American healthcare system to its limits. But it’s not the only threat the industry has faced: cyber attacks, especially ransomware attacks, have escalated as the epidemic has grown. The target: IoT medical devices and health networks. According to Chris Sherman, analyst at Forrester Research, two American hospitals have already been attacked via virtual healthcare systems: a hacker targeting a vulnerability in an IoT medical device (a remote patient monitoring sensor) managed to access the databases patient data from these hospitals. In another kind of attack, Fresenius Group, a manufacturer of medical devices and one of the largest private hospital operators in Europe, was the victim of ransomware. “It is clear that attackers are increasingly focusing on medical devices,” said Mr. Sherman. “Their actions target any system exposed to the Internet, which is worrying, given the vulnerability of most health networks,” added Sherman.
It is difficult to say exactly how much of these attacks have increased since the pandemic, but most experts agree that there is most likely a correlation. Some reports estimate that there have been 3 to 5 times more attacks, compared to what happened before, but Sherman argues that these figures could be slightly exaggerated. Healthcare providers are prime targets for ransomware attacks for several reasons. First, all too often, IoT medical devices are poorly protected against intrusion, as pointed out by Stew Wolfe, cybersecurity manager at NTT Canada. “Most of these materials were not designed for safety. They are just protected by default passwords written in a manual that anyone can find on the Internet, ”he said. But it also points to another disturbing physical security defect. Many hospital and clinical services are open to the public, which means that direct access to these unsecured devices is not very complicated. “It is even fairly easy to access,” warned Wolfe. “Anyone can walk around areas where access should be more strictly monitored.”
Sherman also believes that the increasing use of telehealth and virtual care systems has opened up a very tempting new front for cybercriminals. These previously isolated systems operated only on local hospital networks. “But now they are used for telemedicine outside the hospital, and that is too concerned with safety,” he added.
However, at this point, not all analysts are convinced that the healthcare industry has become a particular target for hackers. Gregg Pessin, director and senior analyst at Gartner Research, does not deny that hospitals and clinics can be victims of ransomware, but phishing attacks represent the greatest threat vector, without the need for specific targeting . “In most cases, the health sector is not specifically targeted. Malware is simply sent to the world, and it’s when an employee clicks on a malicious link that it can, like in any business, endanger their organization, “he said. However, given the critical mission and the urgent need for medical networks, ransomware attacks on healthcare providers can make criminals money. A hospital cannot do without operational systems to carry out its critical patient care mission. He cannot afford to spend time recovering his systems and he may be tempted to pay the ransom.
Network segmentation is a very good way to protect against security flaws in IoT devices, and the method can interest health providers. “Segmentation helps ensure that potentially vulnerable operational devices are not connected to the same parts of the network as computer systems that need access to sensitive data and infrastructure,” said Mr. Pessin. But before implementing this segmentation, the health organization must know its network well and have visibility on all the devices present on the network. Gartner analyst adds that many healthcare providers are already investing in inventory and tracking software that can independently detect IoT devices connected to the network and see if they behave suspiciously or not.
“It is also essential to update devices that have this functionality,” said Sherman. Likewise, it is very important to update older systems affected by known vulnerabilities, especially those that cannot be updated remotely. “These operations require some expenses, but it is really necessary,” he said. Finally, according to Wolfe, the mere fact that the company is aware of the security threats hanging over its network is also a good asset for combating them better. “Train your doctors and nurses to recognize malicious email, and work with medical device maintenance teams in hospitals to improve their safety and better protect them from these threats,” he added.