THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
There is a growing concern about the increasing number of attacks targeting healthcare service providers and hospitals across the country. Whether it is regional or national health systems, or an area hospital with only a small number of facilities. These organizations are continuing to be targeted by attackers, who are looking to take advantage of their lack of security. Ransomware Attacks The current method of compromise is by targeting an organization with phishing emails and then infecting systems with ransomware. Once this is accomplished, it is simply waiting for the ransom to be paid before the data is unencrypted. With the increasing number of successful attacks taking place, it no wonder that attackers are taking advantage of this environment. The attackers are being paid due to the healthcare providers not wanting word to get out about the compromise of their systems. It’s easier for company to just pay the attacker and get back to work than to do all of the forensics that is needed in order to track down what happened. In most cases, the later part happens after the fact. While the healthcare provider just wants to get things back to normal as quick as possible, doing so quickly after an attack can cause a loss in potentially valuable forensic data that could be used in a court case, if one is ever brought against an attacker. Soft Targets One of the reasons that healthcare providers are targeted is because they are a soft target for attackers to target. The healthcare industry in recent years is going through its own technology revolution. This increase in technology has also provided more ways for potential attackers to compromise their networks. Whether it is the increased number of new technologies being used, or the patching together of old network systems. Additionally, the lack of IT Security Professionals in the industry has only recently began to be addressed. Some organizations have been doing this rapidly, but others continue to lag behind. Without a dedicated staff to address security issues within the organization, they will have a lapse in the effectiveness of their security controls. Most healthcare providers are still trying to solve security issues with Network Admins or Engineers. Valuable Data
The reason that healthcare providers are going to continue to be targeted for potential attacks is that the information that they have is valuable to an attacker. The information that is contained on the hospital network may provide the following information:
Prevention of Attacks No matter what preventative measures you put into place, if an attacker wants to get into your computer network, they will. The goal is to make it too costly for them to do so. There are a number of strategies to accomplish this:
Note: The above list was in no particular order, but was a list of areas that organizations should focus on in order to prevent potential attacks. The organization will have to make an effort to shore up their defenses in order to meet this continuing threat. The attackers are continuing to adapt to the improved security measures, but making sure that they are actively managed and supported by leadership is going to be important for them to be effective in the long term. Summary While the outlook for the foreseeable future is one where we continue to see healthcare organizations being targeted by attackers. The hope is that the industry will take additional steps to harden their networks and infrastructure in order to prevent these threats. That’s easier said than done though. Healthcare providers will need to invest in a more robust security posture than what it is at the moment. These organizations will continue to be prime targets for ransomware attacks because when attacks occur at a hospital, you are dealing with someone’s life. The lack of data or the wrong information can cause a loss of the life of a patient. This is why it is critical that healthcare providers take seriously the threats posed by attackers against their networks. Comments are closed.
|
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|