Late last week, Interpol sent out a warning on cybercriminals targeting healthcare organizations during the coronavirus. (See here) I often run into people outside of the cyber security field who ask me questions like, “Why would a criminal target such an important industry during a crisis? Don’t they see how important they are?” I often answer with “Precisely.” It really isn’t any different than criminals walking through the parking lot at Wal-Mart during Christmas looking for gifts or purses sitting on seats. Availability breeds opportunity. The mere fact that healthcare organizations are so critical at a time like this is why they are increasingly targeted. The criminal mindset says that they would be much more likely to pay to get their data back should it be exploited (and they are often correct). It was interesting that when the coronavirus pandemic first started there were a few ransomware groups that actually agreed (verbally) not to target critical healthcare groups. I found that interesting to say the least. It is also an impossible promise to validate. Maybe they agreed not to use those particular variants of ransomware but data breaches could still occur and other variants could still be released. I would hope (btw: Hope is not a valid Cyber Security pillar) they would live by their word.
By and large healthcare organizations understand this threat and I know many who have taken it seriously. Some have not and as the attached story shows, cyber threats are evolving so quickly that many organizations are being left behind. (See here) One healthcare organization reported 87 BILLION attacks in one year. Yes, that is billion with a B. And it isn’t just about ransomware, it is also about information assurance. If you look at a PET Scan and see a tumor, you have to be able to trust the system to be accurate but what if a bad actor could modify the scan to make it only look like a tumor. Last year, researchers proved they could do exactly that. Modify a scan and show a tumor where there really wasn’t one. (See here) So its is not just about data security, it is also about data validation. To add to this attack surface, healthcare is All-In on the Internet of Things (IoT) for their networks and while these devices bring amazing possibilities, security is often lacking. (See here) So what do we do?
Right now, we support healthcare with every fiber of our being and I encourage every cyber security company to join in this fight. We can’t change our direction in the middle of the fight but once this fight is over we will have an opportunity to analyze what worked and what didn’t. I would encourage healthcare leaders to learn more about cyber security technology and deploy what works for your networks. It should be a solid defense in depth strategy that can limit the amount of damage caused by any attack. Segmenting the data so that the loss of one segment does not cause the loss of all segments. Database access should be monitored so that large scale sequential file reads should be flagged and stopped. I have even talked to a few companies that put dummy records into a database that would only be read by malicious activity and the mere reading of their contents sends an alert into the system. I found this to be a singular beautiful idea. Even a good User Based Analytics engine like those provided by Crowdstrike or Mandiant are great tools to secure this data. Each system is unique and what works in one may not be as effective in another. I commend healthcare organizations for their role in this fight and am always willing to assist them in this fight or any other to come.