Vital signs: healthcare hacking shows no signs of slowing down
March 27, 2019
By Daniel Smith
Whether it’s the automotive, retail or healthcare industry, if there is money to be made hackers will find a way to exploit the systems.
In 2018 alone, more than 69 percent of healthcare providers reported experiencing at least one cyberattack. Last year, the healthcare industry dominated news with an ever-growing list of breaches and attacks. Aetna, CarePlus, Partners Healthcare, BJC Healthcare, St. Peter’s Surgery and Endoscopy Center, ATI Physical Therapy, Inogen, UnityPoint Health, Nuance Communication, LifeBridge Health, Aultman Health Foundation, Med Associates and more recently, Nashville Metro Public Health, UMC Physicians, and LabCorp Diagnostics have all disclosed or settled major breaches.
While many industries experience attacks, healthcare remains the most potentially damaging to its victims. Denial of service attacks could lead to power outages at hospitals, risking the lives of patients and the hospital’s reputation. Even without the detrimental stakes of life and death, service interruptions can cost hospitals millions in revenue. Despite the rise in popularity of cyber-focused policy in the U.S. there remains no indication that attacks on healthcare companies will slow down anytime soon.
The cost of a healthcare breach? Not priceless
The average cost of a successful cyberattack on a health system can cost nearly 1.5 million dollars. Therefore, it is no surprise that ransomware remains one of the most common attacks on healthcare systems. Ransomware is a malicious software that threatens to publish or perpetually block access to a victim’s data unless a ransom is paid. There have also been cases where ransomware and malware have been delivered via drive-by downloads and comprised third party vendors. We have also seen criminals use SQL injections to steal data from medical applications as well as flooding those networks with DDoS attacks. More recently, we have seen large-scale scanning and exploitation of internet connected devices for crypto mining, some of which has been located inside medical networks. In addition to causing outages and encrypting data, these attacks have resulted in canceling elective cases, diverting incoming patients and rescheduling surgeries.
Unfortunately, with a payday that large it is hard to deter steady attacks from hackers, especially with the ease at which they can deploy malicious software. This motivation paired with the lack of sophisticated technology and overall security awareness makes this a compound issue.
Healthcare is already behind the security 8 ball
Technology seemingly evolves at light speed, and due to its regulation-laden industry healthcare has a hard time keeping up. The rise of connected pacemakers and other medical devices has undoubtedly been a step in the right direction for patients. However, the fact remains that since these devices directly impact the health and safety of a patient, it is imperative that security is part of the core design and strong security throughout the product’s life cycle remains intact and accounted for. The lack of secure IoT devices within healthcare environments poses severe risk to patients and practitioners alike. It is critical that these devices are receiving the right data from the right source – to ensure that no mishaps occur. Patients and practitioners must be able to trust that these IoT connected devices will do what they were created and instructed to do by authorized and properly authenticated users.
Encrypt it all!
The rise of malicious attacks involving ransomware and botnets has exposed the vulnerability of the network infrastructure as well as the data in-flight. If the hackers can gain access to and control the devices that own and transport the data, then the installed security solutions lose their value.
Many of the attacks and threats that expose the network infrastructure are encrypted using SSL/TLS protocols. This burdens the inbound and outbound security solutions with the task of decrypting the communications, inspecting the network traffic, and then re-encrypting the data afterwards. This is a large resource burden that can reduce the performance of these security solutions more than 80 percent.
Because of this issue, many businesses have decided to bypass the inspection of encrypted content. A viable solution to enable the security solutions to inspect encrypted traffic efficiently is necessary to protect all sensitive data, in healthcare or otherwise.
Endpoint protection as well as perimeter and network security solutions must be used to restrict the access to the PHI only to the professionals that have the proper credentials. IT organizations must implement the latest encryption standards like elliptic curve cryptography (ECC). Malware, specifically ransomware, is rampant. Security means the medical facilities need an outbound SSL inspection solution to protect their assets from malicious sites, email, and exploits.
When the business literally affects peoples’ lives, it is essential to make sure that there is no loss of service. When lives are on the line, every second counts. The digital transformation of healthcare means that the network infrastructure must be built to be robust and resilient. Any negative impact to the delivery and security of the medical information can have profound repercussions for patient privacy and ultimately their well-being.
