By Anthony Perridge, VP International, ThreatQuotient
Last year, we saw one of the most aggressive ransomware attacks on healthcare institutions around the world. WannaCry went viral on 12th May, causing widespread disruption to global IT systems and raising serious questions about the preparedness of the National Health Service to deal with such incidents. According to the NAO’s published report earlier this year, WannaCry affected at least 81 of the 236 trusts across England, either directly or indirectly. In addition to preventing access to computers, the cyber-attack also locked out important medical equipment such as MRI scanners and devices for testing blood and tissue samples.
So why were the NHS and private health organisations targeted? That question is easy to answer. Healthcare organisations are attractive targets to today’s hackers due to the reams of personal and health information providers process and store on behalf of their patients. All electronic health records include valuable personal data, such as full name, birth date, address and financial details. For threat actors/adversaries this is a lucrative opportunity to sell the information on the black market. Last year a report by Flashpoint on pricing of goods and services on the deep & dark web highlighted how personal information or “Fullz” can be bought for as little as £5 on the dark web. Fullz refers to complete sets of personally identifiable information (PII)—such as an individual’s national insurance number, date of birth, and full name. This information, which is easily found within all health organisations, is a goldmine for hackers.
With attacks such as WannaCry affecting more than 100 countries and the average cost of a data breach reaching $2.2million over the last two years, healthcare providers need to invest in better cyber security defences now more than ever. The NHS and other healthcare organisations are particularly vulnerable to data theft and network infiltration due to the nature of their day-today operations. Here are some of the challenges they face that affect their ability to ensure effective security measures.
Instant and reliable access to accurate patient data is vital when saving lives and providing instant, effective healthcare. As doctors and nurses require patient data on demand, the focus on patient wellbeing always outweighs data protection. This has led to reliance on insecure information sharing processes and outdated technology.
Similar to many central and local public bodies, NHS and private health organisations rely on outdated systems or devices often running old versions of software and security tools. This means they can be vulnerable to compromise. The need for immediate access to patient data means healthcare workers and administrators are often reluctant to upgrade devices if they believe this will have an impact on care delivery. Unfortunately, outdated systems can be far more easily compromised, resulting in a major breach.
Modern technologies, like Internet of Things (IoT)-enabled medical devices and EHR applications, are delivering unprecedented accessibility, connectivity and scalability to improve efficiency and enhance patient care. But at the same time, they are expanding the attack surface and sensitive data is repeatedly being exposed to threats involving theft and misuse. This vulnerability was highlighted in 2016 by the Mirai Botnet aka Dyn Attack. This was the largest DDoS attack ever and was launched on internet service provider Dyn using an IoT botnet, bringing sites down across the web. For critical national infrastructure such as healthcare networks, disruptions to accessibility like this can amount to no less than matters of life and death. Furthermore, as attacks grow more sophisticated and complex, we are starting to see DDoS attacks being used as distraction tactics as attackers bid to infiltrate networks through multiple channels and move laterally to steal data once they’ve gained that initial foothold.
Achieving better security operations through threat intelligence
As the digital transformation of the healthcare industry gathers pace, the need for a well-thought-out threat intelligence programme becomes more important. Key challenges such as assuring data availability can be overcome by interpreting sector-specific threat intelligence that provides valuable details on attackers’ motives and tactics to determine how an organisation can effectively strengthen its defences. In the case of legacy systems, the organisation can correlate threat intelligence data with potential weaknesses in its environment. This means that even if the organisation has limited resources – a common challenge in the public sector – threat intelligence indicates where the most critical vulnerabilities lie, so issues can be efficiently mitigated in order of priority.
Threat intelligence for most organisations is no longer considered a “nice to have”, but rather as an essential tool to efficiently address security threats. As the NHS moves forward from WannaCry, the government has recently given hospitals and healthcare providers the go-ahead to begin storing confidential patient information in the public cloud, adding a further layer to security strategies. Healthcare providers need to adopt a faster approach to identifying potential security risks to match the everchanging threats they face. This is where the need for evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice is vitally important. Then health organisations can make informed decisions about how to respond to the changing threat landscape, efficiently deploying security resources and ensuring that patients’ personal data, as well as their health, is protected.