March 05, 2021
Note: This article originally appeared in the February 2021 issue of AABB News, a member benefit of AABB.
By John W. Link
Cybersecurity has been the subject of increasing attention following the massive Solarwinds cyber-intrusion that infected hundreds of government and commercial systems. Even though facilities throughout the world are spending more money and resources to protect themselves from cyberattacks, they are, in many ways, less secure.
Medical and health care-related facilities may be at particular risk for cyberattacks. "Cyberattacks on health care providers are expected to triple next year," according to Black Book's November 2020 “State of the Healthcare Industry Cybersecurity Report.” "Cybersecurity threats are now four times more likely to be targeted on health care than any other industry," said Brian Locastro, lead researcher.
To keep data and systems safe in hospitals, blood centers and cellular therapy centers, it is critical to understand how cyber intrusion works and how users in the transfusion medicine and biotherapies community can limit it. Although it would not be possible to prevent all cyberattacks, there are ways to reduce the risk, reduce exposure and impact, and help facilities respond to these events more effectively.
Those who penetrate information systems are called “hackers.” Because of different motives and behaviors, there is a designation that alludes to old Hollywood westerns. “Black Hat Hackers,” also called “crackers” for this article, penetrate systems for criminal and destructive ends. Most are driven by the desire for money, whether through data theft or ransomware. Others may focus on the destruction or disruption of systems for national strategic or political ends. “White Hat Hackers,” also called “Ethical Hackers” for this article, break into systems to help fix their weaknesses. There is an actual profession and certification of "Ethical Hackers," paid to break into systems to find security flaws. “Grey Hat Hackers” break into systems for the challenge and thrill. Many hackers shift from one hat to another over their lifetime.
"The No. 1 threat to the information systems of the medical community is ransomware — and the number two threat barely registers," according to Chip Block, VP and Chief Solution Architect at Evolver, a converged security solutions company. Ransomware is a class of malware that encrypts or blocks the information system's critical applications and data. Hospitals have become a favorite target of ransomware attacks because taking a hospital information system offline during a crisis puts patients’ lives in danger, making the ransom more likely to be paid. These ransomware crackers demand a ransom scaled to what the hostage hospital or blood bank will likely pay. An electronic "ransom clock" ticks away with the message to pay the ransom or permanently lose the data and networks.
According to Block, "Rural hospitals are increasingly being targeted because they are typically easier targets and have fewer options to protect their patients since the nearest hospital might be a hundred miles away." This forces rural hospitals to weigh paying the ransom or put the patients' lives and health in jeopardy, incur the cost of system restoration, and risk civil liability from not paying the ransom. If they pay the ransom, the crackers provide the key to decrypt and release the hostage system.
There is a very mature information cybercriminal "business model" composed of crackers that penetrate information systems and steal Personal Identifiable Information (PII), such as credit card numbers and/or medical records. While many crackers sometimes exploit the information themselves, many sell it on the Dark Web, a shadowy information system for criminal activity and underground political organizing. Both groups use PII, medical records or other information to engage in medical fraud, getting loans in others' names, stealing from bank accounts or using credit cards via compromised credentials. Many of those who exploit the data now hire crackers for a fee as subcontractors.
Terrorists or State Actors
A terrorist or nation-state cyber-attack could shut down the electrical grid or other designated aspects of national infrastructure. AABB members provide services to two parts of the national infrastructure in the United States: emergency services, and health care and public health. In a cyber-war, the national infrastructure elements could be potential targets for cyberattacks from national cyber forces.
After Sony Pictures released a satirical movie about North Korea leader Kim Jong-un, North Korea unleashed a unit of cyber-attackers who destroyed the Sony IT infrastructure and accessed the company’s intellectual property, including films in production. The North Koreans then released hundreds of Sony Pictures’ internal emails, some of which led to secondary scandals. Attacks from terrorists or state actors is a low probability but high impact threat.
Hacktivists are mostly hackers who penetrate systems for political or ideological reasons and are a very low level threat. The most famous hacktivist group is "Anonymous," but others may emerge around medical policy issues. They tend to steal and disclose embarrassing information, deface websites with political content, or redirect users to other sites.
Targets for Intrusion
Larger hospitals hold many medical records and PII but tend to be more secure. Blood centers and cellular therapy facilities have a fair number of medical records and PII but tend to be easier targets. Hospitals, especially those in rural areas, may be the likeliest targets for ransomware attacks. The prize targets for those looking to steal data are folders and databases of medical information. Those looking to ransom the systems will look to encrypt databases or controls of networks and medical technology.
Methods of Entry
Users need to be aware of the ways that crackers get inside computers and systems. Typically, the initial targets for crackers are user credentials, followed by stealing system administrator credentials and privileges to gain system access and control. Each user in the network is a potential entry point for the crackers. Crackers use several techniques to get inside user's computers or to get their credentials:
Protecting Yourself and Your Organization
Experts warn, “Please think before you click,” and this advice should be followed whether it is an unknown email, a web link or a pop-up dialog box. It may be fine, but cyber-attackers are counting on our inattention, misplaced trust, compliance and fear. For example, some adware will superficially infect a user’s browser, redirecting it to certain web pages. Then, a box or page pops up telling the user that their computer is infected with a virus and professes to be the Microsoft or Apple support desk, offering to sell anti-virus software as protection. By not clicking on any link or buttons and shutting down, a user may remove the adware from the browser before it infects their computer’s system.
Below are some specific actions and techniques that
can help users prevent cyber-intrusions:
Signs You Have Been Hacked
These are symptoms of being hacked but are not necessarily diagnostically conclusive:
Your Response to Being Hacked
Ponto, Cole (2018 August 9) An Intro to the Dark Web SBS Cyber https://sbscyber.com/resources/an-intro-to-the-dark-web
Rubens, Paul (2017 July 27) How does ransomware work? Understanding the economics CSO Online https://www.csoonline.com/article/3211305/how-does-ransomware-work-understanding-theeconomics.
Black Book Research (2020 November 13) Attacks Predicted to Triple in 2021, Black Book State of Healthcare Industry (Press Release) Retrieved https://www.prnewswire.com/news-releases/attackspredicted-to-triple-in-2021-black-book-state-of-the-healthcareindustry-cybersecurity-industry-report-301172525.html