After a spate of cyberattacks on organizations involved in developing COVID-19 vaccines, there are growing concerns that hackers are taking aim at the distribution systems currently ramping up.
IBM recently shone a light on a phishing scheme targeting organizations involved in the cold storage supply chains necessary to deliver the delicate vaccines. It advised healthcare organizations to be on high alert for more similar attacks.
Hospitals will play a central role in storing and distributing the vaccine, but they are already under siege by cybercriminals. Cyberattacks have soared during the pandemic, with criminals using ransomware such as Ryuk to deliberately target the overburdened health sector as it struggles to deal with the pandemic.
In November, after a series of hacks directed at Universal Health Services and others, the cybersecurity agency CISA warned of an “increased cybercrime threat to U.S. hospitals and healthcare providers.”
Hospitals are used to handling sensitive patient data and paying attention to cybersecurity, but they also have vulnerabilities. There are no sector-specific standards for cybersecurity and many hospitals still use legacy equipment and disparate hardware and software platforms, making it easier for bad actors to exploit their systems.
Additionally, little attention may have been paid to securing the IoT devices which are running the cold storage facilities crucial for maintaining the vaccines. There is an urgent need to address security shortfalls.
Below are five strategies that healthcare organizations can use to bolster their network security.
Adopt a zero trust approach
Zero trust demands that anyone or anything (e.g., devices) be verified before being admitted into the network perimeter. Twenty years ago, the network perimeter for healthcare providers was relatively straightforward. Employees on the inside were trusted, and vendors on the outside needed verification. Today, the lines have blurred. Many employees are now working off-site and utilizing their own devices (which may or may not be secured).
According to the Department of Health and Human Services, zero trust policies should secure devices, networks, and data and leverage visibility tools, automation, and orchestration platforms to identify every device and user on a network. As such, they help to ensure that all aspects of a healthcare provider’s network perimeter are inventoried and secured.
Analyze the attack surface
Large healthcare organizations can have a potentially vast attack surface, so making an inventory of potential vulnerabilities is essential. This means understanding the number of devices being used on and off-site as well as maintaining an up-to-date enterprise inventory system of all medical and IoT devices.
Once a healthcare provider inventories its assets, the IT team can identify all the vulnerabilities and deploy security software, hardware, and protocols to address these issues. AI tools can help in the inventory of the attack surface and enable healthcare organizations to maintain an accurate and up-to-date asset inventory in real time.
Employee phishing training
Phishing emails are still the main route into an organization for ransomware and other cyberattacks. Attackers pepper organizations with malicious emails, knowing that it only takes one employee to click on the link. The Universal Health Services ransomware attack, which affected 400 healthcare facilities, started this way.
Good cybersecurity requires vigilance from everyone, so continuously reminding employees and training them to watch for red flags like out-of-the-blue requests from senior leadership or emails riddled with grammatical errors is vital.
Use continuous back-up solutions
No defense is perfect and successful cyberattacks happen every day, so it’s critical to prepare for them. Healthcare organizations need systems that continuously back up their data via digital storage, enabling point-in-time recovery so that vital data is not lost. This reduces downtime when a ransomware attack happens. These systems enable IT teams to roll back to a restore point before the infection, which should recover most data in a single step.
Another storage technology, known as WORM (write once, read many), ensures that data, once written, cannot be changed or deleted until a specified time has passed. Because the data cannot be modified it cannot be encrypted, thus rendering ransomware ineffective.
Bolster the security response team
Every healthcare organization requires a security response team that can proactively thwart future attacks as well as respond to any current incidents. These teams usually comprise employees from all aspects of the organization – from IT to human resources to marketing and the C-suite.
A multifaceted team can help the organization respond and communicate to key stakeholders regarding any malicious occurrences. In addition, this team can develop a proactive and up-to-date business continuity plan with the steps to take in the event of a data breach.
Healthcare organizations are stretched to the limit by the pandemic and cybersecurity may not be at the forefront of workers’ minds. But a successful attack could disrupt hospital operations for days or weeks, while malicious actors could render thousands of vaccine doses useless with one stroke by targeting cold storage control systems. Hospitals cannot afford to let their guard down.