4 Steps to Mitigate Future Healthcare Cyberattacks

Healthcare institutions are on edge, and not for the reason you’d think. It’s not entirely because of stretched resources due to COVID-19. Instead, they fear the rising number of healthcare cyberattacks. By October 2020, Health and Human Services (HHS) received reports from 412 healthcare organizations that more than 20 million individuals had been affected by data breaches, and the number of incidents only continues to rise. We’ve seen a large ransomware attack against a nationwide hospital system, Universal Health Services, in September 2020, which resulted in a system shutdown. In Germany, when an attacker hit a hospital, a critically ill woman perished because of delays in treatment.

The most recent Ryuk threat, reported at the end of October 2020 by the FBI in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS), underscores the escalation by attackers. Nor should we expect this to change in the coming year. If a stressed healthcare system in the midst of a pandemic has not garnered sympathy from cybercriminals, nothing will. When the “next normal” starts, there will be no reprieve.

Escalating Cyberattacks Threaten Healthcare Institutions

Attacks are becoming more sophisticated over time. The implications in a healthcare setting are different than attacks on a typical IT environment; think of how catastrophic an attack on medical device behavior, reporting and even the devices themselves could be if they were altered, rendered inoperable or worked erratically. The 2020 HIMSS Cybersecurity Survey found most healthcare organizations are seeing more significant security incidents; the most common type being a phishing attack and the most common result a disruption of operations. In some cases, ransomware may affect system managers, monitoring stations or gateways that translate network traffic. It may also affect devices themselves by damaging or infecting them.

Rather than waiting to be impacted, healthcare organizations can take proactive steps now to conduct security assessments and find vulnerabilities in their networks. By building a robust and properly defended clinical environment, risk of healthcare cyberattacks are lowered. It’s no longer a question of if an attack will occur, but a matter of being prepared for when. Then, you can prepare for the next, and the one after that, and so on. By implementing four proactive steps to mitigate incident impacts, institutions are better prepared to thwart attackers.

Keep Lists Updated

When notified of an attack – whether it is imminent or underway – add all known indicators of compromise (IOCs), including both domains and IPs, to your blacklist. This will help to proactively alert you to any malicious communications associated with these attacks.

Disable Unused Devices

If possible, disable unused remote access ports, devices and unnecessary communications equipment. Attackers will be looking for these less-guarded entry points. Once they gain initial access through exposed or poorly secured remote services, they can easily spread malware throughout the institution. An advance filtering capability within your cybersecurity platform can assist in identifying any devices that are communicating externally in a suspicious manner.

Implement Patches on a Timely Basis

Device manufacturers are continually sharing patches and updates to suspected areas of concerns. Implementing these in a timely manner helps seal off any potential entry points for an attack. Consider creating an effective inventory map to track what needs to be updated.

Segment Networks to Contain Risks

Even with these proactive steps, a cybercriminal can still breach your institution’s network. You can minimize the impact of a breach by segmenting your network and isolating any potentially affected devices. If attackers can’t get beyond a limited, vulnerable area, then they will move on to an easier target, limiting your overall risk exposure.

While these steps will not stop every attack or incident, fortifying hospital networks can reduce vulnerability. As IoT and IoMT devices are being rapidly introduced, it is critical to have a system in place that allows you to identify, inventory and keep these new technology additions, as well as your existing infrastructure, securely protected.

Avatar photo

Jonathan Langer

Jonathan leads the vision and strategic direction for the company. He brings nearly two decades of cybersecurity experience to Medigate. Formerly a leader in the Israeli Defense Intelligence Corps, Jonathan commanded a team of technical analysts focused on the research of cyber-related domains.

jonathan-langer has 2 posts and counting.See all posts by jonathan-langer