main

DDoS Attacks

Healthcare is in Cybercriminals’ Crosshairs

August 6, 2019 — by Mark Taylor0

healthcare-960x640.jpg

The healthcare industry is a prime target of hackers. According to Radware’s 2018-2019 Global Application and Network Security Report, healthcare was the second-most attacked industry after the government sector in 2018. In fact, about 39 percent of healthcare organizations were hit daily or weekly by hackers and only 6 percent said they’d never experienced a cyber attack.

Increased digitization in healthcare is a contributor to the industry’s enlarged attack surface. And it’s accelerated by a number of factors: the broad adoption of Electronic Health Records Systems (EHRS), integration of IoT technology in medical devices (software-based medical equipment like MRIs, EKGs, infusion pumps), and a migration to cloud services.

Case in point: 96% of non-federal acute care hospitals have an EHRS. This is up from 8% in 2008.  

Accenture estimates that the loss of data and related failures will cost healthcare companies nearly $6 trillion in damages in 2020, compared to $3 trillion in 2017. Cyber crime can have a devastating financial impact on the healthcare sector in the next four to five years.

The Vulnerabilities

According to the aforementioned Radware report, healthcare organizations saw a significant increase in malware or bot attacks, with socially engineered threats and DDoS steadily growing, as well. While overall ransomware attacks have decreased, hackers continue to hit the healthcare industry the hardest with these attacks. And they will continue to refine ransomware attacks and likely hijack IoT devices to hold tech hostage.

[You may also like: How Cyberattacks Directly Impact Your Brand]

Indeed, the increasing use of medical IoT devices makes healthcare organizations more vulnerable to DDoS attacks; attackers use infected IoT devices in botnets to launch coordinated attacks.

Additionally, cryptomining is on the rise, with 44 percent of organizations experiencing a cryptomining or ransomware attack. Another 14 percent experienced both. What’s worse is that these health providers don’t feel prepared for these attacks. The report found healthcare “is still intimidated by ransomware.”

The Office of Civil Rights (OCR) has warned about the dangers of DDoS attacks on healthcare organizations; in one incident, a DDoS attack overloaded a hospital network and computers, disrupting operations and causing hundreds of thousands of dollars in losses and damages.

[You may also like: 2018 In Review: Healthcare Under Attack]

Why Healthcare?

The healthcare industry is targeted for a variety of reasons. For one thing, money. By 2026, healthcare spending will consume 20% of the GDP, making the industry an attractive financial target for cyber criminals. And per Radware’s report, the value of medical records on the darknet is higher than that of passwords and credit cards.

And as my colleague Daniel Smith previously wrote, “not only are criminals exfiltrating patient data and selling it for a profit, but others have opted to encrypt medical records with ransomware or hold the data hostage until their extortion demand is met. Often hospitals are quick to pay an extortionist because backups are non-existent, or it may take too long to restore services.”

[You may also like: How Secure is Your Medical Data?]

Regardless of motivation, one thing is certain: Ransomware and DDoS attacks pose a dangerous threat to patients and those dealing with health issues. Many ailments are increasingly treated with cloud-based monitoring services, IoT-embedded devices and self or automated administration of prescription medicines. Cyber attacks could establish a foothold in the delivery of health services and put people’s lives and well-being at risk.

Recommendations

Securing digital assets can no longer be delegated solely to the IT department. Security planning needs to be infused into new product and service offerings, security, development plans and new business initiatives–not just for enterprises, but for hospitals and healthcare providers alike.

To prevent or mitigate DDoS attacks, US-Computer Emergency Readiness Team (US-CERT) recommends that organizations consider the following measures:

  • Continuously monitoring and scanning for vulnerable and comprised IoT devices on their networks and following proper remediation actions
  • Creating and implementing password management policies and procedures for devices and their users; ensuring all default passwords are changed to strong passwords
  • Installing and maintaining anti-virus software and security patches; updating IoT devices with security patches as soon as patches become available is critical.
  • Installing a firewall and configuring it to restrict traffic coming into and leaving the network and IT systems
  • Segmenting networks where appropriate and applying security controls for access to network segments
  • Disabling universal plug and play on routers unless absolutely necessary

Read “The Trust Factor: Cybersecurity’s Role in Sustaining Business Momentum” to learn more.

