Should state-sponsored cyber-attacks against hospitals be on our watch list?

In the past year, there has been a huge rise in sponsored cyber-attacks that have targeted national health systems with a devastating impact. These attacks have included a long list of crippling ransomware campaigns which have caused devastation and the risk of bankruptcy of several large private health systems and forced smaller medical-based and dentistry-based businesses to shut their doors completely.

The knock-on effect of this is that this has caused medical services to be no longer accessible to thousands of people, thus increasing patient morbidity and mortality. Let’s delve into this important topic further…

 Interviewer: Thank you for joining us Richard. Can you give us a bit of an introduction of yourself and how you ended up at Cylera?

Richard: Yes, of course. So, I am Richard Staynings and I am Chief Security Strategist within Cylera. I am a Brit but have lived across the pond for the last 30 years. I joined Cylera three and a half years ago, before the company was launched into the public space. The founders decided to build a solution that worked 100% before launching, which was a stark contrast to a lot of other start-ups. A former employee reached out and asked me to meet with the three founders.

We went into detail about the technology and how the application worked, and there were two things that really amazed me. One was the use of modern technology that had been integrated into the system The second feature was the fact that they had developed this in conjunction with academic medical centres.

Everything was laid out so clearly and you could see what you needed to see and know. This is important as you want to be able to get to the issues that are raised quickly.

Interviewer: So, I guess it is good?

Richard: Yes, it is very detailed, it is dynamic and ongoing, a full inventory of assets and medical devices for example that are connected to your network. It continues to learn as your devices receive an upgrade or an update and as new devices are added or retired from your network.

 Interviewer: We have spoken about what Cylera does and how it helps but if anyone is working within the health care sector, what cyber threats are on the horizon? And what do we need to consider when protecting hospitals right now?

Richard: Hospitals are one of the six critical infrastructure industries right now. When healthcare is hacked, patient safety is compromised. Now that could be a long-term interruption linked to the opportunity to attack data, which the NHS suffered in 2017, or other threat issues. We are also obviously in a heightened state of security preparedness right now, given the conflict that is going on in Russia and Ukraine.

Russia has been attacking Ukraine's critical infrastructures through their adversaries in order to bully, intimidate and warn their neighbours in that space. There has been a succession of cyber-attacks against the critical infrastructures to coerce Ukraine into a more subservient Russian sphere of influence since 2015. Healthcare systems would be a target of any Russian aggression, which is why they need to be protected.

Interviewer: How can all this begin?

Richard: It can be as simple as a Phishing email. Once someone is inside your organisation, they can look at all your systems and for example the medical devices that are connected to your electronic patient records. Even if they don’t utilise the devices, they understand the value of the medical data. You really want to make sure you are using something like Cylera that can understand when there are malicious communications.

There are two main types of attacks. One is a broadcast attack, and the others are more targeted at specific corporations. Now we are seeing the majority being the broadcast style, but the other is on the rise.

Interviewer: You can also see how easy it can be to fall victim to one of these attacks within healthcare systems too because everyone is under so much pressure.

Richard: Imagine tiredness and stress, and how much of a factor that can be? You are stressed, busy and overwhelmed and click something briefly on your phone, or you didn’t take the moment to validate where an email has come from.

Interviewer: What do you think those in the industry need to be aware of to preserve digital health care systems?

Richard: When we talk about protecting health care, we talk about protecting the confidentiality, integrity and availability of health information systems and health data. Confidentiality is already lost as most of our records have been exposed, but the most critical thing is protecting the integrity of the health data. For example, ensuring people get the right blood during or after surgery, and that people are aware of allergies. This needs to be protected to ensure patient safety.

The next area to consider is availability. We live in a world of highly interconnected, highly technological-enabled health care. They use many integrated IT health programs with various medical devices. So, what happens when those systems go down? It is very difficult to return to a paper-based system

Interviewer: What lessons do you think were learned in past attacks and how is that making advancements within medical devices and IoT?

 Richard: Contingency planning and business continuity planning and business continuity exercises are crucial to ensure a positive outcome when dealing with security incidents. Enhanced training also needs to be prioritised.

There is a high cost associated with the potential outcome of these attacks for example how do you place a value on the cost of a life?  As a cybersecurity professional, I would want to have the best possible cybersecurity to protect the patients in my hospital, but I understand the financial decisions that take place alongside this issue, such as hiring more staff. It is a fine balance within the healthcare system as to where money is spent.

I think the value that Cylera brings is that it's a real-time dynamic asset inventory so it will record what's on the network at any point in time. It will also give you historical information on what has been attached to the network for the last three months or six months. Medical devices are powered on when they are needed, but they interact with a lot of other interconnected healthcare systems. Having an accurate inventory can also help to lower financial loss, and improvements within asset management can help to lower security threats too.

 So, you've got to keep your eye on the ball. You've got to make sure that security is holistic and all-encompassing. And, you know, at the end of the day, it comes down to good security governance. You need the right people, the right process, and the right technologies in place in order to ensure that your organisation does not become a target or a victim of a cyber-attack.

Thank you, Richard, for delving deeper into this topic with us. You can listen to the full interview over on Podcast (Click Here)

The Core of IT V4

Matt White newly appointed Finance Director

Finance Director, Matt White discusses his recent appointment and Core to Cloud’s exciting plans driving UK global growth.

Buyers Guide to Managed Detection and Response (MDR)

Introduction to MDR Managed Detection and Response (MDR) is crucial in the ever-evolving cybersecurity landscape. MDR blends cutting-edge technology with human expertise, offering unparalleled threat-hunting, monitoring, and response capabilities. The primary...

Trusted by over 150 organisations

Share This