The American Medical Association (AMA) reports that during the current COVID-19 pandemic, many physicians are working from home, using their personal computers and mobile devices to help care for patients. Medical work from home (MWFH) can lead to all sorts of cybersecurity vulnerabilities and potential HIPAA violations. Add to the mix, hackers are sensing opportunities within the “fog of war” in medical networks and using it as cover for attacks.
In an article that posted last week, Threatpost warned:
“Recent malware campaigns reveal that cybercriminals aren’t sparing healthcare firms, medical suppliers, and hospitals on the frontlines of the coronavirus pandemic. Researchers have shed light on two recently uncovered malware campaigns: one targeting a Canadian government healthcare organization and a Canadian medical research university, and the other hitting medical organizations and medical research facilities worldwide.”
Another example of this happened in the United States, on March 15, when a cyberattack hit the U.S. Department of Health and Human Services — aiming to overpower its servers as the COVID-19 crisis gathered steam. And, more recently, a hospital in Illinois that was bogged down with COVID-19 cases experienced a ransomware attack.
MSPs are on the frontlines
Hospitals and care facilities rely on a complex network of suppliers and vendors to keep the system running, most of which depend on MSPs.
Smarter MSP caught up with nationally-recognized cybersecurity expert and professor of cybersecurity at San Jose State University, Ahmed Banafa, to discuss some of the ways medical clients can be secured during this time, and what threats they face.
SmarterMSP: COVID-19 has caused a surge in telemedicine. Are there any inherent cybersecurity risks in telemedicine? How can these be mitigated?
Banafa: Telemedicine is the future, and COVID-19 just accelerated the process of acceptance and implementation; this is true for all aspects of digital transformation where COVID-19 is considered a catalyst. Keep in mind that HIPAA is one challenge for the widespread of telemedicine in the past, and it was a reason for the slowness of using it.
Telemedicine is like any application using the internet – you need to have good UX/UI, API, encryption, stable front-end, back-end design, debugging system, and patch management. Any of the points mentioned could become an access point for hackers to exploit this service.
SmarterMSP: Hospitals and clinics are on the frontlines of the pandemic, making them attractive targets for ransomware. What are some actions MSPs can take to mitigate the risk or ransomware?
Banafa: Hospitals and clinics can become victims of the “double extortion cyber threat,” which means, the bad actors steal the data and lock the computers of the facility. Next, they ask for cryptocurrency to send the key and if there is a delay, they release some of the private information of the patients until they get paid.
To mitigate this kind of attack, MSPs should help their clients keep all software up to date, employ good firewalls, and have the latest hardware. They should also train staff on good cybersecurity hygiene such as frequently changing passwords, using two-factor authentication, never clicking on links in email or opening attachments, scanning devices for spyware, and viruses, and so on. Also, don’t forget that AI can be used for cybersecurity purposes.
SmarterMSP: IoT medical devices are being increasingly relied on as hospitals push all non-essential medical work outside the facility. What are some of the cybersecurity dangers these devices pose and how can some of the risk be mitigated?
Banafa: IoT consists of four components regardless of what industry using it: sensors, network/communications (Wi-Fi, Bluetooth, Zigbee), cloud analytics/AI, and applications.
Each one of these four components comes with many risks. Sensors of vital signals, temperatures, and motion can be hijacked, and the signals altered. Networks and communications channels can be intercepted when using Wi-Fi, Zigbee or Bluetooth, and important information stolen. The same holds true for cloud servers. Applications can be another weak point if they are not designed well with a good security framework and a solid API.
SmarterMSP: Are there any other threats that MSPs with healthcare clients need to be watching out for during the COVID-19 crisis?
Banafa: In addition to all of the above, there is a new threat looming on the horizon for health institutions: the hacking of Intellectual property (IP) related to COVID-19 research. This can include information about a possible vaccine, knowing that the monetary value will be huge. These types of attacks are typically done by state-sponsored actors, or what we call advanced persistent threat (APT). These are well-known organizations to the authorities, and APT’s are actively now looking for any information about possible cures for COVID-19.
Keep in mind that research institutions and medical facilities involved in vaccine research also work with a web of suppliers, all of which have their own networks. MSPs need to be extra vigilant in defending these networks now.
Photo: TippaPatt / Shutterstock
