The Internet, digitalization and new technologies have been a real boon for the healthcare sector. But all of this is not without its downsides and dangers. Cyberattacks are the order of the day, and healthcare centers are no strangers to these threats. A clear example of this is the case of a US healthcare organization that announced that it had received some 87 billion cyberthreats in 2018.
Another problem that many healthcare organizations have to face is the fact that their systems are outdated, something that significantly increases the attack surface and the amount of vulnerabilities. Their IT systems are vulnerable to all kinds of attacks and threats, from data breaches to insiders.
This month has seen the emergence of another potential threat to this sector: a team of security researchers developed a new piece of malware that is able to alter the results of medical scans. The malicious software, which can affect CAT and MRI scanners, is able to add fake cancerous tumors to medical results, fooling doctors.
To all of this we can add ransomware, the most pressing threat in the sector. Theoretically, a ransomware attack could block a machine vital to a patient’s health at a critical moment, putting someone’s life at risk. And we already saw the devastating effect the WannaCry attacks had on 61 NHS trusts in the UK, with operations and up to 19,000 appointments cancelled.
Nevertheless, it is not just hospitals and medical equipment that are exposed to cyberthreats; every company along the supply chain in this sector can become a victim of a cyberattack.
The following are the leading threats to IT security in the healthcare sector:
- Ransomware, the now notorious malware that kidnaps information and, although not necessarily stealing it, stops organizations from accessing it. This industry is one of the most popular targets for ransomware attacks, and this kind of malware represents 85% of malware incidents in this sector.
- Outdated systems, operating systems, and security patches.
- To try to put a stop to this situation, a good first step is to block the automatic download of all kinds of executables and taking precautions when opening files from unknown senders, since email is still the great entry vector, and phishing is still one of the main attack techniques.
- Information leaks, or breaches of confidential or sensitive data, are now a particularly pressing concern (and with larger sanctions) since the GDPR has been in force.
- Identity theft, where cybercriminals exploit the details of healthcare professionals or institutions to imitate them and access more confidential information, fool patients, or steal money.
Case study: Alfa Kommun & Landsting AB
Alfa Kommun & Landsting AB is a company that has been developing systems for the public and private healthcare sector since 1998. They are market leaders in electronic prescriptions, scheduling home visits and digital signing for work provided under Sweden’s health and social care legislation.
At the end of summer 2016, a call from a Panda salesperson came just at the right time: the company had been suffering a series of ransomware attacks for six months, and so was seeking a new security solution.
Until then, Kasper Lejon, the IT engineer responsible for IT security at the company, had been resolving the problem using Windows Shadow Copy. Although this system provided adequate protection for each attack, and they never had to pay any money to rescue their files, in the long run, it was untenable. Despite the fact that Kasper’s team was well rehearsed at making Shadow Copies, the process was taking up too much time due to the frequency of the attacks. What’s more, the users of the affected computers couldn’t use them during the disinfection and restoration process.
Since Panda Adaptive Defense was installed on its systems, Alfa hasn’t been affected again by any security problems. The service steps in each time an unknown element is detected, and blocks it until it fully checks it. This is infinitely quicker than the system in place before: shutting down the environment and keeping open only what was needed was taking far too long.
Panda Adaptive Defense saves considerable time and energy by adopting an automated approach. Every attempted attack is followed up with a report. This allows Kasper to see the affected profile, and trace it to the correct user so that the threat or vulnerability can be eliminated. Now Alfa can see exactly what has happened, and how it got in. The culprit is usually email.
With this innovative protection method, it is impossible for any attack to run. It protects proactively, staying one step ahead of the hackers.
As Kasper explains: “You don’t appreciate the magnitude of it before you become a victim. Now I understand this product much better, so there have been times when I’ve tried to sell it to people I know… I’ve also spoken to a medical clinic with two employees where it’s extremely important to have confidential
information backed up. Even for a company that’s not very big, the cost for the service is small change compared to what can happen if their information is disclosed after a hack.”
As an extra layer of security, Alfa also has the additional module Advanced Reporting Tool. This module allows them to control who accesses the company’s data, showing information about the traffic generated on the network, what countries the company is connecting to or from, and information about users accessing data files via unexpected applications. This information is particularly useful when it comes to generating reports, since not knowing what is going on on the network can have costly consequences.
So, how does Panda Security perform as a vendor? Kasper has contacted the Panda support team a few times – highlighting two occasions when the experience was spot-on, even though the questions were complex.
The expectations that Alfa had of the service have been exceeded. “Adaptive Defense gets the job done, so it’s excellent,” says Kasper. In conclusion, Kasper adds the following: “If anyone asks me what works I’m quick to reply ‘Panda’.”