Wednesday, September 23, 2020

Healthcare Cyberattack Trends In 2019

Healthcare Cyberattack Trends In 2019

Spotlight

7 Commandments To Revitalize The Country Safely

Medical experts recommend strict health protocols for public transportation.

Alibaba Cloud Launches New Digital Ecosystem Strategy In The Philippines

This will help local businesses adapt further to the new normal!

EDC Donates PCR Machines To Enhance Negros Oriental’s COVID-19 Resiliency

Energy Development Corporation donates equipment worth P8.5-million to Negros Oriental.

CeMAP, PISI Express Full Support For Bayanihan To Recover As One Act

The Cement Manufacturers Association of the Philippines and Philippine Iron and Steel Institute announce full support to the recently signed Bayanihan to Recover as One Act.

During the first five months of 2019, healthcare organizations were under nearly constant cyberattack attempts ranging from targeted phishing and customized ransomware incidents to more common exploits such as malware and botnets. The examples below serve as a takeaway so that we can learn from what has come before.

Traditional Healthcare Network Threats

One of the most prevalent threats was the Android/Generic.AP malware that targets Android mobile devices. Once installed on a phone, this trojan can capture keystrokes, collect system information, download/upload files, perform denial-of-service attacks, and run/terminate processes. In networks where healthcare providers rely on their mobile devices to provide real-time patient information, compromised phones can become a conduit for introducing additional malware into the network and gaining unauthorized access to patient information.

Botnets have been another challenge so far in 2019. Gh0st RAT is able to take full control of a victim’s machine, as well as log keystrokes and hijack webcam and microphone data. Bladabindi is similar, but it can also steal stored credentials such as usernames/passwords and other PII.

Targeted Attacks

We have also seen a spike in targeted attacks against healthcare networks. Incidences of an older trojan called Kwampirs, that targets the systems of MRI and X-ray machines and siphons their configuration data, have been documented being actively deployed inside specific networks.

SamSam ransomware has also been targeting the healthcare industry, but we are now seeing [2] additional capabilities being developed and additional malware being included with the ransomware payload, which should worry security administrators.

What You Can Do

Four Steps To Security Hygiene

The best place to start is with the basics. Best security hygiene practice involves four essential elements:

* Patch your devices religiously.
* Update hardware and software when possible.
* Replace older systems that can no longer be patched or updated.
* Implement strong proximity controls for systems that cannot be replaced.

You Can’t Secure What You Can’t See

Visibility not only requires seeing every device on your network, but also knowing what they are and the role they play. Here are a few:

* MISSION-CRITICAL SYSTEMS – It’s crucial that you understand your mission-critical processes, including critical care areas that cannot withstand downtime.

* ONLINE ASSETS – Maintain an automatically updated inventory of every asset on your network. Those resources that rely on remote access, such as telemedicine or remote clinics, need extra attention.

* EXTENDED INFRASTRUCTURE – You need to not only understand your network topology, but cloud resources such as SaaS applications and infrastructures, as well as remote and branch offices.

* MEDICAL IOT – Monitoring or treatment systems need to be identified, tracked, and secured, including mobile devices that move between hospital departments or even into patient homes.

Segmentation Is Crucial

Once an attacker manages to gain access to the network, they will continue to drive deeper to achieve their goals. Proper network segmentation can limit lateral movement, thereby slowing down attacks and even discouraging attackers – giving you more time for detection and response.

Ransomware – Not If, But When

Given their user’s preference for healthcare networks, healthcare IT administrators need to assume they will continue to be the target of a ransomware attack. Proper preparation includes an aggressive backup strategy, storing backups and recover systems offline, and running restoration drills so recovery can be fast and effective.

Latest News

Find Your Happy Place In ‘Trolls World Tour’

Did you miss them? Check out the trailer for the "Trolls World Tour" here!

Proposed Healthcare Workers’ Salary Hike ‘Timely’

Workers’ groups commend the “timely” proposal of Secretary Bello to increase the salary of healthcare workers in the private sector.

Galvez Cites Unified Efforts Of NCR LGUs Vs. COVID-19

Galvez acknowledges the improvement of the COVID-19 response caused by the unified efforts of the LGUs.

Youths Champion Climate Change Resistance In Asia Pacific

Children and youth in Asia-Pacific call on their leaders to step up actions to tackle the climate crisis, including the strengthening of policies and plans to mitigate disaster risks and promote resilience.

PH Logs 1,635 New COVID-19 Cases; Recoveries At 230,643

Here is the COVID-19 update for September 22, 2020. Don't forget to wear your masks and shields!

BDO Wins At The Asia Sustainability Reporting Awards

BDO Unibank, Inc. receives the Bronze Award in the First Time Reporter category at the prestigious 5th Asia Sustainability Reporting Awards, becoming the only awarded Philippine bank this year.

Butuan’s COVID-19 Local Transmission At 64%

DOH-13 said Barangay Libertad here still tops the most number of COVID-19 infections at 81 cases, followed by Ambago with 48, Villa Kanangga 46, Doongan 36, and Bayanihan with 31.

Andanar Not Worried About TV Frequencies For Distance Learning

“I am not worried na kukulangin ho tayo ng frequencies dahil napakadami hong gustong tumulong sa pribadong sector."

Teens Discuss How COVID-19 Worsens Child Abuse Cases Worldwide

The virtual forum is part of World Vision's global advocacy campaign called "It Takes A World" that aims to call on key government, organizations, and private sectors to take action on violence happening against children.