Why cybercriminals are targeting Hospitals during COVID-19
The world has ground to a halt amidst the current coronavirus crisis. But this hasn't stopped cyber criminals from attacking organisations - to the contrary! Bad actors are identifying healthcare systems as a particularly desirable target with hospitals in Spain, France, the Czech Republic and Israel all having suffered known cyber attacks since the start of the pandemic. Interpol recently released a global alert to healthcare organisations warning that criminals are attempting to use ransomware attacks to lock users out of their own systems. It may only be a matter of time until a UK hospital is affected - and even just one such attack would be devastating to the NHS at this point in time.
A sector under attack
The healthcare sector has always been vulnerable to cyber-attacks. We saw this most prominently in May 2017 when the WannaCry ransomware attack paralysed parts of the NHS. Research from last year revealed, there are now more connected medical devices in hospitals than ever before, the large majority of which are patient tracking/identification systems and infusion pumps. Every device is a potential entry point for bad actors wanting to cause chaos. Sometimes these attacks are intended to achieve financial gain, and sometimes cyber criminals just want to disrupt operations. Either way, patients are almost always the ones that suffer from the fallout of these attacks.
The global pandemic has only exacerbated the problem. The cyber defences of any organisation are only ever as effective as the weakest link within its network. Both the surge of patients in hospitals and the growing number of staff coming out of retirement to help cope with the pandemic inevitably lead to an increase in devices connected to hospital networks. Add to that the additional number of connected medical equipment that is needed to treat patients and the picture becomes clear: The number of devices in hospitals has skyrocketed.
New devices come with new vulnerabilities
Laptops, tablets and smartphones, amongst other personal devices, can be the perfect vehicles for bad actors to break into systems as they are not held to the same standard of security checks as corporate devices and might have already been compromised before they even join a network. This leaves a network's cyber defences looking like swiss cheese - full of holes - which bad actors are only all too happy to take advantage of.
Although personal devices are coming onto the network sporadically and create security headaches, new medical devices are also vulnerable to attacks. With so many companies banding together to help defeat the virus by donating or quickly building ventilators, there will be hundreds, even thousands of new devices connecting to hospital networks. The BBC TV show Holby City, for example, had real ventilators on set and has now donated them to the NHS. Although these machines will save lives, they could potentially be the cause for a major cyber-attack and a way in for bad actors trying to cripple the health system. In a life or death situation, hospital IT teams simply don't have the luxury of time to ensure medical devices are running the latest operating systems and are fully patched.
Visibility and control are key
But what can IT professionals in hospitals do to keep up with the flurry of new devices being added to their networks every day, and ensure there are no vulnerabilities bad actors can exploit?
WannaCry, like most ransomware attacks, took advantage of unpatched systems from an old Windows vulnerability, which allowed bad actors to breach the system and move laterally through the network to disable multiple devices and paralyse the NHS. As IT teams struggle to keep up with all the new devices being connected to hospital networks, they need to ensure that they have a solution in place which allows them to have a holistic view of all devices, the operating systems they are running on and whether they have installed the latest updates or not. Such solutions can track the devices, automatically identify unpatched or suspicious devices, and remotely run updates or lock devices out of the network until they are safe again.
It is simply impossible to take entire hospital networks offline at this stage and secure them from the ground up. So, having full visibility and control of all devices on a network is the only way IT teams can properly protect the organisations they work for - especially at times of crises.
The NHS is working incredibly hard to keep the country on its feet and protect people's lives. They are doing a tremendous job and the last thing anyone needs in these difficult circumstances is a cyber-attack that paralyses the service. Even if it might not be front of mind with everything that is going on, it's probably more important now than ever for hospitals to have a conversation about their cyber security defences.
By Myles Bray, VP of EMEA, Forescout
Dubai's new smart neuro spinal hospital: need to know
We take a look at Dubai's new smart hospital.
What: The Neuro Spinal Hospital and Radiosurgery Centre is a new hospital featuring state-of-the-art technology for spinal, neurosurgical, neurological, orthopaedic, radiosurgery and cancer treatments. The 700 million AED hospital, (equivalent to £138 million), has 114 beds, smart patient rooms, and green spaces for patient rehabilitation, and is four times the capacity of its former premises in Jumeirah. It is also the UAE’s first hospital to have surgical robots.
Where: The hospital is located in the Dubai Science Park. Founded in 2005, Dubai Science Park is home to more than 350 companies from multinational corporations in life sciences, biotechnology and research; over 4,000 people work here each day.
Who: The UAE's Neuro Spinal Hospital and Radiosurgery Centre was first established in Jumeirah in 2002 by Dr. Abdul Karim Msaddi, as the first as the first "super-specialty" neuroscience hospital.
Why: With advanced diagnosis and robotics, the hospital will provide care across neuroscience, spine, orthopaedics and oncology for people residing in the UAE, as well as international patients.
Prof. Abdul Karim Msaddi, Chairman and Medical Director of the hospital, said: “We are proud to bring world-class healthcare services to Dubai and believe our next-generation hospital will be a game-changer for the emirate’s and the region’s medical industry.
"It will not only significantly increase the availability of specialist neuroscience and radiosurgery treatments and provide better patient care but help attract and develop local and international talent. Investing in the new centre represents our continued faith in the resilience of the region’s economy, as well as a testament to our ongoing drive towards healthcare innovation in the UAE.”