When it comes to industries that are under threat from cyberattacks, healthcare ranks near the top. Although attackers love to steal banking and payment information, data stolen from healthcare organizations can be up to fifty times more valuable. That’s because attackers can get more detailed and high-quality information from these records, making it easier for them to commit identity fraud.
With the increased number of IoT networked medical devices, combined with outsourced staff or MSSP contractors, and even the expanded use of Telemedicine, tablets, and smartphones–the healthcare attack surface is growing.
In addition, DDoS attacks and ransomware directed at hospitals can do a lot more potential damage than attacks against other institutions. When ransomware locks down a hospital, it can prevent people from receiving life-saving medical treatments, which gives administrators a vast incentive to simply pay the ransom and hope for the best. This creates a vicious cycle that incentivizes attackers towards even more elaborate attacks on healthcare institutions.
In one recent example, a ransomware attack shut down the entirety of Ireland’s public healthcare system, known as the Health Service Executive or H.S.E. Attackers demanded a ransom of almost $20 million, and the healthcare system was forced to rely on pen and paper records for weeks. The situation was so bad that Ireland activated its national guard to help restore the healthcare system’s computer network.
Attacks like this are no longer isolated incidents. Hospitals often don’t report ransomware incidents, but according to security firm Carbon Black, ransomware attempts on its healthcare clients increased 10,000 percent (not a typo) compared to 2019. With the average cost of a healthcare data breach now exceeding $7 million, it’s clear that hospitals are facing a much more dangerous environment.
How are Hospitals Trying to Fight Back?
When it comes to protecting themselves from cyberattacks, administrators have an uphill battle:
- Hospital IT budgets are smaller compared to other industries, and they tend to be focused on patient care and accounting systems as opposed to IT security.
- Because hospital IT budgets are smaller, over 50% of healthcare organizations are running legacy operating systems. This makes them more vulnerable to attack.
- Lastly, administrators have an additional attack surface to protect in the form of networked medical devices. Malware attacks now have the potential to damage expensive MRI machines, X-ray devices, dialysis machines, and other tools that can be vital to patient care.
With all this said, hospitals don’t have to be entirely vulnerable. How can healthcare organizations fight against malware and ransomware?
Because hospitals have an overall lower budget, they may be using whatever security solutions they can afford—a mixture of open-source security software and vendor-purchased hardware from different generations. This is common across all industries. Research from SANS shows that over half of companies use more than ten information security vendors.
The problem with this is that tools from different vendors don’t necessarily work together or share data. If administrators try to defend themselves by hopping from one screen to another to look at the siloed outputs of these tools, they’ll miss a lot of warning signs of an attack.
Therefore, one solution is to audit and consolidate existing security tools. This is also a great opportunity for end-of-life security tools that aren’t pulling their weight. SANS research shows that almost 36 percent of organizations are currently working on initiatives to consolidate their information security toolsets.
Ideally, hospitals need a mix of hardware and software that can monitor traffic both across the perimeter (north-south) and traffic inside it (east-west). They also need a solution that can help automatically flag suspicious traffic and potentially decrypt encrypted traffic. Network IDS and IPS, combined with next-generation firewalls (NGFW) are popular choices in defense, but they don’t necessarily provide all the needed coverage on their own. Only 17 percent of organizations (again referring to the SANS research) have good visibility over east-west traffic in their networks.
One way to get good visibility in a hospital network—without necessarily breaking budgets on additional tools and software—is to establish what’s known as a Zero Trust security system. As the name suggests, this is an architecture in which all users and applications on the network are treated as being potentially suspect.
Zero Trust security depends heavily on monitoring and network segmentation. Since no user or application can be trusted, every user and every application must be scrutinized for misbehavior. In addition, administrators must take steps to limit the potential fallout from any application or user that’s genuinely compromised. This means confining these users and applications to virtual network segments in which they can only access the files and databases that they’re authorized to use. This prevents a wider breach because attackers can’t use reconnaissance tools from within their network segments, which means they can’t exploit vulnerabilities in other areas of the network.
Implementing Zero Trust security is much easier said than done, but Garland Technology provides fundamental tools and technologies to make Zero Trust accessible for healthcare.
Help Prevent Cyber Attacks on Healthcare with End-to-End Visibility
Garland Technology provides network TAPs and packet brokers that ensure 100% packet visibility throughout the physical layer. For healthcare IT security, this means that adding a few small appliances to your network can consolidate the entirety of your traffic into just a few streams. Every tool in your security stack will therefore have complete access to 100% of your network, allowing them to monitor, protect, block, and analyze traffic in real-time. By extending this visibility, you’ll have vastly increased power to protect your patient information and ensure continuity of care.
Simplifying the cybersecurity stack just got easier. Garland’s EdgeLens Inline Security Packet Broker now allows healthcare teams to manage the availability of multiple inline security, as well as their out-of-band monitoring tools from one device. This reduces single points of failure, ensuring network uptime.
Looking to simplify your security deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.
