Digitally integrated healthcare allows healthcare workers to spend more time with patients and less time on administration. A doctor can enter the dosage of a drug required by a patient in a centralised system that will automatically forward the request to the pharmacy and provide an update to the relevant nursing station. But what if a hacker could penetrate the system and change the dosage?

Cybercriminals are not bad guys hiding a heart of gold deep inside. They do not hesitate to attack hospitals. Ransomware is one of their favourite weapons against healthcare services where they encrypt the hospitals’ data, preventing them from functioning, and demand a ransom to unlock the data. A hospital running one of the largest COVID-19 laboratories in the Czech Republic was hit by ransomware. The pandemic has caused a surge in cyberattacks against the healthcare sector, prompting INTERPOL to issue a Purple Notice to all 194 member countries warning of the ransomware threat to medical services.

Why Do Hackers Like To Attack Healthcare?

Don’t cybercriminals fall sick? Yes, they do. But they still attack medical services, perhaps in the mistaken belief that they and their families will be safe as long as they don’t attack local facilities. They forget that a threat actor in some other city or country will think the same thing and attack the hospitals here. Clearly the risk of affecting themselves is not a disincentive, but they also have strong incentives to carry out their attacks:

1. Ransom is more likely to be paid – Hospitals would rather pay the ransom than risk patients lives from a ransomware attack
2. Patient records have great value – An Electronic Health Record can sell for as much as $50 on the black market
3. Medical research data has great value – Competitors and even nations are willing to pay for the stolen results of trials and new procedures
4. Smart devices create more vulnerabilities – Our Cyber Threat Monitor Report lists multiple vulnerabilities, collectively known as MDhex, in healthcare devices including patient monitors and telemetry servers
5. Lack of awareness about cybersecurity – This is not exclusive to healthcare; specialists in any field are more likely to have limited awareness of cybersecurity, which is a specialisation in itself, and be vulnerable to cyberattacks

We will note here that not all vulnerabilities are deliberate or malicious. More than 1.2 billion healthcare records from across the world were found to be accessible because they were inadequately secured. 120 million of these were from India and included X-rays, MRIs, CT scans, and many others.

How Healthcare Can Proactively Prevent Digital Infections

While being hit by a cyberattack can have severe consequences for a medical facility, preventing one is largely a matter of following cybersecurity best practices:

1. Create a cybersecurity policy – Every medical facility should have one. It should lay down how cybersecurity will be managed in the organisation, who is responsible for what, and what is allowed and not allowed. Most importantly, following the policy should be mandatory. You can find guidelines for small and large healthcare organisations here, which can help you frame your policy
2. Conduct an audit of devices and networks – Listing all the devices and networks in your organisation will give you an idea of your attack surface i.e., every place that a threat actor could attack. The audit should also list if and how every device and network is secured and who is responsible for maintaining security. The audit should also cover whether the device is still supported by the manufacturer, what vulnerabilities or exploits have been discovered for that device, patches released to address such weaknesses, and whether those patches have been applied to the device
3. Maintain password hygiene – Passwords are basic cybersecurity, just like washing hands is basic personal hygiene. And just like washing hands there is a right way to be followed to maintain safety. Ensure that every device and network has a password; the password should be strong and not reused or recycled; passwords should not be shared; and passwords should be changed at regular intervals. Passwords may also need to be applied to certain services such as file sharing including sharing files with patients and their families to restrict who can access the files outside the organisation and the duration for which such access is allowed. This assumes greater importance now that telemedicine has gained prominence during this pandemic
4. Verify access permissions – Restricting access (to devices, networks, and data) to those who must have such access to perform their assigned tasks increases cybersafety. Remove access for those who don’t need that access any longer, such as staff who have left the organisation or been transferred to another department
5. Backup data – Taking regular data backups and storing the backups in a safe location will make it easier to recover from a cyberattack. Occasionally test how easy it is to restore the data to understand how much time will be required to resume normal operations after a cyberattack
6. Use cybersecurity – Using effective enterprise cybersecurity which can protect your organisation against modern attacks like phishing and ransomware reduces the risk of a successful cyberattack
7. Educate users – End users don’t have to be cybersecurity experts to thwart cyberattacks. 91% of cyber attacks are estimated to begin with a user clicking a phishing email. Understanding the basics of cyberhygiene, such as exercising scepticism before opening an email attachment or link, will help stop cybercriminals

K7 Endpoint Security protects major healthcare providers with comprehensive, multi-layered security against sophisticated cyberattacks and devious cybercriminals. Contact us to hear more about how we can help you with digital disinfection.