About the author: Daniel Smith is head of threat research at Radware.
Whether it’s the automotive, retail or healthcare industry, if there is money to be made hackers will find a way to exploit the systems.
In 2018 alone, more than 69 percent of healthcare providers reported experiencing at least one cyberattack. Last year, the healthcare industry dominated news with an ever-growing list of breaches and attacks. Aetna, CarePlus, Partners Healthcare, BJC Healthcare, St. Peter’s Surgery and Endoscopy Center, ATI Physical Therapy, Inogen, UnityPoint Health, Nuance Communication, LifeBridge Health, Aultman Health Foundation, Med Associates and more recently, Nashville Metro Public Health, UMC Physicians, and LabCorp Diagnostics have all disclosed or settled major breaches.
While many industries experience attacks, healthcare remains the most potentially damaging to its victims. Denial of service attacks could lead to power outages at hospitals, risking the lives of patients and the hospital’s reputation. Even without the detrimental stakes of life and death, service interruptions can cost hospitals millions in revenue. Despite the rise in popularity of cyber-focused policy in the U.S. there remains no indication that attacks on healthcare companies will slow down anytime soon.
The cost of a healthcare breach? Not priceless
The average cost of a successful cyberattack on a health system can cost nearly 1.5 million dollars. Therefore, it is no surprise that ransomware remains one of the most common attacks on healthcare systems. Ransomware is a malicious software that threatens to publish or perpetually block access to a victim’s data unless a ransom is paid. There have also been cases where ransomware and malware have been delivered via drive-by downloads and comprised third party vendors. We have also seen criminals use SQL injections to steal data from medical applications as well as flooding those networks with DDoS attacks. More recently, we have seen large-scale scanning and exploitation of internet connected devices for crypto mining, some of which has been located inside medical networks. In addition to causing outages and encrypting data, these attacks have resulted in canceling elective cases, diverting incoming patients and rescheduling surgeries.
Unfortunately, with a payday that large it is hard to deter steady attacks from hackers, especially with the ease at which they can deploy malicious software. This motivation paired with the lack of sophisticated technology and overall security awareness makes this a compound issue.
Healthcare is already behind the security 8 ball
Technology seemingly evolves at light speed, and due to its regulation-laden industry healthcare has a hard time keeping up. The rise of connected pacemakers and other medical devices has undoubtedly been a step in the right direction for patients. However, the fact remains that since these devices directly impact the health and safety of a patient, it is imperative that security is part of the core design and strong security throughout the product’s life cycle remains intact and accounted for. The lack of secure IoT devices within healthcare environments poses severe risk to patients and practitioners alike. It is critical that these devices are receiving the right data from the right source – to ensure that no mishaps occur. Patients and practitioners must be able to trust that these IoT connected devices will do what they were created and instructed to do by authorized and properly authenticated users.
Encrypt it all!
The rise of malicious attacks involving ransomware and botnets has exposed the vulnerability of the network infrastructure as well as the data in-flight. If the hackers can gain access to and control the devices that own and transport the data, then the installed security solutions lose their value.
Many of the attacks and threats that expose the network infrastructure are encrypted using SSL/TLS protocols. This burdens the inbound and outbound security solutions with the task of decrypting the communications, inspecting the network traffic, and then re-encrypting the data afterwards. This is a large resource burden that can reduce the performance of these security solutions more than 80 percent.
Because of this issue, many businesses have decided to bypass the inspection of encrypted content. A viable solution to enable the security solutions to inspect encrypted traffic efficiently is necessary to protect all sensitive data, in healthcare or otherwise.
Endpoint protection as well as perimeter and network security solutions must be used to restrict the access to the PHI only to the professionals that have the proper credentials. IT organizations must implement the latest encryption standards like elliptic curve cryptography (ECC). Malware, specifically ransomware, is rampant. Security means the medical facilities need an outbound SSL inspection solution to protect their assets from malicious sites, email, and exploits.
When the business literally affects peoples’ lives, it is essential to make sure that there is no loss of service. When lives are on the line, every second counts. The digital transformation of healthcare means that the network infrastructure must be built to be robust and resilient. Any negative impact to the delivery and security of the medical information can have profound repercussions for patient privacy and ultimately their well-being.
About the author: Daniel Smith is head of threat research at Radware.