Tamer Odeh, Regional Director at SentinelOne in the Middle East, emphasizes the importance of cybersecurity in the healthcare sector across the GCC.
Looking back at our post on healthcare and cybercrime back in February, it’s astonishing that we were referring to COVID-19 as the “Wuhan Coronavirus.” Back then, no one could have anticipated the impact of the virus. In the 7 months that have passed since, we have witnessed a major shift in the way enterprises, educational institutes and even government agencies work. Almost everyone has shifted to remote work,
Hospitals, care and research facilities, however, are one of the key exceptions to the trend towards remote work, and by necessity have maintained “business as usual.”
The spread of the pandemic meant that these institutes were, and still are, at the forefront of the global human effort to fight the virus. As such, some of us might have imagined that this critical sector would be spared by cybercriminals, but we have been proved wrong. The COVID-19 era is characterized by a steep rise in cyber-attacks, from different perpetrators and for different motivations, and the healthcare sector hasn’t been spared.
By August, the situation had become so severe that the president of the International Committee of the Red Cross warned the U.N. Security Council about the increase in cyberattacks targeting hospitals: “If hospitals cannot provide life-saving treatment in the middle of a health crisis or an armed conflict, whole communities will suffer”.
How Well is Healthcare Cyber Security?
Let’s begin by reviewing the factors that contribute to the healthcare sector being at high risk from cyber threat actors.
Weak infrastructure, under extreme stress
Hospitals’ IT infrastructure is big, complex and oftentimes dated. Hospitals and healthcare facilities have not been required in the past to adhere to stringent cyber regulation in the same way that banks, insurance companies and critical facilities have. Many of them rely on old, legacy systems and lack the qualified manpower to maintain these and face novel security threats. The entire IT infrastructure of hospitals is under extreme stress nowadays, due to remote work and under constraints related to COVID-19, as well as growing demand for their services.
Rogue devices
In addition, hospitals and care facilities were forced to implement remote monitoring technologies overnight to accommodate COVID-19 patients. This meant that they purchased off the shelf IT, communication equipment (such as home routers), IP cameras and other sensors, all connected to the local networks. This means that alien devices were introduced to sensitive environments without proper due diligence. Many of these devices have default credentials and could serve as an entry point to the network from afar.
Telehealth
COVID-19 also sped-up the adoption of Telehealth (aka Remote health), health apps and remote monitoring equipment. If we were to speculate, the speed of which these technologies were adopted did not allow for proper penetration testing and verification- meaning that the attack surface has been increased tenfold.
Third-party risks
Healthcare institutes work with a multitude of 3rd party vendors- suppliers, service providers, state and federal agencies, universities and NGOs. This supply chain embodies a significant risk, since it is extremely difficult to ensure that all these providers are up to the same cybersecurity standard, a weakness that attackers often exploit.
Tired staff, weak security culture
It’s no secret that tired, overworked professionals make more errors. This is true for surgery and also for cybersecurity. Healthcare staff don’t exactly have the best cybersecurity practices to begin with: one research found that physicians rarely locked their workstations when walking away to treat a patient even though they were supposed to. Add in the fact that they have been working extra hard for many months, it’s unsurprising that there will be more IT-related mistakes, ones that could put the entire organization in jeopardy.
All the factors discussed above contribute to the fact that healthcare facilities suffer badly from cyber attacks.
How Cyber Attacks on Healthcare Have Intensified During COVID-19
Last month, pharmaceutical giant Pfizer had its online data storage units hacked, exposing scores of victims to phishing scams.
Aamen, which translates to safe from Arabic, was launched by Abu Dhabi’s Department of Health on Sunday to prevent such attacks.
Protecting Healthcare Against Cyber Threats
As the healthcare cybersecurity situation degrades, there are some international, national and private initiatives attempting to improve things.
These are great initiatives that should have real impact in places where they can have influence, but no matter how positive and encouraging these initiatives are, it is still mostly up to the healthcare institutes themselves to fight off this offensive
What Can You Do?
In medicine, it’s often said that an ounce of prevention is worth a pound of cure. This is true in cybersecurity as well. Here are some things that could immediately improve the cybersecurity posture of healthcare facilities:
Awareness and email security – many cyber-attacks utilize humans working at healthcare facilities. Better awareness will reduce their chances of downloading suspicious documents or clicking suspicious links. There have been so many examples of recent attacks on healthcare facilities that creating a realistic phishing simulation should not be too difficult.
Internet-facing devices – email isn’t the only penetration vector. Many cyber-attacks utilize open ports and remote access protocols. This is a pure IT hygiene issue that requires care and attention, but it is doable. Only necessary ports should be opened to the internet. In fact, researchers found vulnerable RDP ports increase the likelihood of a successful ransomware attack by 37%, and certain hackers are specifically stealing and selling RDP credentials on the darkweb.
Credentials Theft – once entry is gained, attackers utilize readily-available tools such as Mimikatz to access servers and spread across the network. These utilize aggressive password spraying and other credentials stealing techniques. Having robust passwords will reduce the chances of these succeeding.
Endpoint security – endpoints are the critical means of entry to your network and your assets. Having an advanced endpoint security solution on all endpoints and servers is a necessity to improve your healthcare organization’s cybersecurity resilience.