By Myles Bray, VP of EMEA, Forescout
The world has ground to a halt amidst the current coronavirus crisis. But this hasn’t stopped cyber criminals from attacking organisations – to the contrary! Bad actors are identifying healthcare systems as a particularly desirable target with hospitals in Spain, France, the Czech Republic and Israel all having suffered known cyber-attacks since the start of the pandemic. Interpol recently released a global alert to healthcare organisations warning that criminals are attempting to use ransomware attacks to lock users out of their own systems. It may only be a matter of time until a UK hospital is affected – and even just one such attack would be devastating to the NHS at this point in time.
A sector under attack
The healthcare sector has always been vulnerable to cyber-attacks. We saw this most prominently in May 2017 when the WannaCry ransomware attack paralysed parts of the NHS. Research from last year revealed, there are now more connected medical devices in hospitals than ever before, the large majority of which are patient tracking/identification systems and infusion pumps. Every device is a potential entry point for bad actors wanting to cause chaos. Sometimes these attacks are intended to achieve financial gain, and sometimes cyber criminals just want to disrupt operations. Either way, patients are almost always the ones that suffer from the fallout of these attacks.
The global pandemic has only exacerbated the problem. The cyber defences of any organisation are only ever as effective as the weakest link within its network. Both the surge of patients in hospitals and the growing number of staff coming out of retirement to help cope with the pandemic inevitably lead to an increase in devices connected to hospital networks. Add to that the additional number of connected medical equipment that is needed to treat patients and the picture becomes clear: The number of devices in hospitals has skyrocketed.
New devices come with new vulnerabilities
Laptops, tablets and smartphones, among other personal devices, can be the perfect vehicles for bad actors to break into systems as they are not held to the same standard of security checks as corporate devices and might have already been compromised before they even join a network. This leaves a network’s cyber defences looking like swiss cheese – full of holes – which bad actors are only all too happy to take advantage of.
Although personal devices are coming onto the network sporadically and create security headaches, new medical devices are also vulnerable to attacks. With so many companies banding together to help defeat the virus by donating or quickly building ventilators, there will be hundreds, even thousands of new devices connecting to hospital networks. The BBC TV show Holby City, for example, had real ventilators on set and has now donated them to the NHS. Although these machines will save lives, they could potentially be the cause for a major cyber-attack and a way in for bad actors trying to cripple the health system. In a life or death situation, hospital IT teams simply don’t have the luxury of time to ensure medical devices are running the latest operating systems and are fully patched.
Visibility and control are key
But what can IT professionals in hospitals do to keep up with the flurry of new devices being added to their networks every day, and ensure there are no vulnerabilities bad actors can exploit?
WannaCry, like most ransomware attacks, took advantage of unpatched systems from an old Windows vulnerability, which allowed bad actors to breach the system and move laterally through the network to disable multiple devices and paralyse the NHS. As IT teams struggle to keep up with all the new devices being connected to hospital networks, they need to ensure that they have a solution in place which allows them to have a holistic view of all devices, the operating systems they are running on and whether they have installed the latest updates or not. Such solutions can track the devices, automatically identify unpatched or suspicious devices, and remotely run updates or lock devices out of the network until they are safe again.
It is simply impossible to take entire hospital networks offline at this stage and secure them from the ground up. So, having full visibility and control of all devices on a network is the only way IT teams can properly protect the organisations they work for – especially at times of crises.
The NHS is working incredibly hard to keep the country on its feet and protect people’s lives. They are doing a tremendous job and the last thing anyone needs in these difficult circumstances is a cyber-attack that paralyses the service. Even if it might not be front of mind with everything that is going on, it’s probably more important now than ever for hospitals to have a conversation about their cyber security defences.