[BreachExchange] Hospitals – Ransomware targets

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jan 25 19:01:07 EST 2018


You may not notice this every day, but hospitals and medical devices are
constantly under attack.

One would expect hospitals to have robust cybersecurity strategies,
however, many enterprises are still using outdated solutions. Lack of
budget, resources and complicated infrastructure make hospital networks a
challenge to protect. Consequently, they operate under less-than-ideal
circumstances when it comes to online security and protection of their
data. In this guest post, Yariv Fishman, product manager at an IT security
company, offers three things hospitals can do to protect their network,
patient records and medical equipment from ransomware and other malware
cyber attacks.

Last year, the notorious ransomware Wannacry infected two Bayer medical
devices and left hundreds of hospitals with paralyzed computer systems.
Although this is the first time ransomware is known to have directly
affected medical equipment, hospitals are all too familiar with attacks
against their network.

Hospitals have proved to be lucrative targets for cybercriminals.
Ransomware has the ability to hold vital medical equipment hostage. Without
access to pace makers, heart monitors, feeding tubes and more, hospitals
have no choice but to pay the ransom if attacked. With infinite amounts of
medical records and patient information, implementing threat prevention
methods is not an insurance policy – it’s security against the inevitable.

Recently, Heritage Valley Health Systems, located in Pennsylvania,
underwent a ransomware attack. Not only did the attack affect the main
hospital, it also affected multiple satellite clinics. Surgical procedures
were postponed and operational adjustments were put in place until the
network could be brought back online. While the down time procedures left
many patients frustrated, the consequences of the attack could have been
much more devastating.

In response, the hospital implemented corrective measures to ensure there
wouldn’t be a breach of this caliber in the future. The destructive
potential of a ransomware infection in a hospital is a healthcare nightmare
scenario. An infiltration is much more costly than leaked data; patients’
lives are at stake. Rather than implementing solutions after the fact,
hospitals should look toward proactive methods to prevent future attacks
from affecting them.

The growing use of IoT devices will likely make this attack vector an
increasingly attractive target in the future. Potential ransomware can
infiltrate a network through multiple avenues, the most common being human
error and phishing. As IoT systems become more widespread, cybercriminals
will continue to find creative ways to gain the upper-hand on their
victims. Although the current situation is unsettling, there are prevention
measures that can help organizations avoid future attacks.

How to protect your hospital’s network

Implementing the following recommendations will help hospitals protect
their network, patient records and medical equipment from ransomware and
other malware cyber attacks:

- Backup your most important files – Make an offline copy of your medical
and patient records on an external device and with an online cloud service.
This will protect the files not only from ransomware but also from other
physical hazards, such as fires and flooding, as well. Note: external
devices should be used for backup ONLY and be disconnected immediately
after the backup is completed.
- Exercise caution – While using computers or other devices, it’s often
difficult to sense danger. Threat actors are constantly creating new ways
to bypass security systems and infiltrate networks. Stress to employees
that they shouldn’t open any emails they weren’t expecting to receive, not
to click on links unless they are from a known-and-trusted source, and if
they’re asked to run macros on an Office file, don’t!
- Have a comprehensive, up-to-date, security solution – High quality
security solutions and products protect networks from a variety of malware
types and ransomware threats. Today’s Anti-Virus, IPS and sandboxing
solutions can detect and block Office documents that contain malicious
macros, and prevent many exploit kits from entering your system, and so
prevent infection by the malware.

Ransomware is an increasingly popular way for threat actors to extort large
sums of money, as the payments are typically made anonymously using Bitcoin
wallets rather than actual bank transfers. The incentive for organizations
to pay the ransom, especially hospitals, is high.

Cybercriminals are exploiting hospitals’ vulnerabilities by threatening to
jeopardize patients’ well-being. As the use of IoT devices becomes more
prevalent and critical to the efficient operation of public infrastructures
and hospitals, and all organizations should enhance their security measures
in the cyber realm to protect their infrastructure, data and information
from the next global attack.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180125/e464ff6b/attachment.html>

More information about the BreachExchange mailing list