WatchGuard Blog

Healthcare systems under attack

In October 2021, the IT systems of the Israeli healthcare system suffered a ransomware attack from which it took weeks to recover. Although the motive for the cyberattack on this occasion was not geopolitical but financial, government sources said they feared that far more dangerous incidents against this sector could be carried out by groups linked to foreign powers such as Iran.  

However, Israel is not the only country whose healthcare system has come under attack this year. In June we covered the major ransomware attack that hit Ireland's public Health Service (HSE). Incidents have also occurred in hospitals in Belgium, the US and other countries. But possibly the most unusual attack took place in Brazil just a few days ago. In this case, a ransomware attack specifically targeted the COVID-19 vaccination database.  

What matters the most is at stake 

These examples show that cybercriminals have increased their activity in this sector. The US Department of Health estimates that 68 ransomware incidents have occurred in hospitals across the world. They point out that in sectors such as banking and insurance, the consequences are usually related to customer data and, in the worst cases, involve financial losses.  

But in the healthcare sector, something more important is at stake, namely the lives of patients. Beyond the loss of operability of IT systems, OT elements are also under threat: a group of ethical hackers has already demonstrated that they can introduce malware into hospital machines and devices. Hackers could therefore disable diagnostic devices or modify the doses of drugs a patient is receiving (e.g., in insulin machines) to cause harm and even death

Back-ups, updates and advanced endpoint protection 

Fortunately, healthcare IT teams also are equipped with techniques and tools that can reduce the chances of malware being executed or at least mitigate incidents so that they cause as little damage as possible to hospital servers and equipment. 

In this regard, CISA published a document last year with specific recommendations for the healthcare sector. These include the need to have an incident response plan, perform security back-ups of all data following the 3-2-1 rule (three copies of sensitive data on at least two different storage media, one of which must be online), have fully updated software to reduce the risk of vulnerabilities and deploy advanced endpoint detection, protection and response (EPDR) solutions. These tools must be able to perform continuous monitoring of all process activity based on a zero-trust approach and have full endpoint protection capabilities such as URL filtering, device control and a managed firewall.

This will enable IT teams to protect hospitals against the most sophisticated cyberattacks such as zero day malware or fileless malware, which are able to circumvent traditional cybersecurity tools.