Brookside ENT and Hearing Center in Battle Creek, Michigan, is closing its doors after experiencing a ransomware attack in which hackers locked the files and demanded $6,500 for the decryption key to restore access to their files. The partners decided not to pay the ransom because they had no guarantee the files would be returned, or that the hackers would not ask for more money.
Their decision resulted in the cybercriminals wiping out their computer system, which included all their patient records, appointment schedules, and payment information. It’s not clear how the practice managed its IT systems, but this is precisely the type of circumstances managed IT services aims to avoid.
IT Risks for Medical Practices
This experience highlights how cybercrime is exploiting the healthcare sector, and a March 2019 research report from Beazley Breach Response Services suggests not only is it the most-targeted industry, but that small businesses were hit with 71% of the ransomware attacks in the past year. Medical records are valuable for hackers, who make big profits by selling them on the Dark Web.
One of the biggest mistakes a medical, dental or veterinary office can make is to assume it’s too small to be targeted. Automated attacks are simple and cost nothing for hackers to send to vast numbers of companies including smaller businesses, which typically don’t have measures in place to withstand them. This makes small business a “path of least resistance,” even if they aren’t what could be considered a large score. Having managed IT services in place can help practices to mitigate the risks of being a victim.
Reasons for Increased Risk Levels
So, why exactly is the risk so high for smaller healthcare companies? Firstly, the convergence of IT (information technology), IoT (Internet of Things), and OT (operational technology devices) make it difficult for the industry to manage the wide range of network security risks. The numbers of IoT and OT devices are rapidly increasing, but traditional IT still provides the most vulnerable attack opportunity, according to a May 2019 report from Forescout Technologies. This is based on surveying 1,500 medical VLANS with almost half a million devices between them.
The report showed 71% of the Windows devices were running older Windows versions, with Microsoft support that expires in January 2020. A percentage of operating systems were already unsupported, leaving them at risk of exposing vulnerabilities and impacting the practices’ regulatory compliance. In addition, 85% of the devices running Windows on medical networks had their Server Block Messaging (SMB) protocol turned on, which offers uncontrolled access for attackers to get beyond the initial security measures and move around unless the practice has managed IT services that specifically address this risk.
GoldBrute and Other Evils
A new botnet nicknamed “GoldBrute” is using credential-stuffing measures to attack Windows machines vulnerable as a result of exposed Remote Desktop Protocol connections. While it hasn’t yet been determined what the botnet group’s final goal is, we do know GoldBrute is currently employing brute force to attack approximately 1.5 million servers that fall into this category.
Then there’s Evil Clippy, which creates malicious Office documents that deliver malware when opened by a user. It usually works by sending a well-worded email that promotes an attachment embedded with the malware to a user in the targeted organization. The same principle forms the basis of programs like Trickbot, Emotet, and applications delivered by groups such as the ever-improving Fancy Bear.
Human Life on the Line
In many instances, the ability to access information and devices that serve medical purposes puts human life on the line. In March 2019 the U.S. Department of Homeland Security issued an alert about vulnerabilities in 16 different models of Medtronic implantable defibrillators, including a number that are still on sale globally. These vulnerabilities, which also impact bedside monitors that collect data from the hardware used by doctors, include unauthorized access control and cleartext transmission of sensitive healthcare information.
Methods to Protect Your Practice
Given the amount of time, expertise and effort it takes to keep a medical office’s systems secure and operating at maximum efficiency, managed IT services are a concrete method of protecting your practice. Qualified service providers not only help keep your systems updated and your data secure, but can ensure faster responses to problems, reduced downtime for maintenance and higher staff productivity. These also help to keep your business agile and improve your return on investment—all options that competitive medical offices really can’t afford to ignore these days.