The healthcare industry’s poor security posture makes it susceptible to the most basic opportunistic data attacks. The value of patient records and critical role that medical facilities play in national stability make healthcare an attractive target for financially and politically motivated attacks, according to eSentire, a vendor of continuous threat monitoring and resolution services. Its most recent industry threat report seeks to raise the awareness and education of senior decision makers about the cyber security issues facing the industry.
A dark background of gray "RISK" receding into the distance
Mark Carrel/Mark Carrel - stock.adobe.com
Growing exposure to threats
Standard business practice requires decentralized data sharing and specialized network-integrated medical equipment, both of which contribute to a rapidly expanding threat surface. In general, funds allocated to the IT department are mostly dedicated to business functions that actually increase the threat surface. Only a small fraction of IT spending in healthcare is designated for cybersecurity. Further, reliance on web portals for data sharing across entities is a core problem for the industry, according to eSentire.
Login Box - Username and Password in Internet Browser on Computer Screen
flashmovie - stock.adobe.com
Substandard authentication of users
Many healthcare organizations use single-factor authentication for their VPN services and have devices running the outdated Windows XP operating system. In fact, the most startling observation was the mass exposure of services that require only single-factor authentication, which are attractive targets for brute force attacks to acquire passwords.
Time To Upgrade Your Old PC
JcJg Photography - stock.adobe.com
Outdated, exploitable software
eSentire personnel conducted open-source intelligence investigations on healthcare organizations, putting themselves in the role of a potential attacker to assess vulnerabilities. Results revealed massive threat surfaces, including publicly accessible network admin panels, unsecure web services for patients and several devices exposed to the Internet and running outdated software. Commonly exploited software included OpenSSL, Microsoft Windows Server 2003, PHP, Apache Struts and Microsoft IIS.
data access phrase made from metallic letterpress blocks on black perforated surface
Yury Zap/Yury Zap - stock.adobe.com
Transparent access protocols
In one organization studied by eSentire, it found a network admin panel that was left exposed, requiring only single-factor authentication to gain access. Remote administration login traffic occurred in clear text, making credentials and business activity susceptible to interception. This organization uses at least one consumer-grade Linksys router known for numerous vulnerabilities and lacking f security features found in professional-grade routers. Also exposed was MySQL, SMB v1 and Telnet. Patient records kept on the MySQL server present easy access to hackers.
lassedesignen - stock.adobe.com
There are many tools available to hackers—both free through development platforms like Github and for sale in the underground markets—that can efficiently scan the Internet for common vulnerabilities. These markets can be accessed through the Dark Web, a layer of Internet activity that runs on anonymized peer-to-peer connections and is frequented by threat actors conducting business. Vulnerabilities going back to 1999, such as CVE—1999-0517, are still regularly attacked by opportunistic threat actors.
Point Of Sale System With Wide Screen Monitor On White Background
yiap sf/design56 - stock.adobe.com
Easily hacked point-of-sale devices
Another commonly observed attack on hospitals is the hijacking of point of sale devises such as credit card readers used in payment processing. For example, after a breach of 3.7 million health records, Banner Health reported that threat actors had compromised more than one of their hospitals’ cafeterias for payment information.
weerapat1003 - stock.adobe.com
Massive phishing attacks
Healthcare organizations tend to have a larger ratio of phishing traffic, compared with other industries, because the email addresses of healthcare professionals are less protected from the public than the addresses of executives in other industries. Healthcare personnel also are more likely to open a phishing email partly a result of the fact that they receive a high number of emails in the process of ordering drugs and equipment, and collaborating with other healthcare providers.
/serpeblu - stock.adobe.com
Increasingly common HeartBeat threats
Another common observation on healthcare networks is the presence of malformed HeartBeat requests, which is an alert raised when attackers attempt to exploit the Heartbleed vulnerability. There also is a high degree of Android exploit attempts, possibly related to patients and visitors using the guest networks.
bht2000 - stock.adobe.com
Widening security gap
The weak security posture of the healthcare industry is an escalating problem, eSentire warns. The industry’s lack of cybersecurity awareness combined with steady advances in technology, such as IoT pacemakers, life monitors and prosthetics, will continue to expand the industry’s threat surface.
Business, technology, internet and networking concept. Young businessman working on his laptop in the office, select the icon Data breach on the virtual display.
putilov_denis - stock.adobe.com
Looming breach catastrophes
Healthcare organizations are hesitant to dedicate budget to cybersecurity, yet they continue to spend in other areas of information technology. This mindset will likely shift—sooner than later—and likely in response to a catastrophe rather than as a preventative measure.