Securing the cloud for healthcare

The Cloud is a $200 billion business that analyst firm IDC expects to nearly double in valuation by 2022. It enables collaborative productivity apps, on-demand entertainment, and promises much needed advances in telemedicine. But all this potential will come crashing to a halt unless we take seriously the corresponding rise of cloud-based cybersecurity threats. The increase we have seen in cyber-attacks seeking cloud-based data is worrisome and the potential for crippling the healthcare industry is high especially given the current global climate and their dependency on cloud-based services.

Recent warnings and actual attacks are a prominent example of the active and persistent threats to our global healthcare networks, economy, and connected infrastructure. Organizations involved in national and international COVID-19 responses are being actively targeted by hacking teams and threat groups. This is according to a recent alert from DHS ‘s Cybersecurity and Infrastructure Agency (CISA) Europe’s largest hospital.  In addition, the Czech Republic warned of expected cyberattacks targeting healthcare systems designed to damage or destroy computers in critical healthcare infrastructure.  And last month, Interpol announced that its Cybercrime Threat Response team had detected a significant increase in ransomware extortion schemes against healthcare organizations and infrastructures.  The list goes on…

The World Health Organization (WHO) has been hit by a massive increase in hacking against its systems, so far unsuccessful. Along with other global health organizations, the WHO was already battling a surge of scams aimed at spreading misinformation about COVID-19 to invade networks of unwitting companies and their large remote workforces. The WHO announced it is aware of broader threats to health systems, citing a huge increase in phishing campaigns and multiple ransomware attempts against hospitals.

A first-hand analysis of attack behaviors inside actual health enterprise networks gives us a glimpse of cloud-based ransomware attack trends in the global healthcare industry.

Incident investigations conducted in 2019 have identified and analyzed network security behaviors at hundreds of hospitals, healthcare networks and other enterprise organizations in the industry. This research, conducted by AI security experts, shows that a proliferation of medical IoT devices -- along with unpartitioned networks, insufficient access controls and legacy systems -- have created a massive and vulnerable attack surface across the healthcare industry, one that can easily be exploited by cybercriminals who operate with common IT administrator tools.

This risk landscape is further evidenced by alarming patterns in the three major attack scenarios of 2019: the Iranian cyber-espionage group; a Chinese state sponsored actor; and a healthcare ransomware extortion scheme. All leveraged a common IT administrator tool Remote Desktop Protocol (RDP) as the attack surface to carry part of the broader campaign. This tool, which is used to deploy nation state attacks, is now being turned against the healthcare industry.

Advancements in emerging technology and intelligent systems are being developed to fight cloud-based cyber-attacks occurring in IoT devices, across health enterprise networks and consumer facing services. Yet, despite the billions of dollars invested in cybersecurity, U.S. businesses and consumers are still under threat of cyber-attack. The market consolidation occurring in the $12.7 billion cloud security market is a clear indicator of the security visibility gap that the cloud creates for organizations: reduced visibility and control over cloud data i.e. they cannot use their existing security controls to detect a cyberattack in the cloud.

As threats become more advanced and attacks harder to detect without intelligent systems, the software industry has yet to close the biggest gaps in cloud security: those occurring in the cloud, data center, user, and IoT infrastructure. This will become more pronounced across the cloud as nearly four out of ten organizations plan to move to a cloud-first approach to deploy new applications according to data from analysts at ESG.

The cybersecurity industry is working closely in partnership with governments, agencies, and healthcare institutions to monitor cyberthreats related to COVID-19, gather information, and provide support to organizations targeted by ransomware. While this is good oversight, it will take a combination of data science and machine learning to reduce the amount of human intervention needed to hunt, detect, and respond to in-progress cyberattacks occurring the cloud. These emerging technologies will deliver robust access controls, which along with coordination between businesses, healthcare organizations, consumers, cloud service providers, and clear guidelines from government will be required to actually secure the cloud so it can realize its full potential. 

Image credit: scanrail/depositphotos.com

Hitesh Sheth is president and chief executive of Vectra AI, a global cybersecurity firm that specializes in network threat detection and response.