Cyber attacks are to the health care system and the economy what COVID-19 means for human health. Despite many hackers declaring that they would not attack hospitals, the reality is unfortunately somewhat different. According to the latest reports, cyber attacks are currently on the rise, especially in this sector.
Healthcare staff are doing a tremendous job for the community, particularly at the moment. Not only are they guaranteeing all vital measures and making sure that the system remains in operation, but they are also constantly working to improve treatment and patient care by using new technologies, thereby improving the situation as quickly as is possible. However, there are also weak points associated with these technologies which are being exploited by cyber criminals at this very moment. What exactly are these dangers?
There are multiple cyber risks within the healthcare sector
The health sector is facing enormous challenges in terms of cyber security, and not just currently. Healthcare facilities – from small private surgeries to large hospitals – are having to face the risk of theft, the modification and manipulation of patient's electronic medical or financial data, and also of system break-ins. This means that patient care and responding to health emergencies may be at risk. The latest corona crisis exacerbates the situation by requiring that changes to an existing hospital or critical medical technology be made under immense time pressure, and without being able to carry out the necessary tests in advance. This also increases the risk of undetected vulnerabilities.
Networking heightens security risks
Meanwhile, hospitals are becoming more and more dependent on IoT (Internet of Things), resulting in huge increases in networking. However, this also heightens the risk of these systems being manipulated. For example, if a hospital has integrated IoT devices in its internal network and these are hacked, they can be used for a type of attack known as Distributed Denial of Service (DDoS) to launch an attack on another institution or to send spam e-mails. As well as this, in a healthcare application, attackers can specifically encrypt or manipulate patient data. As a result, an entire patient's history can be lost in one fell swoop, so making treatment considerably more difficult. Unfortunately, we have not made up these scenarios, they are a reality. Our experts from the InfoGuard CSIRT (Computer Security Incident Response Team) have been called in to help in exactly these kinds of cases.
There are many different threats – from malware (system integrity and patient privacy) to ransomware (demands for ransom), phishing and data protection breaches (violation of privacy and personal rights) all the way through to DDoS. This list of cyber attacks is by no means exhaustive; it is more like a summary of the most important and costly incidents. Did you know that on the black market, patient data is often worth more than classic credit card information? Once again this demonstrates why the health care system is so attractive to attackers.
Cyber attacks compromise patient care (but not just)
These risks can also directly affect patient care. Although other areas with critical infrastructures can also be affected by attacks like these, the healthcare sector poses a specific challenge. As we have said before, the impact of cyber attacks can go far beyond financial loss and invasion of privacy. In the health sector, what is at stake is pain and suffering and people's lives.
But the healthcare sector is not the only place that cyber attacks can have a perceptible and tangible impact on our daily lives. Particularly in the age of digital information and communication, they are a sad reality. Attacks on critical infrastructure and vital public interest services and utilities are on the increase, and they pose a serious threat to the health and well-being of the general public in the areas of health, energy, food, water, telecommunications and transport.
Strengthening resilience to cyber attacks
Imaging software for radiology, video conferencing systems, surveillance cameras, mobile devices, printers, routers and digital video systems used for online health monitoring and remote procedure – these are just a few of the many IT and OT applications that are at risk of being compromised. Regrettably, the current security procedures and strategies used in the health sector are often unable to keep pace with the scale and scope of cyber attacks. Yet, if institutions are not adequately protected, hospital information systems, practice administration systems or control systems for medical equipment can be an open door for cyber criminals. Cyber attacks on health systems and other critical infrastructures are a transnational issue and pose a threat to public health. Hence, cyber security needs to be high on the agenda of every healthcare institution – and not just when something goes wrong.
Fighting the coronavirus together!
No matter how high they are, security walls are no longer adequate these days. Attackers will always be able to find a way into the network. That's why it is crucial to detect and react quickly to security-related events. It is the only way to minimise the effects of a cyber attack and boost the cyber security system's own “immune system”. This is why InfoGuard is committed to the Swiss healthcare system in the difficult current climate. To this end, we are providing hospitals with our expertise quickly, simply and free of charge. This will enable them to focus on normal IT operations and medical care.
Hospital infrastructures are being put to the test
So what does this kind of support consist of? Below is one possible example of a check of exposed systems, carried out free of charge, for any potential areas of attack or vulnerabilities, to enable a hospital to take proactive measures. Checks like these are generally carried out in a three-step process:
- Identify the services and all potential vulnerabilities
A detailed discovery and vulnerability scan is performed to check the current infrastructure for potential existing and known security flaws.
- Carry out a penetration test
InfoGuard experts use an external penetration test to analyse systems exposed to the Internet for existing attack surfaces and vulnerabilities.
- Analysis of web-based applications
Anonymous application audits are used to test the web environment using the OWASP (Open Web Application Security Project) test catalogue and self-developed test modules.
In order to ensure security in day to day hospital situations during this special COVID-19 crisis, we carried out this kind of check at the Bülach hospital. The result was very positive for the managers and they received a good report. Our experts were only able to identify a few areas of potential for optimisation and they recommended a targeted staff awareness-raising campaign. In an earlier article, we already looked at how this can be done in practice.
If you need to, please contact us for this kind of project. We will overcome this crisis together! We would be only too glad to provide you with support in these challenging times.