Safeguarding healthcare against cyber threats

In healthcare, cyber security is critical. RamVaidhyanathan, IT security and cyber risk analyst,ManageEngine, explores the impact of cyber threats on the healthcare industry and shares his tips for better protection.

According to the International Monetary Fund, the global GDP was close to £66 trillion at the end of 2018. Assuming that 10% of this value was spent on healthcare, as it was in 2015, that would make the world’s healthcare market worth £6.6 trillion. And, assuming a 3% spend rate on this figure, the healthcare industry likely spent around £198 billion on IT in 2018.

IT spending in healthcare will grow at a fairly fast clip in the years to come as investments in value-based care, patient engagement services, connected medical devices, multi-cloud environments, data analytics, and mobile applications gain ground. And, as emphasis is given to preventive healthcare on top of treatment, IT spending will likely increase even faster to keep up with the growing list of services healthcare organisations provide. All of this means increased personalisation for each patient and better productivity among healthcare staff. Nevertheless, at the same time, these improvements will increase the attack surface for healthcare organisations and the potential risk of cyber attacks.

Why would cyber criminals want to target healthcare?

In 2017 the NHS fell victim to the devastating WannaCry ransomware attack which shut down hundreds of thousands of computers across the organisation, demanding payment for decrypting seized data. A third of hospital Trusts and 8% of GP practices were affected and 19,000 patient appointments were cancelled. Beyond disruptions to service and the cost of the clean-up operations and IT security upgrades, healthcare organisations must also consider the risk to patients’ personal data. Electronic health records (EHRs) are thought to be more valuable than stolen financial data on the dark web. This is because each EHR may contain rich information including the patient’s name,


gender, medical history, progress notes, prescription details, test results, radiology images, and insurance data. A cyber criminal could use this information to commit identity theft, buy medical equipment or drugs, or file fictional insurance claims.

A typical cyberattack at a hospital

A cyber criminal could use numerous techniques to intrude into a hospital’s network. However, it might be useful to look at a scenario that follows a typical hacker’s modus operandi.

A front-end employee at a hospital gets a spear phishing email from a cyber criminal disguised as the hospital’s head of operations. The email demands that the employee open an attached Word document, fill out some details about patient profiles, and send it back urgently. The employee yields to this without thinking twice as everything looks legitimate. However, the moment the employee

opens the Word document, malware starts downloading onto the employee’s machine without their knowledge. The malware allows the attackers to obtain this employee’s account credentials, through which they can access all the applications this employee has access to. From there, the attacker can lurk and move laterally in the network. They can sniff out particular servers, including domain controllers, that store all authentication information; many cyber criminals do this using a port-scanning technique, which lets them know which applications run on a machine. Finally, the attacker gains privileged access to the EHR database. In another example, imagine a scenario in which a criminal is disguised as a janitor with a fake ID, gains the trust of security staff over a week, and then simply has one of the security guards let them into the chief of medicine’s room which “needs to be cleaned” at 12:30am, when the chief is usually not around. Once inside, the hacker gains access to the complete EHR database by logging on to the network using the chief’s password, which was obtained via dictionary attack from a remote location. By using the chief’s office, the hacker makes the database access appear legitimate rather than criminal. A similar incident was depicted in the 1993 movie The Fugitive, but it’s not that far-fetched, even in 2019.

How to stop cyber attacks in healthcare

Here are five ways healthcare organisations can defend against cyber crime:

MAY 2019

Ram Vaidhyanathan, IT security and cyber risk analyst, ManageEngine

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72