Posted by David Hald / 16 November 2016
The morals of hackers sank to new lows last week, when three hospitals across the UK were targeted with ransomware in malicious cyber attacks. The upshot was that all operations, procedures and appointments were cancelled, affecting over 1000 patients.
The hospitals’ computer systems control all aspects of operations, so the virus affected everything from the ventilation of patients and administering gases to the operation of car parking barriers. The hospitals were effectively on lock down – A&E departments had to resort to paper tagging admissions, as they would during a major incident.
This news is hot on the heels of UK Government warnings about large quantities of data held by the health service and other government agencies, being at risk from attack from organized criminal gangs, “hactivists,” teenagers with a grudge and foreign states. And you could add disgruntled employees to that list.
Ransomware is on the rise. And no organization is immune. Freedom of information requests published recently highlighted that 28 of 29 NHS trusts in the UK had suffered ransomware attacks in the last year. And in February, a hospital in California paid nearly $100,000 to a ransomware attacker.
So why is healthcare such a target for hackers? Well, if you think about it, hospitals store a lot of data on patients, most of which is personal and highly sensitive, which for your average hacker, is like a red flag to a bull. It’s why the UK government has pledged nearly $2.5 billion on enhancing cyber security. And earlier this year, in his fiscal budget proposal, Obama asked for a massive $19 billion to fund cyber security, an increase of over $5 billion from the previous year.
So governments are serious about heightening defences. Just as hackers are hell bent on infiltrating networks and causing damage. What’s a public sector organization to do?
Shore up authentication: passwords don’t cut it. And neither does two-factor authentication. You really need multi-factor authentication (MFA), which uses a number of variables to validate your users. Two thirds of network breaches are caused by compromised weak or stolen passwords. You really can’t afford to leave your front door wide open to hackers.
Shine the light on shadow IT: particularly with the use of the cloud, you have to be switched on in terms of what apps employees are using and why and for what. It will help you get a gasp of cloud sprawl (proliferation of app usage) and help limit security vulnerabilities.
Permission: you need to be prescriptive about who has access to what and when you want them to have it. The less people who are granted access to sensitive data, the less change you have of a data breach coming your way.
Of course, there are a million and one things you can – and should – be doing to protect systems, data and networks. Just as organizations like hospitals are completely dependent on tech to function and becoming more reliant on cloud apps, it is increasingly important to ensure that your back is covered on a security level. If not, the consequences – such as the risk to patient safety – can be dire.