This summer has been really rough on hospital and healthcare cybersecurity. With ransomware hold-ups (i.e., facilities being held up for weeks with no access to their EHR system), supply chain attacks (impacting both revenue cycle management and vendor relationships) and all sorts of new file-less attacks flying under the radar from old-school detection methods, this summer has created major headaches for many IT directors, facility managers and CEOs.
How has Summer 2019 been so bad?
Maybe the heat this summer helped malware flourish, evolve and invade. We’ve been seeing three main areas in which attacks have created more chaos:
Evasion By Design—hackers have been continuing their efforts to bypass any security controls you may have in place. Especially if you haven’t evaluated and updated your cybersecurity technology (for example: firewalls, routers and antivirus), you may be more vulnerable than ever to get a major undetected infection.
A few things that criminals have started in 2019:
Changing their file obfuscation to evade your antivirus.
Encrypting communication with servers to avoid you being able to detect anything wrong on an endpoint (such as your assistant’s computer).
Manipulating and tampering with your detection software to trick any artificial intelligence or machine learning algorithms you may have implemented on your network by detecting these programs and delaying execution of any code until they are not looking.
File-less Attacks—criminals are taking file-less attacks, which have been around for several years at this point, to a new level. They are actually leveraging real commands within your operating system and masking them as legitimate system tools. Your network will seem to be running as usual. The only real way to detect something like this is to perform continuous anomaly detection.
Hacking The Internet-Of-Things—more today than ever before, hackers have latched onto all the new gadgets that may connect to your hospital network. Pacemakers (there was a huge exploit last year that remains under-reported in the media about how hackers can use devices in the field to break into networks and even take over individual devices impacting the health and security of your patients). With devices becoming the newest and most effective way of caring for patients, there has been a lack of technology vetting from a cybersecurity perspective. Criminals are taking advantage of IoT by working their way through to your network. IoT has created more challenges for healthcare security, but as of yet, few have found effective ways of joining your network to the new world of insecure devices.
Phone Faking—we have all heard by now about how people can socially engineer their way into places they might not be allowed. People talking their way to more information? Maybe even phishing emails to get your accounting team to give over your staff’s W2s?
This year criminals are imitating C-level people in healthcare organizations, phishing for information and money. They are utilizing modern voice-imitating software that using artificial intelligence to both mimic the tone and cadence of a person’s voice. All they need is a short sample recording (often your CEO has been recorded either on YouTube or your website). This is sufficient for a scammer to call your team impersonating you or someone else in an executive role to either get them to wire funds for an emergency or to send them sensitive information. These voice calls seem so legitimate that they are extremely hard to double guess.
Bottom line: scammers, hackers and criminals are NOT stopping from getting through to your users. They are hitting them through social engineering, phishing emails and phone calls. They are penetrating your network through vulnerabilities and are silently evading detection by evaluating what you currently have in place and if it’s insufficient to detect their attack, they are showering your network with malware and ransomware.
