Healthcare Sector: An Enticing Target for Cyberattackers

Cybercriminals are the ultimate opportunists—if it is important to you, it is important to them. With that in mind, it’s easy to understand why cyberattacks have risen in the healthcare sector over the past year. As the most recent NETSCOUT Threat Intelligence Report noted, vital pandemic industries such as healthcare experienced increased attention from malicious actors, while the global Lazarus Bear Armada (LBA) distributed denial-of-service (DDoS) extortion campaign that began in September 2020 expanded to include healthcare providers. Several factors contribute to making healthcare facilities vulnerable to cyberattack, but the main factor is lack of expertise in IT security.

The digital transformation that has happened in the healthcare industry over the last 10 years has been nothing short of remarkable. However, with this new digital world comes complexity and risk, leaving healthcare providers in an alarming position to cope with a new set of challenges.

Healthcare Network Vulnerabilities

In the healthcare industry, most investments are made in medical equipment and technology, not in cybersecurity solutions. Moreover, the emphasis in hiring is placed on doctors, nurses, and researchers, not on cybersecurity experts. Many healthcare organizations (especially smaller hospitals) do not have staff and often lack the resources to proactively address cybersecurity. Unpatched versions of Microsoft Windows vulnerable to compromise may exist in these healthcare facilities, for example. Basic cybersecurity knowledge and hygiene such as knowing how to recognize phishing emails, not clicking on unknown malicious URLs, updating passwords on a regular basis, continuously backing up systems, and encrypting confidential data fall by the wayside, posing major risks to these organizations.

Healthcare Is the New Sweet Spot for Bad Actors

Bad actors keep refining their approaches to cyberattacks at a rapid rate, making it challenging for healthcare IT to get ahead of types and approaches of new attacks. For one, the value of medical records is growing on the black market. According to Experian, a provider of information services, a single patient health record could sell for around $1,000. These records include social security numbers, medications, and credit card information, making large-scale attacks worth millions.

Secondly, DDoS and ransomware attacks against healthcare organizations are a common occurrence. Launching a DDoS attack has never been easier: The availability of DIY attack tools or very inexpensive (i.e., $5/hour) DDoS-for-hire services enables anyone to execute an attack. On the ransomware side, interested parties can easily access affiliate programs to buy multiple ransomware malware families, each with publicly available source code. There is even an ample supply of online tutorials and how-to guides to teach the bad actors how to use these new purchases. Both DDoS and ransomware attackers are motivated by money and prey on unprepared targets. That is, ransomware attackers are hoping their victim does not have proper data backup/restoration or network segmentation plans in place, whereas DDoS attackers rely on the victim’s lack of adequate DDoS protection.

Remedy: Visibility for Proper Cybersecurity

Security and IT operations teams must work together and share solutions to support the organization’s network performance and security efforts. The teams work best when they rely on a common set data derived from a comprehensive monitoring platform. This type of shared architecture also promotes increased collaboration between security and operations teams, thus ensuring a stronger security posture. It also leads to greater cost savings and operational efficiencies, especially welcome in healthcare organizations with lean IT departments. Most importantly, however, it provides a vital multidimensional architectural concept of visibility that combines comprehensive internal/local network visibility with external/global threat intelligence.

The first dimension of visibility is breadth. This encompasses the entire network and the entire globe—including hybrid cloud environments and providing visibility into traffic traversing both north-south and east-west directions. The ability to visualize end-to-end conversations within or across hybrid cloud environments is one of the biggest challenges healthcare organizations face today. Visibility is the foundation for comprehensive and effective network and application performance analysis and cybersecurity. Without it, network teams run the risk of not knowing what’s causing network or application slowdowns or failure. Security teams run the risk of missing cyberthreats that can severely impact the organization.

The next dimension in visibility is depth. Deriving key metadata and ultimately packets from the monitored network traffic provides a level of context and insight that can inform network performance and/or security use cases. The volume and variety of this data can prove overwhelming though. Generating a higher, more valuable level of data that provides greater insight is a critical step.

This depth of data provides better insight into issues and helps network and security teams determine whether or not they are seeing something about which they should be concerned. For instance, if they notice a critical database server is receiving messages from a location that should not be communicating with it, or if they notice an increasing number of error messages or slowdowns in communication to the back end, then that needs to be closely monitored.

Use Case: SecOps Teams Collaborate with NetOps Team

How does this look in real life? At one healthcare organization, the NetOps and SecOps teams used a data center transformation project to move from siloed operations with separate tools to a comprehensive visibility platform.

The organization was in the midst of a data center transformation project during which it was migrating select high-definition imaging workloads to a virtual cloud-based environment. DevOps worked closely with NetOps to ensure they had the means to provide end-to-end visibility into these applications and ensure proper performance. Although the SecOps team had their own budget for cybersecurity tools, they chose to leverage the same network management solutions being used by DevOps and NetOps to secure the digital transformation. They are now formalizing playbooks between all departments to use a common set of network-visibility and smart-data solutions for threat investigation purposes.

Digital Infrastructure: An Essential Healthcare Worker

Today’s healthcare environments are complex; Workers access patient-care applications via countless medical applications that operate across private and public cloud, software as a service, and Wi-Fi, using countless medical devices. This makes troubleshooting network disruptions both challenging and time consuming. However, the grim reality is that any delays in access to healthcare information, from appointments to live diagnostic data, can negatively impact patients’ care and could even cost lives. In fact, even scheduled downtime poses major risks for healthcare organizations, so it’s no surprise the issue is amplified when an application error or attack does occur. To minimize the impact of ransomware attacks, healthcare organizations need to have adequate data backup, network segmentation, and recovery programs. To avoid DDoS extortion, an adequate DDoS protection plan is necessary. Finally, healthcare organizations also need to optimize small network and security teams by using a common set of data and playbooks for performance and security purposes.

Learn more about healthcare security