HITRUST Keeps the Cybercriminals at Bay
The healthcare industry is getting inundated with patients suffering from the coronavirus, and their resources are being stretched to the brink. Cybercriminals have taken notice and are setting their sights on this sector for potential attacks. HITRUST now becomes more than an essential framework to maintain regulatory compliance – it could save the life of patients as well as the general public in these trying times.
According the HITRUST Alliance, the majority of publicly reported cyberattacks against hospitals have been either data breaches, ransomware, or medical device compromise.
While the first two attacks have been in play forever, the growing connectivity through the Internet of Things is bringing medical device compromise to the forefront. The alliance believes there is a strong likelihood that some of the Internet-connected devices and systems may be inadvertently exposing information about us and our surroundings online, and that could potentially jeopardize safety and security.
Devices are often exposed for a handful of reasons, including:
- Incorrectly configured network infrastructure that allows direct device and system access
- Internet connection as a requirement for the system or device to function correctly
- Remote access enabled for remote troubleshooting or remote operations
Since an exposed device is reachable and visible to the public, attackers can take advantage of the available info about the machine either via Shodan or by directly profiling the machine using a variety of network tools such as nmap to collect information on the device and use the info to mount an attack on it. From there, cybercrooks could gain access to sensitive data, including webcam feeds, or use access to move laterally through the network to commit espionage, sabotage or fraud; or compromise cyber assets to launch DDoS attacks.
Other ways cybercriminals can attack the healthcare space include:
- Spear phishing – Fraudulent emails target specific organization. A subset of this is business email compromise, which targets companies that conduct wire transfers abroad.
- Distributed denial-of-service (DDoS) attacks – A coordinated denial-of-service attack launched from multiple locations.
- Exploitation of software vulnerabilities – Deliberate use of known weaknesses in a software. For example, in August 2017, the U.S. Food and Drug Administration (FDA) recalled half a million pacemakers due to the firmware having vulnerabilities that could give a hacker access to the device and let them manipulate pacing and battery strength.
- Malware – Malicious code intended to disable, damage, compromise or steal data from computers. Ransomware, keyloggers, worms, Trojans and other forms of malware have wreaked havoc on healthcare networks.
- Misuse of privileges – Gaining administrative rights in an unauthorized manner is rampant. For example, there was a case where a hacker gained access to a healthcare supplier’s network via installed third-party software that had weak passwords and was allowed administrator access.
- Data manipulation – Digital image or data alterations are happening. In 2015, the FDA warned that certain infusion systems contained a vulnerability that could allow a hacker to manipulate the data in infusion pumps used for dosage calculations, thus putting patients’ lives in jeopardy.
There are a lot of regulations for organizations in the healthcare industry to follow, especially if or when they operate internationally. The HITRUST CSF makes it easy for you to stay in compliance wherever you conduct business, join forces with 2W Tech to help protect your clients’ sensitive healthcare data. We have a Cybersecurity Compliance Program that is designed to support our clients’ compliance obligations. Call us today to get started on your HITRUST journey.