Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 3 October, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Combatting daily security threats within the healthcare sector

by The Gurus
August 7, 2018
in This Week's Gurus
Share on FacebookShare on Twitter

By Anthony Perridge, VP International, ThreatQuotient

Last year, we saw one of the most aggressive ransomware attacks on healthcare institutions around the world. WannaCry went viral on 12th May, causing widespread disruption to global IT systems and raising serious questions about the preparedness of the National Health Service to deal with such incidents. According to the NAO’s published report earlier this year, WannaCry affected at least 81 of the 236 trusts across England, either directly or indirectly. In addition to preventing access to computers, the cyber-attack also locked out important medical equipment such as MRI scanners and devices for testing blood and tissue samples.

So why were the NHS and private health organisations targeted? That question is easy to answer. Healthcare organisations are attractive targets to today’s hackers due to the reams of personal and health information providers process and store on behalf of their patients. All electronic health records include valuable personal data, such as full name, birth date, address and financial details. For threat actors/adversaries this is a lucrative opportunity to sell the information on the black market. Last year a report by Flashpoint on pricing of goods and services on the deep & dark web highlighted how personal information or “Fullz” can be bought for as little as £5 on the dark web. Fullz refers to complete sets of personally identifiable information (PII)—such as an individual’s national insurance number, date of birth, and full name. This information, which is easily found within all health organisations, is a goldmine for hackers.

With attacks such as WannaCry affecting more than 100 countries and the average cost of a data breach reaching $2.2million over the last two years, healthcare providers need to invest in better cyber security defences now more than ever. The NHS and other healthcare organisations are particularly vulnerable to data theft and network infiltration due to the nature of their day-today operations. Here are some of the challenges they face that affect their ability to ensure effective security measures.

Data Availability

Instant and reliable access to accurate patient data is vital when saving lives and providing instant, effective healthcare. As doctors and nurses require patient data on demand, the focus on patient wellbeing always outweighs data protection. This has led to reliance on insecure information sharing processes and outdated technology.

Legacy Systems

Similar to many central and local public bodies, NHS and private health organisations rely on outdated systems or devices often running old versions of software and security tools. This means they can be vulnerable to compromise. The need for immediate access to patient data means healthcare workers and administrators are often reluctant to upgrade devices if they believe this will have an impact on care delivery. Unfortunately, outdated systems can be far more easily compromised, resulting in a major breach.

IoT

Modern technologies, like Internet of Things (IoT)-enabled medical devices and EHR applications, are delivering unprecedented accessibility, connectivity and scalability to improve efficiency and enhance patient care. But at the same time, they are expanding the attack surface and sensitive data is repeatedly being exposed to threats involving theft and misuse. This vulnerability was highlighted in 2016 by the Mirai Botnet aka Dyn Attack. This was the largest DDoS attack ever and was launched on internet service provider Dyn using an IoT botnet, bringing sites down across the web. For critical national infrastructure such as healthcare networks, disruptions to accessibility like this can amount to no less than matters of life and death. Furthermore, as attacks grow more sophisticated and complex, we are starting to see DDoS attacks being used as distraction tactics as attackers bid to infiltrate networks through multiple channels and move laterally to steal data once they’ve gained that initial foothold.

Achieving better security operations through threat intelligence

As the digital transformation of the healthcare industry gathers pace, the need for a well-thought-out threat intelligence programme becomes more important. Key challenges such as assuring data availability can be overcome by interpreting sector-specific threat intelligence that provides valuable details on attackers’ motives and tactics to determine how an organisation can effectively strengthen its defences. In the case of legacy systems, the organisation can correlate threat intelligence data with potential weaknesses in its environment. This means that even if the organisation has limited resources – a common challenge in the public sector – threat intelligence indicates where the most critical vulnerabilities lie, so issues can be efficiently mitigated in order of priority.

Threat intelligence for most organisations is no longer considered a “nice to have”, but rather as an essential tool to efficiently address security threats. As the NHS moves forward from WannaCry, the government has recently given hospitals and healthcare providers the go-ahead to begin storing confidential patient information in the public cloud, adding a further layer to security strategies. Healthcare providers need to adopt a faster approach to identifying potential security risks to match the everchanging threats they face. This is where the need for evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice is vitally important. Then health organisations can make informed decisions about how to respond to the changing threat landscape, efficiently deploying security resources and ensuring that patients’ personal data, as well as their health, is protected.

FacebookTweetLinkedIn
ShareTweet
Previous Post

Infosecurity Europe highlights InfoSec concerns in Europe today

Next Post

European workers showing security fatigue

Recent News

threat hunting

Threat Hunting with MITRE ATT&CK

October 2, 2023
Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information