How providers can bolster their ransomware defenses
It’s become clear that the ransomware attacks on hospitals are increasing in scale and sophistication and becoming a serious threat to patient lives and health.
In 2016, a California hospital became the first to pay a $17,000 ransom to cyber criminals who held its medical records and crucial computer systems ‘hostage’ for over 10 days. Just this year, a worldwide attack using sophisticated cyberwarfare tools stolen from the National Security Agency hit more than 40 hospital systems across the UK and US, causing widespread disruption. Even medical devices, including vital radiology equipment used in MRI scanners, have been infected by ransomware.
These attacks are set to increase, as the growth of “connected healthcare” from wearable health technology to surgical robots widens the number of potential targets for hackers. Increasingly hospitals are making their digital systems interoperable and also sharing patient data with external data analytics companies to create personalized predictive healthcare, further expanding the potential attack surface.
As access to healthcare data and systems is literally a life-or-death issue, hospitals form an increasingly lucrative target for those engaged in online extortion, and there is now a black market in trading stolen healthcare data for blackmail. It is conceivable that, in the future, hackers could even maliciously tamper with medical devices so that they malfunction during operations or alter electronic medical records so that people are prescribed the wrong treatments.
With nation state-backed hackers recently suspected of targeting Ukraine’s national grid and US elections, there is also an obvious threat from nation states using cyberwarfare tools to wreak havoc across an opponent’s healthcare systems.
The latest attacks, such as WannaCry, involve automated “cyber weapons” stolen from national intelligence agencies that can autonomously find and exploit any vulnerabilities in hospital systems or networks at a speed and scale equivalent to an army of human hackers. These ransomware attacks, known as worms, contain a transport mechanism that enables them to autonomously reproduce across any healthcare networks or systems that share a common vulnerability, massively multiplying the scope and impact of a single attack.
This means that just one unpatched computer vulnerability now can form a potentially devastating single point of failure across thousands of hospitals and their external partners. The growing automation of very sophisticated hacking techniques is enabling even amateur hackers to launch attacks with nation-state level expertise.
And while criminals targeting hospitals now have a self-reproducing army of automated hacking tools at their disposal, the human cyber teams defending against them are severely depleted. There is greater demand for cyber security professionals in healthcare than in any other industry, with almost a third of the world’s health organizations reporting that they need to increase their cyber staff by more than 20 percent, far exceeding the available supply of talent. Hospitals simply do not have the human resource needed to go through their networks and systems, line-by-line, to find all the latent vulnerabilities that could let hackers in.
As a result, in a race against time to find vulnerabilities before the attackers, pioneering healthcare organizations such as the UK’s National Health Service have turned to intelligent virtual auditing software and deployed the same “virtual auditors” used by organizations such as NATO and the FBI.
Traditional scanners have not been able to reproduce the skills, detective abilities and expertise of a dedicated human security tester and have left gaping holes in hospital defenses. These new smart virtual auditors can model thousands of a hospital’s networked devices, analyze their configuration and provide line-by-line assessment of both security flaws and their fixes in a fraction of the time.
Organizations such as the Department of Defense have found this technology can comb hundreds of systems for vulnerabilities with the skills and expertise of human security auditors, far faster than traditionally possible. This has helped free their “cyber experts” from essential, but time-consuming, system “housekeeping,” thus enabling them to focus on other critical projects.
These manpower efficiencies make sense in all public sector organizations, but particularly in healthcare organizations, which lack both cash and manpower.
Many hospitals across Britain were able to successfully defend themselves against the WannaCry cyberattack, partly by using virtual auditors to scour their systems for any weaknesses in their defenses, so they were protected against the cyberattack.
Now, vendors are also adopting this technology to protect themselves and their customers. ZirMed and Curaspan have recently upped their defenses in this way in response to rising ransomware attacks.
In the future, we could see hospitals deploy virtual cyber security teams collaborating to feed intelligence into a central system, creating a vast responsive architecture capable of anticipating and counteracting dangers with speed, efficiency and accuracy.
The best defense against the new phenomenon of advanced virtual hackers is for hospitals to take a leaf out of the attackers’ playbook and create a legion of advanced virtual cyber defenders to secure vital health data and systems.