Tech mistake |Cybersecurity-insiders.com recently painted a picture of what a worst-case scenario looks like for a healthcare data breach. In the story, they play out a scene where a resident works on a stroke patient. While performing critical lifesaving care, the CT scanner in the simulation suddenly seizes and displays a message demanding Bitcoin payment. The resident, thankfully, just working through a training exercise, is left to complete diagnosis and treatment without a critical piece of equipment.
Let that sink in a moment. Healthcare facilities are the most critical facilities we have. They house critical medical records, diagnostic equipment, and machines used for lifesaving intervention, and they are the targets of cybercriminals.
When Everything Goes Wrong
How real is the threat to healthcare? By one measure, Sutter Health, based in Northern California, fended off an astounding 87 billion cyber threats in 2018. The Sutter team used artificial intelligence to triage threat vectors, applied software patches, and blocked email address suspected of propagating a phishing attack.
While Sutter Health has been successful fending off cyberattacks, the United Kingdom’s National Health Services (NHS) has been less fortunate. In 2017, the NHS had approximately 200,000 computers crippled by the WannaCry strain. As a result, over 19,000 appointments were canceled and spent over £92 million on remediation and upgrades to NHS information technology systems. The probable point of entry into the NHS network was an antiquated instance of the Microsoft Windows XP operating system.
Post recovery, the NHS has committed to an additional £150 million over three years to upgrade further and harden their technology footprint. In a move that might be described as “better late than never,” the NHS is also migrating to Microsoft Windows 10 with the modernization efforts.
Common Cyberattack Scenarios
Most cyberattack scenarios fall into a few primary categories, including:
- Malware: malicious software, including spyware, ransomware, viruses, and worms
- Phishing: sending fraudulent communications that appear to come from a reputable source, usually through email
- Man-in-the-Middle Attack: also known as eavesdropping attacks, that occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data
- Denial-of-Service (DoS) Attack: floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests
- SQL Injection: an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not
- Zero-day Exploit: hits after someone discovers a network vulnerability but before a patch or solution can be pushed out
- DNS Tunneling: utilizes the DNS protocol to communicate non-DNS traffic over port 53
Referring to the examples above, the NHS was struck with malware, specifically of the WannaCry strain. For over a year, the Sutter Health case resulted in billions of threats that had to be repelled. But it only takes one breach to cause problems.
What Can You Do About It?
Measures to mitigate threats vary, but the basics of cybersecurity stay the same:
- Keep systems and anti-virus databases up to date
- Train employees
- Configure firewalls to whitelist only the specific ports and hosts
- Use strong passwords and refresh them frequently
- Use a “least-privilege” model in the IT environment
- Make regular backups
- Continuously monitor and audit IT systems for suspicious activity
Along with the basics, smart organizations are looking beyond the legacy approach of merely installing anti-virus software on every computer and device on the network and leveraging the power and efficiency of the cloud and big data to secure their vulnerable endpoints. As an example, Carbon Black’s endpoint security software uses predictive analytics to advance endpoint protection, not just against known, but unknown or emerging threats.
Better Safe Than Sorry
For businesses, losing large amounts of revenue or clients due to a cyberattack is the worst-case scenario. But it goes beyond that, especially in the example above within the medical field. Customers and patients expect their information to be secured. However, this is why corporations spend large amounts of money on cybersecurity prevention methods. It’s better to be safe than sorry and prevention methods are a fraction of the cost of what could be lost due to a cyberattack.