Oct 6
2017
Healthcare Organizations Are Most Vulnerable to Cyber Threats: Security Advice
Content provided by NordVPN.
This summer, the U.S.-based pharmaceutical giant Merck has suffered the Petya ransomware attack that required to hand over a ransom or have its computers remain locked and inaccessible. One month before, the WannaCry ransomware attack devastated many big organizations around the world, including national healthcare organizations such as UK’s National Health Service (NHS).
Last week, cybersecurity experts warned that medical care would suffer from new additional risks they are not prepared to handle. The new threats are coming from the “Internet of Bodies” – IoT devices incorporated into human bodies for medical purposes.
“Healthcare companies are probably the most susceptible to upcoming ransomware attacks – and these attacks will come again, we have no doubts about it,” said Marty P. Kamden, IT security expert and CMO at NordVPN. “Outdated technology, lack of experience in managing the IT sector, and vulnerabilities of the new Internet-connected medical devices pose a grave danger to the safety and even lives of thousands of medical patients around the world.”
In fact, several months ago, the FBI (United States Federal Bureau of Investigation) issued a warning to all healthcare sector companies to remain vigilant of new cyber threats, possibly stemming from foreign governments.
Here is NordVPN’s advice about protecting healthcare companies from cyberattacks:
Don’t use FTP servers operating in anonymous mode. According to FBI, “some criminal actors from abroad are trying to target protected healthcare information (PHI) and other personally identifiable info (PII) from medical facilities to intimidate, harass, and blackmail business owners.” FBI was alerting healthcare companies against the use of FTP servers operating in anonymous mode.
You are as strong as your weakest link. Healthcare companies should choose their suppliers carefully and should work together with them to tighten overall IT security. The new trend is supply-chain attacks: attackers look for the weakest link in the supply chain to install their malware, which will affect all the companies within the chain. The supply-chain vulnerability was used in the destructive NotPetya attack, originating in Ukraine and branching out to various European and U.S. organizations.
Use a VPN. Healthcare organizations usually use Intranet for private internal communications, which include local area networks (LAN) as well as on-site networks. When employees need to access the organization’s Intranet while traveling or working remotely, they should use virtual private networks (VPNs) for a secure connection. When using a public or unprotected WiFi connection, VPNs create an encrypted tunnel that connects the computer and the Intranet or VPN server. This tunnel protects the connection from public access, should there be hackers ready to breach the system.