Brookside ENT and Hearing Center in Battle Creek, Michigan,
is closing its doors after experiencing a ransomware attack in which hackers locked the
files and demanded $6,500 for the decryption key to restore access to their
files. The partners decided not to pay the ransom because they had no guarantee
the files would be returned, or that the hackers would not ask for more money.
Their decision resulted in the cybercriminals wiping out
their computer system, which included all their patient records, appointment
schedules, and payment information. It’s not clear how the practice managed its
IT systems, but this is precisely the type of circumstances managed IT services
aims to avoid.
Risks for Medical Practices
This experience highlights how cybercrime is exploiting the
healthcare sector, and a March 2019 research report from Beazley Breach Response Services suggests not only is it the most-targeted industry, but that small
businesses were hit with 71% of the ransomware attacks in the past year.
Medical records are valuable for hackers, who make big profits by selling them
on the Dark Web.
One of the biggest mistakes a medical, dental or veterinary
office can make is to assume it’s too small to be targeted. Automated attacks
are simple and cost nothing for hackers to send to vast
numbers of companies including smaller businesses, which typically don’t have
measures in place to withstand them. This makes small business a “path of least
resistance,” even if they aren’t what could be considered a large score. Having
managed IT services in place can help practices to mitigate the risks of being
for Increased Risk Levels
So, why exactly is the risk so high for smaller healthcare
companies? Firstly, the convergence of IT (information technology), IoT
(Internet of Things), and OT (operational technology devices) make it difficult
for the industry to manage the wide range of network security risks. The
numbers of IoT and OT devices are rapidly increasing, but traditional IT still
provides the most vulnerable attack opportunity, according to a May 2019 report from Forescout Technologies. This is based on surveying 1,500 medical VLANS with almost half a
million devices between them.
The report showed 71% of the Windows devices were running
older Windows versions, with Microsoft support that expires in January 2020. A
percentage of operating systems were already unsupported, leaving them at risk of exposing vulnerabilities and
impacting the practices’ regulatory compliance. In addition, 85% of the devices
running Windows on medical networks had their Server Block Messaging (SMB)
protocol turned on, which offers uncontrolled access for attackers to get
beyond the initial security measures and move around unless the practice has
managed IT services that specifically address this risk.
and Other Evils
A new botnet nicknamed “GoldBrute” is using credential-stuffing measures to attack Windows machines
vulnerable as a result of exposed Remote Desktop Protocol connections. While it
hasn’t yet been determined what the botnet group’s final goal is, we do know
GoldBrute is currently employing brute force to attack approximately 1.5
million servers that fall into this category.
Then there’s Evil Clippy, which creates malicious Office
documents that deliver malware when opened by a user. It usually works by
sending a well-worded email that promotes an attachment embedded with the
malware to a user in the targeted organization. The same principle forms the
basis of programs like Trickbot, Emotet, and applications delivered by groups such
as the ever-improving Fancy Bear.
Life on the Line
In many instances, the ability to access information and
devices that serve medical purposes puts human life on the line. In March 2019
the U.S. Department of Homeland Security issued an alert about
vulnerabilities in 16 different models of Medtronic implantable defibrillators, including a number that are still on sale globally. These
vulnerabilities, which also impact bedside monitors that collect data from the
hardware used by doctors, include unauthorized access control and cleartext
transmission of sensitive healthcare information.
to Protect Your Practice
Given the amount of time, expertise and effort it takes to
keep a medical office’s systems secure and operating at maximum efficiency,
managed IT services are a concrete method of protecting your practice.
Qualified service providers not only help keep your systems updated and your data
secure, but can ensure faster responses to problems, reduced downtime for
maintenance and higher staff productivity. These also help to keep your
business agile and improve your return on investment—all
options that competitive medical offices really can’t afford to ignore these