Healthcare Internet of Things Can Expose Networks, Data to Attacks
The proliferation of healthcare internet of things has exposed a vulnerable attack surface that can be exploited by cybercriminals determined to steal PHI and disrupt healthcare delivery, warned the Vectra 2019 Spotlight Report on Healthcare.
Source: Getty Images
- The proliferation of healthcare internet of things (IoT) has exposed a vulnerable attack surface that can be exploited by cybercriminals determined to steal PHI and disrupt healthcare delivery, warned the Vectra 2019 Spotlight Report on Healthcare.
Unpartitioned networks, insufficient access controls, and the reliance on legacy systems adds to the security risks posed by healthcare IoT devices.
Gaps in healthcare organizational policies and procedures can result in errors by staff members. Examples of these errors include improper handling and storage of patient files, which creates a vulnerability for cybercriminals to target and exploit.
“The increase in medical IoT is beneficial for patients but makes securing healthcare systems a challenge due to limited security controls around these devices,” said Brett Walmsley, chief technology officer at Bolton NHS Foundation Trust. “Having the visibility to quickly and accurately detect threat behaviors on and between all devices is the key to good security practice, regulatory compliance and managing risk.
According to Enterprise Strategy Group (ESG) research, 12 percent of enterprise organizations have already deployed AI-based security analytics extensively, and 27 percent have deployed AI-based security analytics on a limited basis.
“Machine learning and AI can assist healthcare organizations in better securing networks, workloads and devices, and provide data security by analyzing behaviors across systems,” said Jon Oltsik, ESG senior principal analyst.
To conduct the study, Vectra monitored network traffic and collected metadata from its Cognito platform customers. The analysis of the metadata provided a better understanding about attacker behaviors and trends as well as business risks.
Attackers Disguise Communications in Hidden HTTPS Tunnels
The report found that the most prevalent method attackers use to hide command-and-control communications in healthcare networks was hidden HTTPS tunnels. This traffic represented communication involving multiple sessions over long periods of time that appeared to be normal encrypted web traffic.
The most common method attackers use to hide data exfiltration behaviors in healthcare networks was hidden domain name system (DNS) tunnels. Behaviors consistent with exfiltration can also be caused by IT and security tools that use DNS communication.
The report found a spike in behaviors consistent with attackers performing internal reconnaissance using internal darknet scans and Microsoft Server Message Block (SMB) account scans. Internal darknet scans occur when internal host devices search for internal IP addresses that do not exist on the network. SMB account scans occur when a host device uses multiple accounts via the SMB protocol that is typically used for file sharing.
While many healthcare organizations suffered from ransomware attacks in recent years, the report found that ransomware threats were not as prevalent in the second half of 2018. It is still important to catch ransomware attacks early, before files are encrypted and clinical operations are disrupted.
Botnet attacks are opportunistic and are not targeted at specific organizations. While botnet attacks persist everywhere, their rate of occurrence in healthcare is lower than other industries, the report found.
“As emerging new medical technologies are adopted to improve healthcare delivery, it becomes increasingly important to strengthen security by understanding the technologies you have, how those technologies are being used, and receiving timely alerts when any unauthorized use occurs,” said Robert Rivera, senior security engineer at Cooper University Health Care in Camden, NJ.
Despite the security risks, the healthcare IoT market is forecast by Zion Market Research to increase at a robust 11 percent compound annual growth rate (CAGR), reaching $14.7 billion by 2022.
Market growth will be fueled by continued implementation of connected diagnostic and therapeutic devices to detect disease and monitor and maintain patient health, the report noted.
In terms application, telemedicine was the leading application type in the healthcare IoT market. Zion forecasted that telemedicine will exceed $4.2 billion in market value by 2022, posting a 12.7 percent CAGR over the forecast period.
