Companies in the healthcare industry must take extra precautions to ensure that they maintain privacy of confidential patient data.
The challenges in protecting hospitals from cyber attacks are very similar to those faced in ICS and SCADA environments; the equipment used in hospitals is not user-serviceable and therefore often running out-of-date software or firmware. This creates a dangerous situation where:
- The devices have known vulnerabilities that can be easily exploited by bad actors
- Administrators are not likely to notice malware running on the device as long as nominal operation is maintained (x-rays continue to take x-rays, etc.)
The end goal of bad actors infecting a medical device is to use it as an entry and pivot point in the network. Valuable patient records are not likely to be present on the medical devices, but those devices often have some level of network connection to the systems that do contain patient records. What better way to attack a system than to lie quietly on a network node with relatively unrestricted lateral movement to other parts of the network?
What exactly is a bad actor likely to do after getting a foot-hold on the network? Any number of things:
- Move laterally to find patient records that can be used for:
- Dentify theft
- Blackmail (especially public figures, celebrities, etc.)
- Steal research data for financial gain
- Deploy ransomware like Cryptolocker, effectively crippling the facility unless a bribe is paid
- Trigger widespread system malfunctions as an act of terrorism
- Carry out a 'hit' on a specific patient
Without a doubt, there are more activities that could be carried-out by a bad actor, the five listed above are just examples.
The first three items are strictly motivated by financial gain, and this has been the extent of observed attacks to date. The fourth item seems possible but unlikely, either due to morals or the relatively higher value of attacking other targets like power plants or defense facilities. The fifth item hasn't been detected yet, but that doesn't exclude the possibility that it has happened. Carrying out a silent assassination with malware would be very hard to trace back to the attacker, and could even be sold as a service (similar to DDoS as a service).
The scenario for #5 sounds unrealistic, but it is completely plausible. The attacker (or entity paying for the attack) would only need to know the target, have knowledge of an upcoming procedure, and know where the procedure was to take place. One caveat is that identifying which device(s) would be used with that patient, and when, could be difficult but not impossible to know.
How Sanitization of the Operating Room Compares to Preventing Cyber Infections
Metadefender Kiosk offers a safe process for transferring data to and from secure networks. If malware is allowed to enter a secure network, it can cause serious damage.
Secure data Transfer for Secure Networks With “Metadefender Kiosk + SFT”
Metadefender Kiosk and Secure File Transfer (SFT) protects against the risk of malware entering governmental facilities by enabling configuration of detailed filters and the power of Metadefender Core's 30+ anti-malware engines, over 90 data sanitization engines (CDR), and Vulnerability Engine, to control and sterilize digital data on portable media. Many organizations use Metadefender as a checkpoint outside secure facilities and require all external media devices such as USB drives, CDs, DVDs, and memory cards be scanned. Organizations can prohibit the use of external devices inside the network and connect these kiosks to a secure FTP, so that scanned and approved files can be sent to an internal location.
Fore more information check here.
Simply employing an air gap doesn't guarantee security, just as putting a scrub room before the OR doesn't stop viruses and bacteria. The point of the air gap is to create a point through which data movement is carefully controlled. The control point in a data flow is comparatively easier to maintain, as there are techniques for quickly finding infections on media moving through the air gap.
Sanitize high-risk files to avoid Zero day attacks
Certain file types such as Microsoft Office documents, PDFs, and image files often contain embedded objects such as scripts and macros that can trigger malicious code to execute when opened.
Log and manage all files brought into an organization
Administrators can choose how long files are kept and can track the time at which a specific user uploads and downloads a file. Metadefender SFT can be configured for a thorough scan of all files that are stored.
Inspect archived and encrypted files
Metadefender SFT leverages the capabilities of Metadefender Core’s workflows to scan files contained within archives, both encrypted and unencrypted.
Securely transfer files into secure networks
Metadefender Secure File Transfer (SFT) offers a safe process for transferring data to and from secure networks. If malware is allowed to enter a secure network, it can cause serious damage, especially in the case of critical infrastructure like nuclear plants.