Skip to content

Why Hospital Cyber Protection Is a Hard Nut to Crack

There is a simple reason why hospitals are the frequent targets of cybercriminals. Hospital networks contain patients’ and research data that is highly valued on the black market. And their infrastructure specifics make protecting it difficult.

In 2020, all 16 Czech key hospitals covered that year by the Cybersecurity Act reported a cyber incident. But also smaller healthcare facilities were being attacked and protecting them was no less complicated.

There are a few complications that make hospital cybersecurity challenging: the complex architecture of hospital networks, the frequent obsolescence of operating systems and also the insufficient number of qualified security personnel.

In addition, legislative requirements place high demands on security, including:

  • GDPR
  • Your National eHealth Center’s methodological guidelines (if you have one)
  • International standards that summarize security recommendations for the use of healthcare systems and best practices (ENISA – Cyber security and resilience for Smart Hospitals, MDISS – Medical Device Innovation, Safety & Security Consortium)

Last, but not least, every organization usually has its own internal security regulations. These are based on risk analyses or the internal recommendations and requirements of the hospital’s governing board for the operation of IT in the hospital.

The Most Common Targets of Attackers

In the first stages, attackers aim usually at hospital employees’ login credentials, through which attackers try to gain access to VPNs, internal or health information systems. All these systems contain high-value data through which the attacker can hold the hospital to ransom.

Another source of income for attackers is research data that can be effectively monetized, but patient data is an especially big gain. The price for this information (data about a person and their health status) is from tens to hundreds of dollars per record on the black market. By contrast, mere contact details (for example, from a hacked e-shop) are only worth units of dollars.

And, of course, there are attacks whose primary goal is to take a hospital out of operation. In the case of compromised information systems, hospitals are unable to retrieve medical records or determine the availability of drugs and supplies. In the worst case scenario, the attack affects the operational infrastructure.

In short: the hospital cannot provide the healthcare function essential for its patients.

The Specifics of Internal Hospital Networks

Hospital internal networks have a specific and rather complicated architecture. They are the combination of not only IT elements but also include the operational technology of specialized medical departments as well as devices such as air conditioning, heating or blind controls.

There are many different types of IT networks in hospitals, for example:

  • Medical networks, in which doctors and nurses access medical records, inventories and other medical information
  • Patient networks, which are used by patients and visitors to the hospital
  • Private physician networks, which lease connectivity from the hospital and also have access to the internal network of information systems

All of this is often complicated by the frequent use of outdated systems and insufficient staff capacity to ensure the organization’s cybersecurity.

We should view these characteristics as specifics that cannot be immediately addressed but need to be kept in mind when securing health facilities. For example, some modalities (diagnostic equipment such as X-ray machines, ultrasound, etc.) were purchased by hospitals 10 to 15 years ago and their level of security corresponds to their age. Often, the manufacturer does not even provide necessary updates, so there are devices with an un-updated operating system in the network. We have seen devices running on Windows XP. Even DOS and old versions of Linux are not rare as without these operating systems, it is not possible to use these devices.

Our experience, coming from dozens of hospitals in the European Union and Asia, has shown us that there are many hospitals with a high level of cyber protection. Unfortunately, there are also those with a large number of security shortcomings that need to be solved. Fortunately, GREYCORTEX Mendel can help them all.

White House Pushes for Stronger Critical Infrastructure Security

In the wake of the different ransomware attacks on Colonial Pipeline, JBS Foods, Oldsmar Florida water system and other critical infrastructure, President Joe Biden signed a national security memorandum that is aimed to strengthen the cybersecurity for critical infrastructures. The goal of this memorandum is to establish improved information sharing and collaboration initiatives with the private sector. Additionally, the White House wants to raise the security of ICS and address the different security risks and vulnerabilities in critical infrastructure environments.

The National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems formalizes the Industrial Control System (ICS) Cybersecurity Initiative which directs the Departments of Homeland Security and Commerce and the Department of Commerce’s National Institute of Standards and Technology (NIST) to create and issue cybersecurity performance goals for critical infrastructures.

The new initiative of collaboration between the federal government and the critical infrastructure sector will work together to defend the critical infrastructures of the United States. “Encouraging and facilitating the deployment of technologies and systems that provide threat visibility, indications, detection, and warnings, and that facilitate response capabilities for cybersecurity in essential control system and operational technology networks,” according to the memorandum.

Additionally, the memorandum will increase the adoption of cyber security solutions that provide better visibility into ICS, “The goal of the Initiative is to greatly expand deployment of these technologies across priority critical infrastructure.”

Another objective of this incentive to strengthen the security of ICS is to deploy interconnected industrial sensor technology. By deploying sensors, critical infrastructure environments will enhance their visibility into security events in their operational systems.

This will allow organizations to detect any intrusion on their network more quickly. As quoted in the memorandum, “We cannot address threats we cannot see; therefore, deploying technologies that can monitor control systems and detect malicious activity and facilitate response actions to cyber threats is central to ensuring the safe operations of these critical systems.”

Why The Industrial Control Systems Cybersecurity Initiative Matters

Following in the lines of the Biden Administration’s recent cyber security executive order, the memorandum establishes the Industrial Control Systems Cybersecurity Initiative (the “ICS Initiative”). The ICS Initiative is a collaborative effort between the Federal Government and the critical infrastructure community to improve the cybersecurity of systems supporting national critical functions.

This new initiative is important for the critical infrastructure sector as it encourages, facilitates and scales the deployment of ICS security technologies to monitor and detect malicious activity and provide the right mitigation steps in response to cyber attacks. By using the ICS Initiative as guidance, the Federal Government will collaborate with the industrial sectors to share different cyber threat information for ICS systems of critical infrastructures.

