Healthcare market is one of the most attractive to hackers
According to Trend Micro – a company specializing in the defense of digital threats and security in the cloud era, the healthcare market is one of the most attractive sectors for hackers.
One of the biggest attacks happened last year, when WannaCry ransomware affected organizations in over 100 countries.
According to Trend Micro's Securing Connected Hospitals Report, this ransomware infected the UK's National Health System, preventing its hospitals and other departments from accessing patient data. This isn't the first time the health segment has been hit by an attack of this magnitude, and it probably won't be the last.
“As hospitals and other healthcare institutions adopt new technologies, patients receive better care – but vulnerability to attacks increases,” notes the Trend Micro report. “The more connected, the more attractive the target, as it tends to become more profitable for the attacker.”
Areas of greatest risk in cybersecurity
An attack based on infection of systems can have a significant impact on a healthcare institution and, consequently, on its patients. The three highest risk areas in terms of malicious digital activity in this segment include:
• Daily activities in hospitals: Staff escalation, inventory, payroll and administrative activities can be severely threatened in a cyberattack. The more automated these activities, the greater the risk;
• PII Privacy: one of the most attractive elements in the segment for hackers is the so-called Personally Identifiable Information (PII), which can contain financial data, medical information and other confidential data;
• Patient health: an interruption in daily activities or impairment of PII can affect the hospital's ability to provide patient care and ensure their well-being.
Exposed connected devices
As the report points out, one of the most common problems is connected devices, which can serve as a gateway for hackers and malicious programs.
Healthcare institutions today have more connected healthcare systems than ever before, including features such as:
• Reception and nursing stations: e-mail, electronic health reporting (EHR) and other administrative systems;
• Emergency room and operating room: diagnosis, surgery, monitoring and diagnostic imaging;
• Meeting rooms: video conferencing, VoIP and other communication features.
However, when these areas are exposed and accessible via the Internet, they put patient care at risk. Some of the situations that can lead to this exposure include:
• Direct access to services and systems: misconfiguration of network structure and systems, which may include the use of weak or default passwords, which facilitates improper access to the network and its platforms;
• Connectivity requirements: almost every device nowadays needs a connection to fully operate, but this ends up creating more vulnerabilities;
• Remote access: access by remote professionals or external support teams, another opening for intrusions.
As indicated by Trend Micro research, just because a device is exposed doesn't mean it's compromised. An exposed device simply implies that the endpoint is connected to the internet and therefore can be accessed externally over a public connection.
The Shodan Threat
Another relevant risk factor here is Shodan. It is a search engine that allows the user to discover connected devices, and serves as a good tool for companies to identify unprotected vulnerabilities and any assets stored on their systems.
On the other hand, Shodan also has advantages for hackers, who can use its resources to get information about connected devices and their systems and look for opportunities for malicious activity.
“That's why Shodan is considered the most dangerous search engine in the world,” as highlighted in the Trend Micro study notes.
The problem of exposed ports
While connectivity is essential for the advanced functions of today's devices and applications, it is also a source of risk for them.
A major issue raised by Trend Micro is the problem of exposed ports. Researchers have identified a number of exposed and visible doors in the healthcare companies evaluated, including some that can pose serious risks:
• Network Time Protocol (NTP): one of the oldest protocols still in use. Because NTP connections between servers and computers are rarely encrypted, hackers can use NTP protocols for man-in-the-middle attacks that can prevent systems from updating;
• Teletype Network (Telnet): another type of connection that is rarely encrypted, where data is sent in text files, which allows for interception;
• File Transfer Protocol (FTP): This popular protocol is standard on many servers and allows hackers to use it to exploit compromised servers, which serve as an access point for files and an entry point for malicious programs that help extend the attack's reach.
Other exposed areas to be monitored
The combination of exposed areas and the hackers' ability to exploit certain protocols are not the only points of concern - exposed databases and industrial controls can also be threats.
“Databases are critical and sensitive data sources, which make them attractive targets,” the report states. "Apocalyptic scenarios, unfortunately, are not impossible, and care must be taken to ensure that an institution's instruments of control are never exposed on the public Internet."
Securing healthcare devices
It is clear from Trend Micro research that any exposed endpoint – from diagnostics to surgical equipment to medical records and vulnerable protocols – can provide the opportunity attackers need to disrupt an entire operation.
For these reasons, administrators and IT personnel need to make sure that sensitive equipment and devices in general are optimally protected, and that the necessary network connectivity does not end up exposing devices in public environments.
EN 
PT 
