Security News
The constantly evolving healthcare environment has placed immense financial strain on hospitals and increased pressure on healthcare staff, which has been made worse by the influx of possible security threats. The U.S. Cybersecurity and Infrastructure Security Agency has recently released an alert highlighting imminent cybercrime threats to U.S. hospitals and healthcare providers.
Einstein Health Network, a Pennsylvania-based company operating medical rehab, outpatient and primary care centers, announced a breach of its employee email system, which exposed patient personal and medical information. Einstein emphasized the breach didn't affect all patients, just those contained within employee email accounts.
"Healthcare IT teams have daunting technical challenges to ensure network bandwidth, resilience, and security in the face of surging online care, including telemedicine, remote workforces, and medical IoT," explained Ray Watson, VP of innovation at Masergy. "The IDG Healthcare IT survey reveals that an integrated network and security strategy is now an imperative to address these challenges."
The FBI has announced that Christopher Dobbins pleaded guilty and was sentenced to a year in prison for breaching and temporarily disabling the Stradis Healthcare shipping system using a secret account, after being fired weeks earlier. Last March, as doctors reported having to ration and reuse personal protective equipment to treat COVID-19 patients, Georgia-based Stradis Healthcare, which packages and ships PPE and surgical kits, was eager to step up and help, according to FBI Special Agent Roderick Coffin, who investigated the matter.
According to new findings from Check Point Software, healthcare organizations have seen a 45-percent increase in cyberattacks since November, which is more than double other industry sectors, with an average 22-percent increase. Researchers said these attacks include botnets, remote code execution and DDoS, but it's ransomware that's really become the weapon-of-choice against healthcare organizations.
Healthcare organizations continue to be a prime target for cyberattacks of all kinds, with ransomware incidents, Ryuk in particular, being more prevalent. The advisory aimed to prepare organizations for ransomware attacks with Ryuk and Conti by providing tactics, techniques, and procedures specific to incidents with these malware strains.
The average number of weekly attacks in the healthcare sector reached 626 per organization in November as opposed to 430 the previous month, with attack vectors ranging from ransomware, botnets, remote code execution, and distributed denial-of-service attacks. Ransomware attacks against hospitals also marked their biggest jump, with Ryuk and Sodinokibi emerging as the primary ransomware variants employed by various criminal groups.
The cybersecurity challenges of securing PACS. Medical imaging is a critical component in providing patient care and PACS is where these images and accompanying clinical information are stored and delivered from when needed. PACS is part of a highly complex healthcare delivery organization environment that includes back-office systems, electronic health record systems, pharmacy and laboratory systems, an array of electronic medical devices, and often cloud storage for medical images.
Today, more than half of healthcare respondents have increased their public cloud and hybrid cloud use, and 46% have invested more in private cloud environments in an effort to quickly provide new work-from-home employees with access to IT resources. Healthcare hybrid cloud deployments: Key findings The future of healthcare is dependent on decommissioning of legacy architecture: Currently, more healthcare companies run exclusively traditional, non-cloud-enabled datacenters than any other industry, compared to 18% globally.
Beau Woods, a Cyber Safety Innovation Fellow with the Atlantic Council, founder and CEO of Stratigos Security and a leader with the I Am The Cavalry grassroots initiative, said that hospitals are facing widespread security threats from ransomware to data IP theft. In 2016, I led the authoring of a document called the Hippocratic Oath for Connected Medical Devices, which essentially was a translation of the ages-old Hippocratic Oath into a modern era, now that increasingly healthcare delivery is being undertaken by medical devices by electronic healthcare records and other systems that support the physicians.