Understanding cyber security threats

Understanding cyber security threats. In the world of cybersecurity, ‘prevent to protect’ is considered the most important maxim BY SEAN SULLIVAN

The now infamous WannaCry attack infected more than 2,00,000 businesses across the globe a year ago. One of the most prominent victims was the National Health Service (NHS) of the United Kingdom. In just moments, the attack took 45 NHS hospital groups offline and hindered about 20,000 appointments. Although no fatalities were reported, the largest ransomware attack in history was a clear signal that healthcare industry may not be prepared for increasingly advanced cyberattacks. In the world of cybersecurity, ‘prevent to protect’ is considered the most important maxim. We have to analyse the attackers’ Tactics, Techniques, and Procedures (TTPs) and pre-empt attack vectors or those vulnerabilities could potentially be used to compromise a system or a network. Despite our increased awareness of network security, cyberattackers have time and again come up with new and more evolved tactics to counter the cybersecurity establishments. The Hitachi Payment Services hack, for instance, which subsequently affected about 32 lakh debit cards in India, used a malicious code that concealed its traces after every successive exploit. This made the code virtually undetectable. Imagine an attack like spreading from hospital to hospital. The results could be deadly.

Vulnerability of Healthcare Systems 

Before we delve further, let us try and understand why the healthcare industry’s IT systems are so vulnerable to cyberattacks. Modern technologies have introduced multiple layers of convenience, information accessibility, and functionality. For instance, medical records and patient history have become easily accessible thanks to digitisation. Unfortunately, this accessibility also amplifies the attack surface, creating easy targets for cyber criminals. An existing network vulnerability, or weak network node, could be used by a cyberattacker to gain access to vital private data.

In addition to such prevalent vulnerabilities, multiple healthcare systems today are often being integrated with IoT technology. Technology that connects everything to the internet is exploding but it’s also bursting with unpatched vulnerabilities. There have been 70,000 known Common Vulnerabilities and Exposures (CVEs) discovered and many more that have not been identified yet. The Mirai Botnet Attack or Dyncyberattack-- which caused service disruption of leading technology giants such as Amazon. com, Twitter, Airbnb, Netflix and PlayStation Networks among others -- was driven by compromised IoT-enabled devices such as network cameras, baby monitors, and residential gateways. The use of IoT technology in absence of adequate counter measures is a security concern that will only get worse.

In India, cybersecurity risks directly threaten economic development. Digitisation of medical records is still at an early stage in the country, especially amongst government institutions, but the initial steps are often being taken without ample concern for vulnerable perimeters, advanced TTPs, and exploitable attack vectors. A single-point vulnerability, say within an IoT-based system, can not only compromise the targeted system, but can also enable a cyberattacker to gain access to the broader network and navigate within it easily. And these attacks can be launched from almost anywhere around the globe. Malicious insiders can also breach Electronic Health Record (EHR) systems. Unauthorised access has to be expected in India’s large-scale hospitals, which have a long history of security lapses. Recently, a 19-year old medical aspirant was booked for impersonating as a doctor for five months in one of the nation’s renowned medical institution. The person had established himself as a doctor and made acquaintances across departments and participated in multiple events ranging from strikes to marathons during this ‘fake’ tenure. His original identity was revealed only after fellow doctors became suspicious at a hospital event.

Today, medical professionals are also taking advantage of remote technologies that enable them to monitor and control individual medical systems. These systems can also fall prey to such cyberattacks. There are cases in which telnet servers have been found running with weak password credentials. These credentials can be discovered through trial and error or by using brute force techniques. The healthcare industry falls in direct line of sight of DDoS attacks that overwhelm systems until they’re inoperable. DDoS attacks often also leave residual elements such as viruses and malwares that can further mar the integrity of a network. Tackling DDoS attacks, which at present average at around 10GB peak rate, is becoming increasingly difficult in the light of terabitlevel attacks that have lately stated to the surface. The Dyn cyberattack that we’d earlier discussed was a terabit-level attack. This year alone, GitHub and Arbor Networks confirmed two terabit-level attacks. Web application attacks, similarly, can compromise backend data and potentially reveal damaging information. These threats are terrible when they target sensitive data but when they target IoT devices directly responsible for patient care, they could be life threatening.

Why Healthcare is Targeted Medical data is some of the most sensitive information cyberattackers can steal. Ransomware compromises a device or a system and prevents its access through encryption and demand ransoms for decryption and giving access. Hospitals infected with this threat often end up paying. Why? Any organisation that experiences a cyberattack faces bad press but ransomware is even more dangerous for an institution’s reputation. In these attacks, sensitive customer or operational data can be compromised and seized and that makes it impossible to conduct day-to-day processes. Stolen information can also be sold over the dark web, putting the identities and personal security of the affected people at a considerable risk. And as India integrates an array of services linked to the Aadhaar database, these attacks may even risk national security. The Indian healthcare industry, as of now, is worth more than $160 billion and will reach over $280 billion by 2020. This makes the nation’s healthcare industry a massive target for global cyberattackers. India, as a nation, is experiencing rapid digitisation and such transformation is more evident amongst government bodies which are late to the IT revolution. The speed of digitisation will certainly leave multiple vulnerabilities in the bureaucratic infrastructure. Advanced cyberattackers are aware of these developments and hunting for weaknesses. Even if cybersecurity staff is able to find and fix a majority of vulnerabilities, cyberattackers can still wreak havoc.

Understanding the threats growing along with a growing hospital network infrastructure is imperative. If we are not able to improve cybersecurity within the healthcare industry, we’ll not only experience significant financial losses but can ultimately also experience loss of life. And that’s a risk no one can take.

Sources: Healthcare Radius, July 2018

Tweet

Subscribe to receive free email updates: