Virsec's Robert Nobilo says Australia's health system and its providers have never been at a greater risk of cyberattack with the challenge exacerbated by the pandemic.
Today, the cost of cyberattacks on the healthcare system and its patients has never been greater. For example, on 4 August, Indianapolis-based Eskenazi Health experienced a ransomware attack, resulting in a significant disruption of services. Last week US-based Scripps Health reported that a major cyberattack cost the organisation $112.7 million. A ransomware attack in New Zealand paralysed multiple hospitals across the country.
In recent years, Australian hospitals have been a constant target of hackers, resulting in major shutdowns and delayed surgeries across the country. The string of attacks prompted the Australian Cyber Security Centre (ACSC) to issue new advice to local healthcare providers, to assist them in mitigating the growing cyber risk facing the industry.
In the past 18 months, these and existing security challenges faced by healthcare organisations have been exacerbated by COVID-19. Healthcare organisations have faced a huge increase in demand for their services, and have been required to rapidly implement new systems and protocols to account for the pandemic. Digital transformations already underway were rapidly accelerated: changes that might have taken a year were implemented in days.
In addition, like organisations of all kinds, the health sector had to rapidly implement remote working at scale in response to COVID-19, which greatly increased their attack surface and introduced a range of new vulnerabilities. For example, virtual private networks (VPNs) were used to secure access to resources for remote workers and contractors but also presented threat actors with a new access route, who were quick to target vulnerable networks.
Furthermore, the pandemic has resulted in an increase in the volume and distribution of sensitive data, such as COVID-19 test results and vaccination records, greatly increasing the attack surface.
By far, the most common and most damaging cyber threat faced by all organisations today is ransomware. It particularly presents a major and complex threat to hospitals and other healthcare organisations because it can target both confidential data and critical medical systems, which staff rely on to deliver patient care.
Hackers continue to devise new techniques to gain access to networks without being detected. Ransomware and associated malware are intended to run in stealth mode, by being designed to appear like normal operations. Once inside a network, hackers seek out critical data that resides on applications running on corporate servers and server workloads.
Meeting Compliance Requirements
In addition to combatting cyberattacks, healthcare organisations around the world must comply with an increasing number of regulatory requirements including Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR). Compliance requirements can also help boost the security profile of health organisations. For example, the NSW Government’s policy directive on electronic information security for local health organisations requires security measures to ‘ensure risks are reduced to an acceptable level’ and to ‘be balanced against the potential business impact that may arise from security failures.’
The Need for Runtime Protection
Healthcare organisations will continue to be at high risk of ransomware attacks and data breaches in the future. While defending against attacks and maintaining compliance may seem difficult, it can be much easier if the right security tools are deployed.
Sophisticated cyberattacks, including ransomware and Memory-based attacks, are increasingly aimed at vulnerable aspects of application software and host server environments. While endpoint security and other security tools play a role in defence, these solutions can’t provide protection where it’s needed most, in runtime.
Application-aware workload protection ensures that the components of applications are correct and unmodified before they can execute, during runtime and in real-time. It can protect against both known and unknown attacks – no threat feeds needed. Instead, this technology can map the intended execution of each application, both legacy and modern software, by monitoring and mapping all activity including files, processes, libraries, memory usage, and web inputs. Any deviation from the norm is instantly detected, treated as a threat, and blocked.
While zero-day attacks have been around for a while, few experts could have predicted the prevalence – and success – of ransomware attacks. One thing we do know is adversaries will continue to adjust to changing business conditions, whether it is due to a pandemic or not. Healthcare organisations must invest in the right cybersecurity tools, processes, procedures, and staff today to protect their future and ensure everyone’s safety, both on and offline.
Robert Nobilo, regional sales director, Virsec, Australia and New Zealand