Healthcare systems were held hostage by WannaCry in May 2017. The ransomware attack painted a vivid picture of what a digital-borne threat can do to paralyze real-world processes, including actual hospital procedures such as life-saving surgeries. This IT security nightmare prompted discussions specific to the problem of securing connected hospitals. While patients get better and more efficient services when healthcare facilities adopt new technologies, add smart devices, and embrace new partnerships, the digital attack surface becomes broader as well.
To shed light on healthcare network risks that are not getting enough attention, Trend Micro partnered with HITRUST for the research paper Securing Connected Hospitals. Trend Micro Forward-Looking threat researchers explored two aspects: Exposed connected medical systems and devices, and supply chain cyberthreats.
The previous studies regarding exposed devices in internet of things (IoT) or industrial internet of things (IIoT) environments in different states and sectors in the United States, and subsequently in different countries in Western Europe, were a wakeup call for organizations who are not sufficiently securing connected printers, webcams, databases, and even ports. The risk is much more nuanced in the healthcare industry.
It was discovered that exposed medical systems—including those that store medical-related images, healthcare software interfaces, and even misconfigured hospital networks—which should not be viewable publicly. While a device or system being exposed does not necessarily mean that it is vulnerable, exposed devices and systems can potentially be used by cybercriminals and other threat actors to penetrate into organizations, steal data, run botnets, install ransomware, and so on. Furthermore, it shows that a massive amount of sensitive information is publicly available when they shouldn’t be.
Supply chain threats, likewise, are potential risks associated with suppliers of goods and services to healthcare organizations: A perpetrator can exfiltrate confidential/sensitive information, introduce an unwanted function or design, disrupt daily operations, manipulate data, install malicious software, introduce counterfeit devices, and affect business continuity. The healthcare industry is more dependent than ever on cloud-based systems, third-party service providers, and vendors in the supply chain. With that in mind, Trend Micro and HITRUST examined the different entry points that can render a network susceptible to a supply chain attack, and the different kinds of attacks that can be deployed by cybercriminals.
After identifying exposure and supply chain risks, they performed a DREAD threat modeling exercise on healthcare networks in order to understand where, among various threats, the greatest risk lies.
Through this research, Trend Micro and HITRUST sought to arm healthcare IT security teams with a broader perspective about the kinds of threats that they should defend their networks against.