Download Now

Security

Cities Are Under Attack. Here’s Why.

June 25, 2019 — by Mark Taylor0

Ransomware-960x615.jpg

Greenville, North Carolina. Imperial County, California. Stuart, Florida. Cincinnati, Ohio. These are just a handful of cities and counties across the U.S. that have experienced crippling cyber attacks in recent months.

In 2019, local governments across the country have become the focus of attacks and face a growing threat of cyber attacks and escalating ransom demands. Indeed, ransomware is a pandemic in the United States, and hackers are increasingly going after larger targets instead of focusing on home computers, like most did five years ago.

[You may also like: Cities Paying Ransom: What Does It Mean for Taxpayers?]

The Vulnerabilities

Generally speaking, cities and municipalities are less prepared than companies to mitigate cyber attacks, due to limited resources and difficulty competing for cybersecurity talent. They are also increasingly reliant on technology to deliver city services. This, combined with aging computer systems, enlarges their attack surfaces.

And attackers are also getting more savvy. Per CSO Online, “There’s a constantly growing threat of exploitation either through investment from state-sponsored actors to the commoditization of very sophisticated attack techniques that are easy to use for inexperienced hackers. Ransomware isn’t new. It’s just how it’s been packaged up and how it’s being leveraged operationally by the hacker community.”

Why Cities and Municipalities?

Whether attacks on cities are increasing or merely just coming more to light now, it’s clear that they’re attractive targets for attackers.

This rationale is reinforced in Radware’s 2018-2019 Global Application & Network Security Report. According to the report, 52% of cyberattacks were motivated by financial or ransom purposes, far outpacing any other attack motivation. What’s more, government (cities and municipalities) are key targets, with 45% of government organizations being attacked on a daily or weekly basis.

[You may also like: How Cyberattacks Directly Impact Your Brand]

Simply put, the combination of constrained resources, data- and information-rich environments, countered by increasing automated attacks and attack types make cities and municipalities a high-value target for cyber criminals.

There’s no denying that in cities and municipalities, the pressure is on. Securing the constituent experience against cyberattacks is no longer just the responsibility of the IT department. Agencies need to implement security strategies–in every process and program–as if their very survival depends on them.

It only takes one data breach to compromise and expose constituent personal information or hobble critical services such as emergency response, public safety, air travel and more.

Recommendations

While it’s impossible to eliminate every risk or neutralize every threat, there are practical and minimal effort controls every city and municipality should consider. And tools alone don’t provide complete protection; a truly secure experience involves expert resources (threat intelligence), flexible deployment (cloud service), and agility or ease of use (fully managed).

[You may also like: Here’s How You Can Better Mitigate a Cyberattack]

When choosing the right security partner, which is critical for cities and municipalities, consider the following:

  • Evaluate protection for all web applications. Look for always-on and fully-managed services to protect both on-premise and cloud-based applications.
  • Evaluate risk from new DDoS attack types. Many organizations rely on their ISP and firewalls to detect and mitigate DDoS attacks. But DDoS attacks are growing and targeting applications, and application attacks are rarely detected by ISPs. 
  • Evaluate firewall DDoS protection. Attacks can fill state tables and bring down your firewall. 

The attack trends will persist in the foreseeable future, and all signs point to financial motivation gaining, thereby pushing attackers to try to profit from malicious malware. Of particular concern is the possibility of hackers investing their profits to leverage machine-learning capabilities to find ways to access and exploit resources in networks and applications.

Be prepared.

Download “Hackers Almanac” to learn more.

Download Now