Securing Internet-Connected Devices in Healthcare
The theme for the third week of 2020 Cybersecurity Awareness Month is “Securing Internet-Connected Devices in Healthcare”. In 2020, as the COVID-19 pandemic has raged, many hospitals have suffered the added blow of being victims of cyber criminals. United Health Services suffered what might be the largest ransomware attack in history earlier this month. Over 400 locations had their computers taken offline. A woman in Germany died as a result of delayed treatment stemming from a cyber attack. Cybersecurity for healthcare facilities is critical.
Complying with the HIPAA privacy law is another factor with healthcare organizations. Failing to keep records secure and private can result in massive fines and damage to company reputation. When patient data is breached, the data can be used by fraudsters to perform identify theft and fraud.
According to the organizers, “The healthcare industry is increasingly relying upon internet-connected devices and solutions to improve patient care, organizational efficiency, speed of crisis response, and much more. The emergence of telemedicine, digital health records, internet-connected medical devices, patient wellness apps, and an increasing amount of third parties entering the health supply chain has created many benefits, but has also exposed the industry to vulnerabilities that cyber criminals regularly attempt to exploit. The third week of Cybersecurity Awareness Month will delve into the industry (hospitals, care facilities) and consumer (telemedicine patients) implications of internet-connected device use and what steps both can take on their part and #BeCyberSmart.”
These attacks are happening despite the announcement from several leading ransomware gangs that they would not target healthcare facilities. According to the media, they even promise to decrypt systems for free if an infection does occur. Although some of the cyber criminals feign morality, it is clear that the notion is not universal.
The methods that attackers employ are similar to other industries. They rely on software that has not been patched. Phishing emails make their way to healthcare facilities and employees make the mistake of clicking. Medical devices that are connected to the Internet are trickier to patch than traditional endpoints like a desktop computer. These methods of infecting the organization lead to breaches and facilities being impacted by ransomware.
The methods to secure Internet-Connected devices in healthcare are well-known, but often overlooked. Ensure software is updated with the latest patches to ensure hackers don’t rely on known vulnerabilities to exploit. Educate employees about phishing emails and how to detect them. Require employees logging into sensitive systems to utilize multi-factor authentication. The monitoring of devices can be accomplished by working with a Managed Security Service Provider (MSSP). An MSSP combined with the proper software provides the ultimate protection.