IoT devices put healthcare networks at risk
The proliferation of healthcare Internet-of-things devices, along with unpartitioned networks, insufficient access controls and the reliance on legacy systems, has exposed a vulnerable attack surface that can be exploited by cybercriminals, according to a new report.
The study by network threat detection specialist Vectra also shows gaps in policies and procedures can result in errors by healthcare staff members.
Examples of these errors include improper handling and storage of patient files, which is a soft spot for cybercriminals when they target global organizations and industries looking for weaknesses to exploit.
"Healthcare organizations struggle with managing legacy systems and medical devices that traditionally have weak security controls, yet both provide critical access to patient health information," says Chris Morales, head of security analytics at Vectra. "Improving visibility into network behavior enables healthcare organizations to manage risk of legacy systems and new technology they embrace."
The most prevalent method attackers use to hide command-and-control communications in healthcare networks is hidden HTTPS tunnels. This traffic allows external communication involving multiple sessions over long periods of time to appear to be normal encrypted web traffic.
Vectra also observed a spike in behaviors consistent with attackers performing internal reconnaissance in the form of internal darknet scans and Microsoft Server Message Block (SMB) account scans. Internal darknet scans occur when internal host devices search for internal IP addresses that do not exist on the network. SMB account scans occur when a host device rapidly makes use of multiple accounts via the SMB protocol that is typically used for file sharing.
While many healthcare organizations have experienced ransomware attacks in recent years, the report finds that ransomware threats have not been as prevalent in the second half of 2018.
Botnet attacks are a problem too, but tend to be opportunistic and not targeted at specific organizations. While botnet attacks persist everywhere, their rate of occurrence in healthcare is lower than other industries.
You can read more about the findings in the full report available from the Vectra site.