Security in the Healthcare industry has been coming up a lot in the news lately, but not just for the hacking of patient data or the ransoming of hospital infrastructure; that has been the norm in the past. The latest spate of news articles have been dealing more with the potential for hackers to access and take control of machinery and equipment. In the case of an earlier blog, where Norsk Hydro was hit, the company’s production facilities were knocked out of commission, causing damage financially. With the healthcare industry, the stakes are much higher; where lives could be put at risk.
A very good article was posted on The Verge recently, that did a nice job of highlighting the OTHER security risks that the healthcare industry faces from hackers and malware. Much like the Norsk Hydro case, medical organizations such as hospitals and clinics could be at great risk should hackers take down critical equipment such as CT scanners, MRI machines, and other diagnostic or life-assisting equipment. Referring back to the WannaCry cyberattack, that crippled the UK’s National Health Service as well as other large organizations around the world, the effects of that attack, which combined to be one of the largest ransomware attacks in history so far, could be minuscule compared to what COULD happen if hackers focused a concerted attack against the woefully unprepared and typically underfunded healthcare industry cybersecurity efforts.
One alarming case in which hackers could potentially cause life-threatening results has been brought up in a few publications where hackers have been able to tamper with 3D medical imagery, adding or removing evidence of medical conditions from 3D medical scans. The potential harm that can come from this seems like something out of a movie plot where an attacker may tamper with medical scans in order to “stop a political candidate, sabotage research, commit insurance fraud, perform an act of terrorism, or even commit murder”. Seemingly implausible but very scary that it actually is possible! In a landmark publication revised last week (see previous link), researchers from Ben Gurion were able to demonstrate how malware could add fake tumours to medical scan images. The malware was so good that, in laboratory tests, the malware altered 70 images and managed to fool three radiologists into believing that their patients had cancer. Coverage was even covered by BBC.
Getting back to WannaCry, although there isn’t evidence pointing to any patients dying because of the WannaCry attack, the malware did end up crippling thousands of hospital computers and bringing down pieces of diagnostic equipment, causing delays in treatment and life threatening diagnoses as doctors had to revert back to more manual methods of getting lab results. Unlike business organizations where “time is money”, the effects on the healthcare industry would be “time is lives” since decisions made here could have dire real-life consequences for patients.
Then, we consider NotPetya, which was one of the largest cyberattacks of all time. This attack had an estimated damage total of around $10 Billion and crippled computers around the world. This also affected healthcare related companies and could have created acute patient safety issues. The unfortunate situation is that most healthcare organizations don’t have the resources to put in place robust security systems to protect them from any of these types of attacks apart from perhaps putting in place backup systems from which to restore if their network has been compromised.
Medical imaging devices, similar to many other IoT devices, are typically difficult to patch. The only option for remediation against an attack is to re-image the device; leading to often lengthy downtimes for when patients can be serviced. These organizations are operating a wide variety of computers, diagnostic machines and other endpoints that are running a range of operating systems; many of which are archaic systems that (like the case of the medical imaging devices) cannot be patched and are difficult to remediate. This just exacerbates the problem, especially in the case where resources for security are so scarce.
In any event, when attacks on the healthcare industry occur, the effects from equipment downtime and remediation have the potential of costing lives.
So, we get to bring up Wedge’s Absolute Real-time Protection solution again as possible fix to the Healthcare industry’s woes. Wedge has been having some great wins in the healthcare field as of late with some major national healthcare providers choosing our solutions to protect not just their patient information but their equipment and other endpoints as well. The Wedge platform allows for organizations to detect and block malware at the network in real-time, before they have a chance to hit any endpoints. With patented Deep Content Inspection that reassembles all content that comes in, the solution is able to “see” the intent of all content while scanning it for known and never-before-seen malware. The great thing is that the system is OS agnostic so it doesn’t matter what operating system is running on the endpoints; all computers and diagnostic / medical equipment would be protected with malware being blocked before they can enter the network and corrupt any machines. Combined with in-depth analytics and a single-pane-of-glass management console that can provide SecOPs with actionable threat intelligence on their network, healthcare organizations would be able to easily pinpoint and isolate potentially infected endpoints. It all comes down to the idea of “Detect and Block”, which is more of a preventative way of doing things than the current “Detect and Remediate”, which focuses on treating the endpoints AFTER they’ve already been hit by malware.
By enabling SecOps at these healthcare organizations with a platform and tool that allows them to be proactive in preventing malware attacks and by providing them with actionable intelligence that reduces the number of alerts that they have to remediate, organizations can save money that would have been spent on remediating against malware infections. Healthcare organizations can get back to treating its patients instead of having to worry about treating their networks.