By Justin Fier, director of cyber intelligence and analytics, Darktrace
As the healthcare sector struggles against the COVID-19 crisis, working tirelessly to protect staff and patients while struggling with worsening economic realities, cybercriminals around the world are seeing a golden opportunity to attack.
Overwhelming demand, exhausted staff, IT teams pulled in multiple directions, and a critical reliance on technology to treat patients mean that adversaries have never had more opportunity or incentive to attack healthcare organizations.
By locking healthcare providers out of critical systems at this critical time, attackers can force them to pay a ransom to recover access or face adding to the already grim death toll.
The unprecedented amount of global warnings, including the recent INTERPOL alert and an announcement from the FBI and the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), highlight that cybersecurity for the healthcare sector is not just about protecting data, but about saving lives.
Recently, an advisory was jointly issued by CISA and the UK’s National Cyber Security Centre (NCSC). This joint alert stemmed from the increase in state-sponsored attacks against organizations connected to COVID-19 research and response. These include pharmaceutical companies, hospitals, government agencies, research institutes, and more.
Industry experts agree that the motivation behind these attacks is to gather intelligence or steal research related to the pandemic, with advisories like this one issued to raise awareness and help security teams prepare.
This particular alert warns about the uptick in “password spraying,” a technique used to infiltrate organizations via brute-force password guessing that takes advantage of known vulnerabilities.
At a time when companies are focused on restructuring workflows and maintaining revenue streams, and while IT teams are working to build remote work capabilities and establish telehealth systems, bad actors look for the easy wins—hitting organizations while they are stretched thin and taking advantage of weak points.
There are a number of steps healthcare organizations can take to better defend themselves against the increase in novel attacks linked to the current pandemic.
To defend against password-spraying, implementing multi-factor authentication is key. When that is not possible, visibility into employee activity—across email, SaaS, and cloud identities and logins and help them react quickly.
Especially with teams stretched thin, organizations should look towards technology that can save time by taking autonomous actions to disable impacted identities.
The importance of visibility in protecting against emerging attacks cannot be overstated; security teams cannot secure what they’re not aware of. As more IoT, or Internet of Things, devices are deployed across the healthcare sector, ranging from “smart” pacemakers and insulin pumps to connected manufacturing floors and other industrial IoT, the chance of a breach increases.
Sometimes called “low-hanging fruit” for hackers, these devices are often invisible to security teams and the security technologies they deploy. Security teams must ensure visibility into every device across the business—the mandate of security teams is no longer just desktops or laptops, but every connected device.
While healthcare providers adapt to handle unprecedented levels of patients, their security teams must also adapt to defend their systems and patients against the relentless waves of cyberattacks. If COVID-19 has taught us one thing, it is that we must plan for the unexpected.
Organizations need to develop resilient cybersecurity strategies that can keep pace with dynamic workforces, evolving business landscapes, and changing attacks.
By focusing on gaining visibility and leveraging autonomous solutions, healthcare organizations can strengthen their resilience against all types of attacks, ranging from nation-state attacks to non-malicious insiders, so that they can weather not only this pandemic, but also the next crisis.