In May 2020, the European Union Agency for Cybersecurity (ENISA) published advice to the healthcare sector on coping with the increase in phishing campaigns and ransomware attacks during COVID-19. The advice is a key opportunity for PANACEA Research to highlight its key findings and frontline experiences during the pandemic.
Growing threat surface: The healthcare sector is one of the most targeted sectors for cyber-attacks because it is a rich source of valuable data and its defences are weak. COVID-19 has brought with it an even larger threat surface, which means the sector is facing an overwhelming situation as a direct target or collateral victim.
- Malicious actors taking advantage of the COVID-19 pandemic are launching an increasiing number of phishing campaigns and ransomware attacks.
- Hospitals have shifted their focus and resources to their primary role to manage such a large-scale health crisis, thereby increasing their vulnerabilities as they reduce their attention to cybersecurity. However, it is critical that healthcare organisations improve their preparedness in the face of cyber-attacks. The pandemic is a key example of how cybercrime adapts to the world around it. Conditions being exploited and making the sector even more vulnerable include:
- High demand for certain goods like protective masks, disinfectants and household products. PANACEA has pinpointed examples of scam mails for PPE ordered and paid for but never arriving at their destination.
- Increased reliance on teleworking, often with little previous experience and planning. PANACEA has highlighted how smart working increases risks due to technology illiteracy of staff working from home; the increased risk of infections from insufficiently protected home devices, e.g. antivirus, patching, anti-malware; carelessnees in exhanging credentials with colleagues to VPN or shared folders.
- PANACEA has also underscored that the use of new staff also increases risks due to inexperience of cybersecurity practices or taking it for granted, as in the case of digital natives and Generation Z. The sudden and massive recruitment of new staff can weaken the provisioning, de-provisioning and profiling processes, leading to security issues. Similar issues arise as staff are moved from low-output clinics to new positions but using the same access credentials.
To tackle these challenges, ENISA offers the following advice:
- Share the information with healthcare staff in the organisation, build awareness of the ongoing situation and, in the case of infection, ask staff to disconnect from the network to contain the spread.
- Raise awareness internally in healthcare organisations and hospitals by launching campaigns even during the time of crisis (i.e. to inform hospital staff not to open suspicious emails).
- In case of systems compromise, freeze any activity in the system. Disconnect the infected machines from others and from any external drive or medical device. Go offline from the network. Immediately contact the national CSIRT.
- Ensure business continuity through effective backup and restore procedures. Business continuity plans should be established whenever the failure of a system may disrupt the hospital's core services and the role of the supplier is such cases must be well-defined.
- In case of impact to medical devices, incident response should be coordinated with the device manufacturer. Collaborate with vendors for incident response in case of medical devices or clinical information systems.
- One preparedness measure is network segmentation. With network segmentation network traffic can be isolated and / or filtered to limit and / or prevent access between network zones.
On top of this, national cybersecurity authorities are issuing alerts and guidelines on potential cyber attacks while the MS CSIRT Network continuously exchanges information and issues situational reports together with relevant EU Institutions. The private sector is offering pro-bono cybersecurity related services supporting the healthcare sector.
PANACEA Research perspectives: PANACEA is part of the wider cybersecurity community that is working together to support the healthcare sector as the pandemic develops, sharing its frontline experiences and developing a toolkit that embraces a holistic approach to cybersecurity in healthcare, covering new technological solutions, people and processes.
Lookout Watch entry date: 15/07/2020.