Digital transformation exposing healthcare’s insecure underbelly to increasingly voracious attackers

As IoT attacks join malware surge, healthcare organisations must decide whether to protect their networks or just secure their data

Australian healthcare organisations are coming up short when it comes to protecting themselves against a pummelling hail of cybersecurity attacks that increased in volume by 82 percent over last quarter, new statistics have suggested amidst warnings that the sector’s chronic underinvestment in security has well and truly caught up with it.

Derived from active monitoring of deployed sensors around the world the figures in Fortinet’s latest quarterly Global Threat Landscape Report not only warned of a surge in malware families and variants – which grew 25 percent and 19 percent quarter-on-quarter, respectively – but flagged an increase in ‘swarm cyber attacks’ that leverage the Internet of Things (IoT) devices that are rapidly becoming common in enterprises and, in particular, healthcare organisations.

Multi-vector IoT attacks were targeting multiple vectors simultaneously, with variants like Reaper relying on development frameworks such as the Lua engine that have made IoT-targeting attacks much more flexible and adaptive than in the past; IoT botnets comprised three of the top 20 attacks identified during the quarter.

“The volume, sophistication, and variety of cyber threats continue to accelerate with the digital transformation of our global economy,” said CISO Phil Quade in a statement. “Cybercriminals have become emboldened in their attack methods as they undergo a similar transformation, and their tools are now in the hands of many.”

Better controlling access to sensitive healthcare information will become even more important as government-led transformation initiatives continue to consolidate sensitive data into large databases.

This month, for example, the Sydney Children’s Hospitals Network (SCHN), eHealth NSW and Australian Digital Health Agency announced a partnership that will establish a National Children’s Digital Health Collaborative comprising around 400 clinicians, consumers, IT experts, and researchers across the country.

The initiative will, SCHN chief executive Dr Michael Brydon said, give each child a “comprehensive digital health record from the time they are conceived”.

Such efforts may improve healthcare outcomes, but they are also certain to create tempting new targets for historically under-investing organisations in healthcare – that have been repeatedly proved vulnerable to the point that many are looking for new ways to store and share data within the confines of a secure workspace.

The Melanoma Institute of Australia, for one, recently announced it was shunting many of its clinicians and researchers onto a secure collaboration environment built on the BlackBerry Workspaces secure file storage and collaboration platform.

Adopting the secure-workspace model offered a way of protecting critical patient and other healthcare data whilst isolating it from underlying networks that had lost their status as secure, BlackBerry global healthcare industry lead Sara Jost told CSO Australia.

“Hackers realise how much patient files are worth, and they have realised how vulnerable healthcare is,” she explained. “They are attacking an easy target. This is why there is a trend towards securing the data instead of securing the network: it will help mediate the risk, because it is very hard to stay ahead of hackers’ knowledge of infiltrating a network.”

Adoption of alternative security strategies was also proving to be a critical step in helping practitioners leverage the benefits of digital transformation – which has in many cases languished within healthcare organisations because of an overriding, pervasive fear that digital healthcare and collaboration are too hard to secure at the moment.

“I see [security] as a barrier for how we are innovating in healthcare,” Jost said, “because we are telling clinicians to not collaborate because we are scared of the risks. That is a scary thought, when it could be affecting innovative changes of care that would help patient outcomes.”

BlackBerry has been redoubling its efforts to leverage its core security technologies in ways conducive to mobile working, with data-protection and encryption tools offering an alternative to conventional efforts based on the idea of outwitting attackers for impenetrable network security.

Other healthcare companies are putting their faith in better network and application-layer security tools, with a recent analysis by GlobalData noting that 79 percent of pharmaceutical companies are currently investing in identity and access management (IAM) solutions and 72 percent are considering an investment in the technologies within the next two years.

Tags Internet of Things (IoT)

Show Comments