Healthcare's Fight Against Malware

MRI

If you’ve been online or read the news recently, you’ve probably heard about the wave of ransomware attacks targeting businesses and organizations across the globe.

Recent outbreaks have affected hundreds of organizations, including FedEx, Nissan, police in India and China, and a massive amount of Russian government and infrastructure.

Perhaps most alarming is the chaos created by the malware attacks in the healthcare community, both in the U.K. and the United States. According to Forbes, 16 National Health Services organizations in the U.K. reported being hit by the ransomware outbreak in May, with multiple wards being closed entirely.

In the U.S., it has been confirmed that several healthcare manufacturers’ products are vulnerable to ransomware as well, an area of increasing concern for healthcare systems.

How Bad Is It?

According to a 2017 study by Ponemon Institute, 13% of tested medical devices contained malware and 26.7% of tested devices contained significant vulnerabilities. Perhaps more troubling, 45% of survey respondents indicated that they take no steps whatsoever to prevent attacks on medical devices. Other key statistics paint a bleak picture of healthcare systems security:

  • 53% of device makers and 58% of healthcare organizations say there is a lack of quality assurance and testing procedures that lead to vulnerabilities in medical devices
  • Only 44% of healthcare organizations follow guidance from the FDA to mitigate or reduce inherent security risks in medical devices
  • 67% of device manufacturers and 56% of healthcare organizations indicated that an attack on one or more of their medical devices in the next 12 months was likely to very likely.

Healthcare IT Vulnerability

Much attention is now being given to healthcare IT security and its vulnerability to ransomware - and more importantly, how future attacks can be prevented.

Medical devices that contain computer processors usually have “closed OS platforms” which prevent hospitals from updating the operating system or installing patches to prevent viruses and ransomware. In this event, they are vulnerable to lateral movement of an infection that gets behind the firewall. Regulation of these devices from the FDA often prohibits third-party software such as anti-virus programs from being installed by a hospital. Additionally, in many cases the hospital does not have full administrative rights to install updates or patches.

These roadblocks are part of what leaves hospitals vulnerable to ransomware and other malware attacks, but they are only part of the story.

New Solutions for a New Problem

As has happened in other sectors of the economy such as banking and retail, cyberattacks in healthcare will persist and continue to grow more sophisticated.

While following standard best practices like backing up data offline and staying abreast of the latest updates and patches is a start, it’s becoming clear that healthcare IT administrators need to be more proactive in their approach to security and defending against cyberattacks. Here are a few ideas to help mitigate risk:

  • Training and education – All too often, ransomware attacks start with one employee opening an email they shouldn’t have. Employee training is key. Your team should know the do’s and don’ts of cyber security, how to recognize suspicious email, and how to report it.
  • DNS layer protection – The DNS, or domain name system, is what translates Internet domain names into IP addresses. While the DNS is an integral component of the Internet, it contains no built-in security to protect users. Cybercriminals are already taking advantage of organizations’ failure to secure the DNS layer. Several companies offer enterprise-grade protection from malware, including cloud-based solutions.
  • Network segmentation – network segmentation is exactly what it sounds like. By dividing a network into smaller sections, controls can be enacted to limit the spread of infection across an entire network, effectively “quarantining” malware before the entire network is affected.

Another simple solution to help healthcare security administrators safeguard their institutions despite the closed OS platform restrictions is an individual device VPN. VPNs, or Virtual Private Networks, are used to add security and privacy to public and private networks. Individual device VPNs localize the network to a single device. A product of this nature allows the outbound flow of data while blocking incoming data – which may conceal ransomware. For more information on these products, click here.

Ultrasound

Moving Forward

A silver lining to healthcare ransomware attacks is that they have shined a light on vulnerabilities in the healthcare system, allowing administrators an opportunity to repair weaknesses and develop strategies to improve security.

Healthcare organizations should already be following industry best practices and FDA guidance to help mitigate the risk of attacks against their systems. However, as recent events have shown, other solutions may be needed. Administrators would be wise to consider applications to lock out would-be hackers and avoid falling victim to ransomware.