How Healthcare Can Pinpoint Common Vulnerabilities — and Build Defenses

Last fall, the Department of Homeland Security issued a warning about a widespread vulnerability that exists in nearly all wireless networks. The vulnerability, dubbed KRACK (key reinstallation attacks), affected wireless networks encrypted using the Wi-Fi Protected Access 2 protocol, including those of many healthcare organizations.

The warning underscored the necessity of healthcare IT leaders staying abreast of — and mitigating — known vulnerabilities.

Typical Attack Vectors for Healthcare Organizations

For healthcare organizations, sources of vulnerabilities come in a variety of forms:

• Many services within healthcare organizations require only single-factor authentication, making them an attractive target for brute-force attacks.
• Some medical applications transmit patient data in clear text, a format that is known to be susceptible to man-in-the-middle attacks.

Moreover, in the healthcare field, insider threats — accidental or malicious — are the most common threat vector, according to Verizon’s 2018 Data Breach Investigations Report, making training a key aspect of ensuring cyberdefenses remain intact.

Unsecured Medical Devices Leave Hospital Networks Vulnerable

Unsecured medical devices expand the potential attack surface for healthcare organizations. In fact, a 2017 Ponemon survey found that 67 percent of medical device manufacturers and 56 percent of healthcare delivery organizations believed an attack on a medical device built or in use by their organization is likely to occur in the next year. This vulnerability is thanks to a combination of factors, including a lack of security testing and accountability, not to mention that for manufacturers, building a device that’s air-tight when it comes to security is quite a challenge, the survey finds.

The usual suspects for unsecured devices include:

• Outdated software and operating systems — especially those that are no longer supported by vendors — are ripe for attack.
• Third-party vendors that manage systems are also a source of risk. By targeting a smaller, external vendor that works with a healthcare system, hostile actors can effectively bypass all the larger organization’s security controls and gain direct access to its networks.

The problem of unsecured medical devices can be mitigated through network segregation, port blocking and next-generation firewalls.

“The next generation of firewalls actually provides that [segmentation]. You don’t have to build out a specific infrastructure; now I’m creating a bubble within my network for medical devices,” John Fowler, deputy information security officer for the Henry Ford Health System in Detroit told HealthTech in an earlier interview. He adds that the cost of segmentation is dropping significantly.

Moreover, new technologies like automation, artificial intelligence and machine learning can be applied to networks to ensure security systems stay ahead of threats, and aren’t always just one step behind.

“The speed of today’s security environment means that if a human is involved, an event will have moved past [network] security and is now a forensics case,” Robert Kingma, CEO at ICT Networks told IT chiefs gathered in Sydney recently, according to CIO.

Learn how to best prepare your healthcare organization for looming cyberthreats by reading the CDW white paper “Ensuring the Security of Patient Data.”