Providers need to be vigilant in searching for botnets
The recent urgent alert from the U.S. government on new cyber security threats coming from North Korea is a call for immediate action by healthcare organizations, says Lee Kim, director of privacy and security at HIMSS North America.
The alert explains indicators of compromise, malware descriptions, network signatures and rules to detect North Korean cyber activity using a denial-of-service botnet that collects and controls Internet-connected devices.
Providers that don’t have intrusion detection software need to seriously consider getting it to detect data going in and out of the network, Kim advises. Without such detection software, a botnet could be delivering an organization’s data to an Internet Protocol address with which the organization does not have a business relationship, Kim explains.
Also See: 10 things your next firewall must do
Further, a healthcare organization should be frequently monitoring the speed of its network; slowness, related to high bandwidth usage, could be the work of a botnet.
“You need to know that, when you have a denial of service attack, it can crash machines, and the botnet can lead to execution of commands to leach data out the door,” Kim contends. “The purpose of intelligence is to stay ahead of the threat, and if the network is crippled, you can’t get claims validated. You need to get ahead of it, so hire help if you don’t have the capabilities.”
Kim also advises conducting a comprehensive risk assessment of vulnerabilities and hardening networks and systems at risk now rather than when a problem arises. Remember, she cautions, some hospitals hit by the WannaCry ransomware virus had to turn patients away. “You don’t want to be in that position,” she adds.