.png?width=40&height=40&name=search%201%20(1).png){kind=small}
When you’re a patient at a hospital, the last thing on your mind is how secure the hospital’s electronic records are. All you want to do is recover.
Both patients and staff should be concerned about the safety of digital healthcare information, however, ransomware attacks have crippled hospitals in both the US and Canada within the last few months.
Ransomware isn't the only risk, though. Patient and physician data have been stolen through data breaches. Lastly, medical devices themselves—pacemakers, insulin pumps, and other lifesaving equipment--have also been shown to be insecure. Ransomware attacks and data breaches will continue to devastate hospitals and healthcare organizations, unless they take steps to protect electronic healthcare data.
At the beginning of February 2016, staff at Hollywood Presbyterian Memorial noticed what they called “significant IT issues.” The “significant IT issues” were later attributed to a piece of ransomware called Locky. Ransomware such as Locky encrypts data so that no one else can access it.
Hospital employees told reporters that their files had been encrypted, and that the data was being held ransom for over 3 million bitcoins. This caused hospital’s computers to shut down for over a week, including those in the pharmacy, labs, and CT scanning unit. Employees used pen and paper to record patient data, and some patients were transported to other medical facilities.
Ultimately, hospital officials paid $17,000 in ransom so Hollywood Presbyterian Memorial could continue operating as usual. The hospital came under fire for its decision to wait over a week to pay the ransom.
Data breaches at hospitals and healthcare organizations wreak havoc. And hospitals and healthcare organizations are equally unprepared for data breaches as they are for ransomware attacks.
What’s most troubling about data breaches involving healthcare records is that it’s difficult to figure out where the breach originated. Third parties, such as billing companies, handle a high volume of healthcare information. When data breaches take places at these firms, neither the doctor nor the patient may even be aware that these third parties had access to their information.
So, what can happen to this data once hackers steal it? Hackers post it to online forums, of which criminals and fraudsters around the world are members. In April 2015, the digital security firm Bitglass published the results of an experiment on where stolen data spreads. Its threat research team synthesized over 1500 fake names, Social Security numbers, credit card numbers, addresses and phone numbers, then posted them online in a spreadsheet with a digital watermark. Every time someone opened the file, the digital watermark would record the viewer’s information and send it to Bitglass. People on five continents viewed the spreadsheet within two weeks, including known members of criminal organizations.
Here’s a terrible thought: what if hackers skipped the middleman? What if, instead of targeting hospitals for ransom or for data, they went right to the source and targeted the devices keeping you alive?
Security researchers have known for years that medical devices were vulnerable to hacking. Back in 2013, presenters at Black Hat demonstrated how they could hack an insulin pump to deliver a fatal dose. What’s more, medical device manufacturers refuse to consider that they are creating vulnerable devices—and by extension, vulnerable patients.
According to Forrester Research, ransomware, apart from affecting hospitals, is the next big trend in medical device hacking. We’re looking, potentially, at a scenario where hackers could take control of an insulin pump, a pacemaker, or a dialysis machine—something connected to you that’s keeping you alive—and say, “unless you pay us right now, these devices will break, and you will die.”
Even more unsettling, this report forecasts that this eventuality isn’t a few years down the road. The first instances of medical device ransomware will probably occur by the end of 2016.
Ransomware attacks, data breaches and medical device hacks do not have to be a fact of life for healthcare organizations and hospitals. They can be stopped in their tracks with the right tools.
Network visibility is vital to keeping healthcare information safe from hackers and criminals. Along with the list of must-have security tools, such as NGFW, IPS, WAF, etc., you need to ensure the tools can see all the packets traveling over the network. The only way to guarantee 100% visibility and packet capture is with a network test access point (TAP). When IT administrators come across something that appears suspicious, they can take actions to prevent its spread as well as diagnosed research into how the threat gained access to the network.
Looking to add inline or out-of-band security monitoring solutions, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.
