Over the weekend there were a couple of articles that popped out at me, mainly because it’s in an industry that we’ve been making strides to protect with our WedgeARP platform and our WedgeAMB product. This industry is of course, the healthcare industry and it is continuously under attack from hackers because of the amount of damage that they can cause to essential services and, consequently, the payday that they can extract from accessing private health records and holding critical systems hostage, especially in life-or-death situations.
The first article, from CBC, brings up the fact that healthcare providers across the country continue to get hit by ransomware. Despite having security in place, eHealth Saskatchewan, which manages the provinces personal medical records, appeared to have leaked files from its servers to suspicious IP addresses in various countries in Europe. This discovery was made during forensic analysis that resulted from a recent ransomware attack. It was found that although it was initially thought that the attack began on January 5, 2020, the initial virus entered the organization’s health system as early as December 20, 2019. Employees did not discover any problem until they tried opening files on January 6th, 2020 and were requested for bitcoins in exchange for unlocking the files they needed to access. Although eHealth’s CEO, Jim Hornell, stated that the affected server mainly contained administrative files, such as emails, it’s not clear whether this server was in communication with other servers in the network. Despite backups being available, since the servers were breached and data encrypted and leaked offsite, the organization can never be sure whether confidential information had been compromised, even after they got their systems up and running again. Scary stuff when organizations such as these can get back up and running from their backups but still manage to lose confidential information from the attack!
The second article, from Ars Technica, is a much more in-depth read and serves to bring home some very critical points. From CBC’s article, we see that healthcare organizations continue to get hit, but this article tries to understand why healthcare continues to be so bad at securing themselves, despite the fact that they are aware that their networks are value targets. Despite the fact that the healthcare industry deals with life-or-death scenarios on a daily basis, they continue to have issues securing themselves. In 2019, the industry continued to get hit with data breaches, and ransomware attacks, costing to the tune of $4 billion. A case in point on how bad things are getting, five US healthcare organizations had reported getting hit by ransomware attacks in a single week in June of last year!! Because of the potential payday for hackers, their attacks are becoming more severe and more sophisticated as well!
So, what’s the problem? The Ars Technica article brings up what we believe are several salient points:
1. The “Last Mile” awareness problem: The number of patient using implantable devices that are potentially prone to cyber-attacks, and even patients connected to devices at home or elsewhere, may not be aware of the importance of receiving updates and patches to fix potential vulnerabilities in order for their devices to continue functioning safely and effectively.
2. A late start and continued lack of oversight: Government organizations have only recently been overseeing the issue of cybersecurity within the healthcare industry and are met with a lot of pushback from device manufacturers when it comes to regulating and addressing cybersecurity issues. Although many large healthcare organizations are recognizing the risk and are investing resources into prevention, for a vast majority of organizations, because of lack of or continued reduction in funding, the priority for cybersecurity gets pushed way down on the list.
3. Hospitals are notoriously bad at patching: With patching of medical devices taking time and resources, and with no regulatory requirements for healthcare organizations to do so, it is not surprising that this fairly effective cybersecurity activity is not taking place regularly. With no standardized protocols for patching and with so many different devices running both new and old operating systems, it becomes unwieldy to put together a regular patching protocol.
4. There is a lack of research on the effects of cyber attacks on these organizations: Not enough studies have been undertaken to provide concrete evidence of delays in emergency care and mortality rates that have directly resulted from cybersecurity incidents. The evidence may very well be enlightening on just how lives could very well be affected but ransomware and other malware attacks on the healthcare industry and could spur regulators to expedite cybersecurity requirements.
5. Understanding “risk”: Doctors do not understand cybersecurity risks, or they view it with a different lens as a result of their medical training. That being so, their idea of risk doesn’t equate to how the cybersecurity industry understands risk. Doctors consider the percentage of people who might get infected and how to mitigate that as opposed to looking at the exploitability of the infections and how they could be evolved for more nefarious purposes.
6. Lack of staffing: Even if the other salient points were taken care of, there remains the fact that there is still a fundamental issue affecting healthcare security. That is that they work with a limited amount of personnel and resources; and unfortunately, the first area that is cut or reduced is usually IT.
Thus, we see that there are a variety of reasons why the Healthcare, while continuously under siege by cyber threats, continues to hobble along. Many are the issues are inherent to the underlying mentality and understanding surrounding Cyber threats and the effects of attacks, while some come down to resource and lack thereof.
What we here at Wedge are trying to do, with our WedgeARP platform and WedgeAMB product, is to show that there is a solution that can help to alleviate at least some of the issues as listed above. With more visibility into the healthcare networks, and with tools such as AI and Machine learning that can detect and block malware such as ransomware in real-time, issues such as the “Last Mile” awareness and patching become non-issues.
From a reduced resource perspective, being able to PREVENT attacks from happening is a much more cost-effective way of dealing with cyber security than trying to remediate effects after the fact. For those healthcare organizations who are struggling to find resources in order to defend from and mitigate against cyber attacks, they should consider that PREVENTATIVE solutions such as WedgeAMB can provide much greater ROI than utilizing a Detect and Remediate approach. This can often alleviate lack of staffing issues, especially when WedgeAMB, with its single pane of glass management console, greatly reduces the need for staffing by minimizing and consolidating alerts and reports so that they can be much more easily managed than other solutions on the market.
Finally, with built in reports and wider visibility into what is going on within the network, WedgeAMB provides many of the tools needed for the incoming government regulation and oversight that is no doubt in the works. By generating insights into where the network is vulnerable, Healthcare Industry security teams can better understand where they need to shore up defences and where they can make better decisions on resource outlays.
At Wedge, we are continually working on ways that we can help beleaguered and hard hit industries like healthcare. In order to see how we can help your organization, feel free to drop us a line at: info@wedgenetworks.com. As always, we offer a FREE 90 day trial of our Wedge Advanced Malware Blocker (WedgeAMB) to any and all organizations in the healthcare industry. We are striving to be one of the networks security companies that can actually spearhead some of the needed change within healthcare cybersecurity!
