The rise of the Internet of Things (IoT) devices in the healthcare sector has helped patients and doctors alike, notably in monitoring patients' state of health in real time. However, it has brought the rise of various security issues like data and operation compromise and ransomware attacks.
Recently, the Cyber Security Agency of Singapore (CSA) introduced a labelling scheme for medical devices that allows healthcare providers to make informed decisions in accordance with their cybersecurity policy. The move also incentivises manufacturers to develop more secure medical devices to strengthen the cybersecurity posture of the healthcare sector.
Pervasive healthcare cybersecurity weaknesses
In the ExtraHop 2022 Cyber Confidence Index: Asia Pacific report, exactly half of the cybersecurity incidents in the region happen because attackers take advantage of an organisation’s outdated security stance. In Singapore, only 31% of IT security leaders said that they were able to identify and stop ransomware incidents. A weak posture can obstruct operations and patient care through the compromise of critical data such as blood type, CT scans and more.
The number of cybersecurity incidents recorded by the CSA does not inspire confidence. There has been an increase in ransomware and phishing cases in 2021 compared to the previous year.
Ransomware, in particular, increased from 89 cases in 2020 to 137 in 2021. Phishing cases also increased from 47,000 URLs in 2020 to 55,000 in 2021. Going further, CSA also revealed that the most commonly-spoofed website was the Ministry of Health (MOH).
See also: A local spin on voice AI
CSA's Cyber Landscape 2021 report shared that IoT-related attacks have been happening since 2014 but they were initially considered to be low-likelihood events as there was little to no critical data stored on the device. What was once a low-impact device to leverage is now a critical element in sustaining service continuity and consistent treatment and care for patients. The advancement in critical IoT devices such as Uninterruptible Power Supply (UPS) units makes them a prime target for cybercriminals. Even more so, when such units are relied on as emergency backup solutions.
IoT visibility gaps
Perhaps the biggest challenge in IoT security is visibility into how the devices operate and how they are configured. IoT devices lack critical cybersecurity protection and oftentimes, come with unchangeable passwords or the inability to easily be updated when a security patch or update is needed.
See also: Generative AI: Friend or foe?
Consider healthcare devices like insulin pumps and ECG pumps which are designed to collect patients' data and dispense treatments accordingly. The threat is further aggravated when devices like ultrasound machines are often moved between facilities, taking their vulnerabilities and infections with them from one hospital to another. IT teams are unable to 'see inside' the devices without breaking them, let alone physically install anything to monitor and assess their security readiness.
In one of the cybersecurity trends outlined by the CSA's Cyber Landscape report, threat actors can time their attacks to maximise their damage to the cyber infrastructure, such as disabling the ability to reset or prevent effective mitigation. To make matters worse, the increasing prevalence of IoT devices can expand the healthcare providers' attack surface, which provides threat actors more opportunities to gain access to breach the system.
This is where following the security operations visibility triad can help IT teams to get a view of security threats in their network. The visibility triad shows how data from endpoint telemetry (EDR) and security events (SIEM) can be combined with network intelligence to provide complete visibility across the environment - including those IoT devices that cannot have an endpoint agent installed on them.
How network visibility closes the healthcare security gap
The network can be used as an entry point by threat actors to infect IoT Devices connected to it. For healthcare providers to stay one step ahead of cyber threats, they need to have full awareness of every activity and connection that takes place within the network infrastructure. This is where network detection and response (NDR) tools come into play.
NDR tools can passively capture network communications within and bordering the perimeter and use behavioural analytics and machine learning to identify both known and unknown attack patterns. They can also be used to conduct a post-compromise investigation to help users identify the attack vector and how they can block similar attacks in the future. NDR works hand-in-hand with endpoint security in providing extra visibility at blind spots where agents cannot be installed.
IoT security in healthcare must be given the highest priority among IT teams as this sector plays a critical role in the well-being of society. Organisations especially need to consider reinforcing security in blind spots so they won't become easy prey for attackers. By ensuring a secure and robust infrastructure, healthcare providers will be able to earn the trust of their patients who depend on them for their care.
Chris Thomas is the senior security advisor for APJ at ExtraHop