No one wants to go to the doctor’s office. Well, I guess some people do. I’m certainly not one of them. But imagine going to the doctor and then watching in horror as the medical equipment or computers the teams of doctors are working on aren’t working. That, suddenly, the come under attack just as you are “going under the knife.”
That sounds far-fetched, I know, but that’s exactly what (thankfully) medical teams are now training for. This scary scenario is detailed in some depth within The Verge’s story, Health Care’s Huge Cybersecurity Problem.
When an emergency medicine resident, Paul Pugslety needed to attend to a patient suffering a stroke, he noticed something that should never happen on any emergency system, and they thought the threat real enough that they built should be in the simulation:
But when Pugsley looked over at the computer screen at the side of the room, he saw a pop-up message demanding bitcoin payment. A few minutes later, he was told that the same message had shut down the scanner — he’d have to help the patient without knowing whether the stroke was caused by a bleed or a clot, information that’s usually vital to the course of treatment.
After a few minutes of frantic workarounds, the patient — actually a medical test dummy — was wheeled out the room (prognosis: survival, but serious brain damage). The flashing ransom note was part of a simulation, designed to expose physicians like Pugsley to the very real threat of cyberattacks on their hospitals.
Healthcare breaches, according to the 2019 Verizon Data Breach Investigations Report (DBIR), are unique in some ways as the majority of healthcare data breaches involve internal actors and the higher than baseline number of ransomware attacks.
According to the DBIR, there were 466 healthcare incidents and 304 of those involving confirmed data disclosures. These included, with 81% of incidents within Healthcare, miscellaneous errors, privilege misuse and web applications exploitation. And, according to the DBIR, threat actors in healthcare are broken down as 59% internal, 42% external, and 4% partner related.
By fare, and it’s not even close, the most common attacker motive is financial gain, at 83%. That’s followed by Fun (6%), Convenience (3%), Grudge (3%), and Espionage (2%). The criminals get away with medical data 72% of the time, personal immediately follows at 34% and credentials at 25%.
“Most ransomware incidents are not defined as breaches in this study due to their lack of the required confirmation of data loss. Unfortunately for them, Healthcare organizations are required to disclose ransomware attacks as though they were confirmed breaches due to U.S. regulatory requirements,” the DBIR states. “This compulsory action will influence the number of ransomware incidents associated with the Healthcare sector. Acknowledging the bias, this is the second straight year that ransomware incidents were over 70 percent of all malware outbreaks in this vertical,” the report finds.
Hospitals are pushing medical-device makers to improve cyber defenses of their internet-connected infusion pumps, biopsy imaging tables and other health-care products as reports of attacks rise.
Rattled by recent global cyberattacks, U.S. hospitals are conducting tests to detect weaknesses in specific devices, and asking manufacturers to reveal the proprietary software running the products in order to identify vulnerabilities. In some cases, hospitals have canceled orders and rejected bids for devices that lacked safety features.
Hospitals, after a decade of racing to wire up their medical records and an explosion of internet-connected medical devices, are growing more aggressive with technology suppliers amid pressure to better defend against incursions that could threaten patients and cause costly disruptions. Credit-rating agency Moody’s Investors Service in February ranked hospitals as one of the sectors most vulnerable to cyberattacks.
But it’s not all about the security of medical devices, to be sure.
Healthcare providers have their own set of challenges: According to a report, Too Much Information: The Sequel, from information security firm Digital Shadows, there was a year over year increase in patient medical data.
Those exposures include 326 million records from the U.S., 98 million from the U.K., and 121 million from Germany. The attacks were largely made possible, the researchers found, due to the misconfiguration of popular storage systems. “Nearly 50% of the files (1.071 billion) were exposed via the Server Message Block protocol – a technology for sharing files first designed in 1983. Other misconfigured technologies including FTP services (20% of total), rsync (16%), Amazon S3 ‘buckets’ (8%) and Network Attached Storage devices (3%) were cited as additional sources of exposure,” the company said.