There’s no shortage of cyberthreats facing the health care sector, but none have been quite as damaging in recent months as ransomware. It all started with the Hollywood Presbyterian Medical Center attack in February, which ended with the facility paying hackers $17,000. From there, two more SoCal hospitals, Chino Valley Medical Center and Desert Valley Hospital of Victorville, were attacked. Shortly after, Methodist Hospital in Kentucky was infected. Next in line were several facilities that were a part of the MedStar health network in Maryland. And finally, in what might be one of the most precedent-setting cyberattacks to date, Kansas Heart Hospital was infected with ransomware, paid the hackers, and then received yet another ransom.
What’s more, ransomware isn’t the only threat to health care organizations. There’s a long list of ways in which hackers are gunning for this sector – extortion just happens to be the most effective. While these facilities can hardly be held responsible, there are several common actions that increase their exposure to cyberthreats. Let’s take a look at some of them:
1. Careless privilege escalation
Often, social engineering scams such as phishing and increasingly “whaling” – which entails posing as an executive in emails for the sake of cybercrime – will target department heads and even the C-suite. These high-level professionals often have greater access to more company resources and data, especially in small and medium-sized organizations. As a result, a breach of these email accounts can potentially cause more damage than a breach of a lower-level employee. This is not to suggest that executive privilege escalation is curbed; however, it’s vital that they are made aware of best security practices to avoid ransomware and other forms of cyberattacks.
2. Not thinking twice about file attachments
To that end, some departments such as human resources are required to open numerous file attachments from unknown or first-time senders by very nature of their job. Hackers are aware of this, which is why PETYA, a form of ransomware that is delivered through fake job applications emails, is such a dangerous threat. The problem is, not all staff are trained in such a way that they know what to look out for. This is not the fault of any one particular employee, but rather, a more systemic failure that requires companywide intervention. Executives need to take a leadership role in educating the lines of business – from surgeons to custodial staff – about best cybersecurity practices. This includes mobile-device security. Failure to address these issues poses critical threats to hospitals and other medical facilities.
3. Relying too heavily on perimeter defenses
According to Keith Baylor, security engineer for Arctic Wolf Networks, one of the most common problems he sees in health care organizations’ cybersecurity strategies is too much focus on preventative cybersecurity.
“While they may put the checkboxes in for their compliance regulations so they have good perimeter security, they don’t perform the necessary functions internally to solidify the core and make everything more secure,” Baylor said.
“Once the malware is on the system, preventative defenses are useless.”
The problem here is two-fold. First, social engineering schemes by their very nature are designed to circumvent firewalls and web gateways by tricking employees. Furthermore, Baylor noted that increasingly, hackers are managing to sneak surveillance malware onto the system before the actual ransomware as a way to scout out file types, and a get a sense of how much they can demand in ransom. Once the malware is on the system, preventative defenses are useless. Not to mention, perimeter security doesn’t address insider threats.
Secondly, preventative security must frequently be updated, swapped out or removed altogether. This is because out-of-the-box solutions might do one thing really well, but none of them do it all, and none of them are very much help once hackers have discovered a way in.
Rather, Baylor recommends creating a strategic approach to cybersecurity. One of the best ways to do this is with managed detection and response (MDR). As implicit in the name, an MDR service provider manages network cybersecurity by helping an organization preempt attack paths, detecting threats early with network monitoring and responding once these threats are detected.