When you think of hospitals, you probably think of safe, sanitary environments with plenty of protocols and regulation in place to keep you protected.
While that’s not wrong, you probably don’t think about your healthcare data that much. It’s probably for similar reasons. We all know that medical data is vital and extremely private. Therefore, hospitals and healthcare systems are doing everything they can to keep that data protected. Right?
Well, as you could guess, cyber criminals regularly target these facilities, given the copious amounts of data collected by them. Moreover, the healthcare industry collects unique data, known as Protected Health Information (PHI), which is extremely valuable. In part, it’s valuable because this data is essentially permanent. Medical history cannot change.
As such, this information can sell on the Dark Web for significantly more than other data, such as Personally Identifiable Information (PII). And as you could imagine, the use of this data can serve significantly more nefarious purposes.
Ransomware attacks have been in the headlines a lot lately, so no one would blame you if you forgot about some of the recent attacks that targeted healthcare facilities specifically. Let’s have a quick recap of just a few examples. In 2017, a healthcare network in western Pennsylvania was hit with a ransomware attack that prevented nurses and doctors from accessing patient records. In 2019, a healthcare network in Alabama was affected by a ransomware attack, which prevented it from treating non-emergency patients; just months later, the same thing happened in New Jersey.
In late 2020, 20 medical sites across the country were hit with a ransomware attack, from Oregon to Vermont. And earlier in 2021, a hospital chain in Oklahoma was also targeted, resulting in around 500 patients having their medical records leaked. All in all, in 2020 alone, ransomware attacks cost the healthcare industry over $20 billion. Yes, that’s billion. With a B.
A Weak Spotlight
These attacks are not just a matter of email phishing and poor employee training (though, to be clear, there is plenty of that). Cyber criminals are turning to hardware-based attacks to carry out these attacks. What makes such attacks so perilous is their clandestine nature; Rogue devices can inject malware, cause data breaches, and more, all while operating covertly. Traditional security software often fails to provide the Layer 1 visibility required to detect and accurately identify all hardware assets.
As a result of this blind spot, Rogue Devices, which operate on Layer 1, go undetected. By hiding or spoofing their identity through Layer 1 manipulation, Rogue Devices bypass existing security efforts, even those as stringent as Zero Trust. All it takes is a few seconds to attach the Rogue Device to an endpoint, and the attack is underway.
Despite ongoing attacks and continued news coverage, healthcare remains a prime target for ransomware attacks and data leaks. Everyone seems to know it, but progress to prevent future attacks is slow.
An Open Wound
In addition to visibility challenges, there are several vulnerabilities within the healthcare industry that enable hardware-based attacks. Malicious insiders pose a significant threat to healthcare providers thanks to their physical access to the organization – a requirement for hardware-based attacks. However, gaining physical access to a healthcare facility is fairly easy. Consider this dramatization from Sepio Systems; hospitals are open to the public and experience hundreds of people entering and the leaving the facility on any given day.
A malicious actor can enter a hospital disguised as a visitor or even acting as a patient and carry out a hardware attack. Further, the interconnected environment typically found within healthcare facilities only makes life easier for these bad actors. Interconnectedness creates a larger attack surface as there are more entry points to the organization; outside attackers only need access to just one device to infiltrate the larger network.
Worryingly, the large number of devices used within medical facilities proliferates the hardware threat. The industry is undergoing a digital transformation and is becoming increasingly reliant on technology and, more importantly, Internet of Medical Things (IoMT) devices. Not only do IoMTs act as an entry point, but the devices themselves are often the target of an attack.
Cyberattacks on healthcare providers are a very serious matter. They quite literally put lives at risk, as it often prevents medical personnel from treating patients appropriately. Without access to medical records, a doctor is left guessing whether a patient has an allergy to or conflict with a specific medication.
To protect against dangerous hardware-based attacks – and strengthen existing security measures – healthcare entities should invest in hardware security. With Layer 1 visibility, there is protection on the first line of defense.