Initially, this initiative was launched in April 2021 with a pilot effort within the electricity subsector with over 150 electricity utilities representing almost 90 million customers agreeing to deploy control system cybers security technologies. The same effort is underway with the natural gas pipelines sector which will be followed by water and wastewater, chemical and other sectors later this year.

Critical Infrastructure Cybersecurity Performance Goals

The Memorandum also directs the need for government agencies to create and issue baseline cybersecurity goals across the critical infrastructure sectors. The need for improved security controls will be dependent on the control systems in the critical infrastructure environments.

These measures will “further a common understanding of the baseline security practices that critical infrastructure owners and operators should follow to protect national and economic security, as well as public health and safety,” according to the memorandum.

NIST and CISA will establish the preliminary goals for control systems for critical infrastructures sectors by Sept. 22, 2021. Then the final cross-sector control systems goals will be published by July 28, 2022.

“These performance goals should serve as clear guidance to owners and operators about cybersecurity practices and postures that the American people can trust and should expect for such essential services,” the memorandum states.

Moving Forward

ICS security is not an easy task at hand and defending the wide range of industrial networks and facilities is often neglected or not enough resources are allocated. By creating a voluntary collaboration of infrastructures operators and the cyber security agencies of the government it will strengthen the awareness of the different attacks on critical infrastructures.

The US government putting a strong emphasis on visibility is a smart move. The research and deployment of cyber security for ICS are only now starting to change for the better. The legacy systems are finally converging between the physical and the interconnected networks. By becoming interconnected to the Internet it has created new security risks for the critical infrastructures sectors that haven’t been properly evaluated. The memorandum is a good first step into ensuring better security for ICS, but it’s only one small step on a long road to more secure critical infrastructure sectors.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

No More Ransom: Five successful years combating ransomware

BRATISLAVA — ESET, a global leader in cybersecurity, celebrates the fifth anniversary of No More Ransom — a joint initiative started in 2016 by law enforcement and IT security companies to help victims of ransomware restore their files.

Having joined the initiative in 2018, ESET has offered the public five of its ransomware-related tools, which have already helped over 25,000 people. Every year, ESET technologies detect millions of instances of attacks resulting in ransomware. ESET’s brute-force attack protection technology has been a very successful defensive mechanism, which between January 2020 and April 2021, effectively detected and blocked around 55 billion attack attempts on close to 1 million of ESET’s clients. Furthermore, over 300,000 internet users downloaded one of ESET’s publicly available ransomware remediation tools.

Since its inception, the No More Ransom repository of decryptors has helped more than six million people to recover their files for free. This has prevented criminals from earning almost a billion euros through ransomware attacks. Currently offering 121 free tools able to decrypt 151 ransomware families, No More Ransom unites 170 partners from the public and private sectors. In addition, a new No More Ransom website is available with a more modern and user-friendly experience in 37 languages, updated information on ransomware, as well as advice on how to prevent compromise by ransomware.

For more information about how to fight ransomware read ESET’s ransomware paper and for more information on ESET solutions see the website.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET latest ransomware paper reports 71 billion attacks on remote access and offers defenders advice on how to counter this threat

BRATISLAVA — ESET, a global leader in cybersecurity, today published its latest research white paper, titled “RANSOMWARE: A look at the criminal art of malicious code, pressure, and manipulation.” The report examines how dangerous ransomware has become due to the criminals’ psychological and technical innovation and offers advice on how organizations can best protect themselves. It also reveals the most widespread techniques used by malicious actors, focusing on three specific attack vectors: Remote Desktop Protocol (RDP), email attachments, and supply chain.

Ransomware gangs have misused the COVID-19 pandemic to expand their extortion and distribution toolkit, focusing on intrusions via publicly available misconfigured systems running Remote Desktop Protocol (RDP). ESET telemetry identifies RDP as one of the most popular attack vectors today, with detections surpassing 71 billion between January 2020 and June 2021. Unlike malicious files attached to an email, attacks via RDP use the ruse of legitimacy and thus fly under the radar of many detection methods, meaning fewer metrics and less threat awareness for businesses.

ESET telemetry also revealed that the Server Message Block (SMB) protocol, mainly used for file and printer sharing in enterprise networks, can also be misused as an attack vector via which ransomware can penetrate an organization’s network. Between January and April 2021, ESET technologies blocked more than 335 million brute-force attacks against public-facing SMB services.

As ransomware attacks are becoming increasingly targeted, it is essential that businesses are aware of the latest methods used by cybercriminal gangs and are prepared to respond. In addition to a proper setup of RDP and other cyber hygiene factors, the paper advises to employ an advanced endpoint detection and response tool such as ESET Enterprise Inspector.

The white paper also highlights recent high-profile attacks such as those on Kayesa and the Colonial Pipeline, and reflects on the costs inflicted by ransomware operators on businesses across the world. In light of those — and a plethora of other — ransomware cases, authors of the paper discuss the payment dilemma. They argue that while paying ransoms might restore some of the files, it offers no guarantee that cybercriminals will, or can, restore full access to data and that sending the demanded sum of cryptocurrency helps fund future crimes — which is also why a debate is underway about making such payments illegal.

Ondrej Kubovič, Security Awareness Specialist and author of the white paper, states: “Ransomware is currently one of the most potent cyberthreats to modern organizations, targeting all industries and affecting both the public and private sector. It is essential that organizations are equipped with knowledge and insight into the latest developments on the ransomware scene and that they build their defenses on cyber hygiene, proper setup and reliable security measures. Our white paper reflects ESET’s goal to stay one step ahead of malicious actors, offers actionable advice for administrators as well as their superiors and provides insight into security products that help mitigate the threat. We hope businesses find all of this useful.”

To read the ransomware white paper, please click here.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.