JJ'Studio - Fotolia
Healthcare security service providers are on the frontline of a sharp rise in attacks against hospital and healthcare facilities.
Since the beginning of the COVID-19 pandemic, cybercriminals have increasingly targeted the healthcare industry with ransomware, a type of malware that encrypts data on an infected device and any attached devices or drives. When successful, ransomware attackers can disable the victims' devices, steal sensitive information and coerce victims into making payments in exchange for their data. In October 2020, the Cybersecurity and Infrastructure Security Agency, the FBI and the U.S. Department of Health and Human Services issued a joint warning to U.S. hospitals and healthcare providers about the growing threat.
"There's a number of persistent threats that I think really are spread across not just healthcare, but most large, industry-based organizations that maintain PII [personally identifiable information]," noted Jeremy Hehl, vice president of business development with Cyderes, the security-as-a-service division of Fishtech Group. Based in Kansas City, Mo., Fishtech Group is a cybersecurity services provider that works with more than a hundred healthcare-based customers.
Due to their complex IT infrastructures, healthcare organizations make attractive targets for ransomware attacks, Hehl said. "You look at these large healthcare systems, and it feels like there's this never-ending deluge of ransomware that's taking place across hospital infrastructure most of the time, because you have these sprawling networks and … infrastructure where there are many, many vulnerabilities."
Ransomware is a big issue, and ransomware gangs are doing more than ever to ensure they get paid, said Mike Pedrick, director of cyber consulting at Synoptek, an MSP based in Irvine, Calif. "Part of that, of course, is helping themselves to sensitive [healthcare] data and threatening the victim with distribution of that data."
A high-stakes security situation
Ever-evolving tactics have made it challenging for healthcare security services specialists to keep up with ransomware attacks, which can have life-or-death consequences.
"2020 was the first year that we actually had a direct correlation between a cybersecurity incident and … a human death," said Stephen Jones, senior director of cybersecurity at Dataprise, an IT services firm based in Rockville, Md. "In Dusseldorf, Germany, the University Hospital had been hit by ransomware. A patient had to be directed to another hospital and died … in transit because they did not get access to the hospital."
For healthcare organizations, the pandemic has exacerbated security challenges and strained resources. The strain has been felt not only from shortages in healthcare staff, but also from having to route funding and resources to COVID patient care, instead of cybersecurity programs, Jones said.
The increase of remote work and telemedicine has also put organizations in a vulnerable position. Physicians, nurses and office staff working remotely have established the need for zero-trust architecture, Hehl said. Zero-trust architecture focuses on determining which users should have authorized access to data within the healthcare infrastructure, implementing strict authentication requirements to grant that access. "That's the next step: getting into the zero-trust architecture where nobody is trusted until they are proven they can be trusted by verifying identities," he noted.
Channel firms address healthcare's vulnerabilities
In the interest of efficiency and better patient care, technology has taken the day-to-day efforts of healthcare providers to a new level. Synoptek's Pedrick said healthcare facilities have countless equipment connected to the internet to give medical professionals visibility into the patient care environment.
Those advancements, however, have created more weak points for attackers to gain access to sensitive data. "[It] makes [healthcare professionals'] jobs easier, and it accelerates the opportunity for care for the patient but also accelerates the opportunity for compromise to a wide number of systems," Pedrick said.
To address IT infrastructure vulnerabilities, healthcare security services firms are developing stronger barriers for their customers to minimize threats. These efforts include ensuring customers invest properly into their IT security programs -- a tall order during a pandemic.
"To effectively secure the perimeter of any organization, you have to have visibility and you have to have the compute strength to be able to access the information that you're aggregating in near real time," Hehl said. "What is happening is that we have a serious shortcoming in terms of … security resources and visibility. A lot of healthcare organizations do not staff in an appropriate way to maintain vigilance regarding … vulnerabilities in the critical infrastructure."
Stephen JonesSenior director of cybersecurity, Dataprise
Ideally, healthcare organizations should run regular assessments -- annually or quarterly -- of their security postures, according to Hehl. Additionally, organizations should develop a plan to shore up gaps, enhance visibility into environments and provide security training for employees. Extending a team of security professionals to monitor any data that moves in and out of the organization would also be ideal. Channel firms can provide monitoring and response services to handle compromises or threats, Hehl noted.
The importance of backups
In addition to upping customers' security measures, healthcare security services providers can also ensure customers have a data backup plan. When an organization is hit by ransomware, there are typically two options to move forward: pay the ransom, which most experts would agree is a universally bad idea, or reject the attackers and restore data from backup.
"We … are very big on making sure our customers have a fallback plan," Dataprise's Jones said. "The biggest fallback plan for ransomware is to have your data backed up, so we are really upgrading our offerings around business continuity and disaster recovery (BCDR)."
Jones noted that BCDR is "a big push" for Dataprise in 2021. "We're bringing in new offerings around this to make it really affordable and really easy for organizations to back up all of their systems to a safe cloud space," he said.