David Finn was recently interviewed by Maureen McKinney at Phreesia about emerging security threats and keeping your healthcare organization protected. Below is the full interview.
Maureen: David, What are some of the cybersecurity threats that you’ve seen emerge recently?
David: We continue to see a lot of ransomware attacks hitting healthcare organizations, as well as denial of service attacks and other types of threats. These attacks sometimes wane and then increase in frequency, but they do not go away.
The biggest one we’re currently seeing is dubbed Orangeworm, which is actually the name that’s been given to the group behind the attacks. Orangeworm has targeted several industries, including manufacturing, but healthcare seems to be its biggest target. Their approach is to use a Trojan back door to access a computer or device, collect information and assess whether the user is a high-value target. If it is, the hackers can create a backdoor to infect other users.
In 2017, we also saw the first attacks on biomedical devices as a target, not just because they got in the way.
Maureen: Why do attackers like Orangeworm focus on healthcare organizations?
David: Unfortunately, people attack healthcare because it is often easy to attack. It’s not well-protected or well-defended and healthcare as an industry has not invested adequately in people or dollars to prevent these kinds of attacks.
Some providers and business associates have done a really great job, but we are on a continuum and you’re only as strong as your weakest link. You might have a health system with great security practices, but the moment they connect to a network doctor or a vendor that doesn’t have those protections in places, they’re vulnerable.
Maureen: With those vulnerabilities in mind, what are some of the specific steps healthcare organizations can take to protect themselves from cybersecurity threats?
David: As much as possible, every connection has to be looked at separately. We need basic good cyber hygiene, including good passwords. We still see people not using passwords on some systems, including on mobile phones. We also see a lot of remote access without multifactor authentication. Multi-factor authentication used to be clunky and difficult, but now it’s much easier. Accounts with special privileges should always have multifactor authentication and so should any remote access. You also need to make sure antivirus programs are up-to-date and working. Basic, fundamental stuff goes a long way.
When we recently looked at all of the clients we had assessed over the previous year, physician practices had among the lowest ratings, especially in terms of response and recovery. A huge step in the right direction would be to have disaster response and recovery protocols in place for when computer systems go down—and regularly review and document those procedures. Outages can be caused by cybersecurity attacks, such as ransomware, so it’s critical to have backups and redundancies in place. You need to be prepared.
Visit Phressia’s website to read the full blog post: https://www.phreesia.com/2018/05/14/blog-emerging-security-threats-keeping-your-healthcare-organization-protected/