On September 28th, one hospital’s staff had to “resort to pen and paper” due to a cyberattack that would become the “largest medical cyberattacks in U.S. history”. The wave of attacks on hospitals predicted by INTERPOL for this year has now gone into full swing. Recent weeks have been marked by another uptick in cyber-attacks affecting the medical sector, both in frequency and severity.
Healthcare centers make extremely appealing targets for hackers. Data breaches and the potential to ransom assets back to their owners make hospitals into appealing targets. They can be put under high pressure to pay ransoms in the interest of preserving patient lives.
The incident that will be on everyone’s mind for a while is the one in Duesseldorf, Germany on Sept. 17, which froze hospital IT systems and lead to mortality. The attack resulted in a patient being sent to another location for care, and sadly they passed away before they could reach a location with systems online. Hackers made entry by targeting a known exploit in an application delivery and load balancing program and then launched a ransomware attack, a common threat to IT-OT convergent systems. The ransomware encrypted 30 of the hospital’s servers and locked the hospital’s IT systems. With the hospital’s IT systems locked, new patients could not be admitted, and the hospital’s entire functionality was compromised.
In this case, the attack could have been prevented with up-to-date patching. This is, in part, an issue that can be improved by providing more up-to-date information to an organization’s IT and security specialists. On the other hand, there are many solutions that make a network more resilient, allow much more time to secure a threat, or prevent a threat from spreading entirely.
One such solution is network segmentation, which stops or significantly slows an intruder’s movements and ability to survey while making the system much easier for stakeholders to monitor. It adds a measure of simplicity that radically improves workload for the IT team by improving visibility, making the network’s different connections easier to understand, and flagging or halting unusual traffic.