CyberSecurity Gaps: Healthcare and Telehealth are new hot spots for Cyber-attacks
Healthcare Cyber Threats and Vulnerabilities to Watch
Cybersecurity post – Cyber threats and vulnerabilities in healthcare include BrekTooth, Conti Ransomware, and Medusa/Tanglebot.
Healthcare Cybersecurity Coordination Center’s (HC3) monthly bulletin alerted healthcare providers to the top healthcare cyber threats and vulnerabilities to watch out for. The group said that the BrakTooth vulnerability, Conti ransomware group, and Medusa/TangleBot malware continue to pose significant threats to healthcare organizations.
The BrakTooth family of vulnerabilities affect Bluetooth-enabled devices and were discovered by ASSET Research Group in August. Through these vulnerabilities, bad actors can launch Denial-of-Service (DoS) attacks on laptops, smartphones, and other Bluetooth devices.
Based on preliminary findings, BrakTooth vulnerabilities could affect over 1,400 product listings. A DoS attack could disable Bluetooth connections and crash device firmware, making this vulnerability a significant threat to the healthcare sector. HC3 recommended healthcare organizations reach out to Information Sharing and Analysis Organizations (ISAOs).
In the healthcare sector, Conti ransomware is a known threat. Conti released two healthcare data dump on the dark web in February and has since perpetrated 400 cyberattacks against US and international healthcare facilities. Cybersecurity and Infrastructure Agency (CISA), FBI, and National Security Agency (NSA) issued advisory alerting organizations of the group’s capabilities.
The malware Medusa/TangleBot continues to pose a threat to healthcare organizations as well. The malware is spread via SMS and hackers are known to send malicious links related to COVID-19 to Android users. Upon clicking the links, the malware is installed and data is collected. Internet, GPS, and call logs can be accessed by the malware.
This is problematic if a healthcare worker’s mobile work device is compromised, as once the malware is installed, it can be difficult to detect and remove.
At the moment, Android warning messages appear to be the best option available to protect mobile devices from infection. HC3 recommends making enterprise Android device users aware of this threat and requiring them to only click links or download reputable applications.
In the healthcare industry, virtual private network (VPN) services were hardened because VPNs are frequently used as entry points into protected networks. VPN technologies are used in telemedicine and patient information access in the healthcare sector.
Furthermore, a new vulnerability in Microsoft Azure’s Active Directory implementation puts the healthcare industry at risk, as it allows single-factor brute-forcing of an Active Directory instance without authentication. The vulnerability remains unpatched at the moment.
Since Microsoft Active Directory technology is ubiquitous and heavily used in the health sector, this vulnerability will likely impact the health sector.
Since this vulnerability can be exploited with little chance of detection, administrators and network defenders are left with little visibility into an attacker’s activities.
Some of these vulnerabilities have since been patched in Microsoft, Adobe, Cisco, Apple, and Google. It is more important than ever to remain vigilant against healthcare’s top cyber threats as cyberattacks continue to rise.
Cybersecurity for telehealth
Everyone has benefited from the digital age response, especially businesses and enterprises, from mobile banking and health consulting to online shopping and reading books. Everything is just one click away, it is fair to say that everything has a price, the more you connect to digital assets, the greater the risk of the security of your sensitive information. The question is, how do companies access this sensitive data and combat these threats?
Cybersecurity, of course.
Therefore, let us learn what cybersecurity is and how it will affect teleconsultation.
Cybersecurity in health care: what is it?
In technical terms, cybersecurity refers to a set of technologies, practices designed to protect networks, computer systems, and data from attack or unauthorized access, or misuse of authorized assets. A cybersecurity program aims to reduce the risk of cyber-attacks and protect organizations and individuals from the intentional exploitation of security vulnerabilities in systems, networks, and technologies.
The teleconsultation on Practo is over. You are about to checkout, and you are offered cash withdrawal options with your debit or credit card or UPI. And millions of people share such sensitive information with Practo frequently. Have you ever questioned how secure it is? Each company increases its focus on data protection to promote user trust. This ranges from updated privacy policies to patents related to security to using artificial intelligence for data security.
Cybersecurity threats will continue to escalate as hackers learn to adapt to security strategies as a result of the increasing growth of the digital world. As a result, companies will be paying more and more highly qualified security professionals to safeguard their vulnerable assets from cyber attacks.
Outsourcing cyber security services for the health care industry refers to the use of certified cyber security professionals to manage your organization’s cyber security needs.
Cyber-attacks: how can Telehealth services protect themselves?
Telehealth is a boon for patients and providers alike. Telehealth makes healthcare more accessible while reducing costs. Many consumers are eager to adopt telehealth as a method of health delivery, but many platforms lack adequate data protections. Telehealth platforms do assist in protecting sensitive patient data, however. Protecting Patient Health Information (PHI) is most important since the platform that enables telehealth also creates threats to patients. Here are a few steps for privacy concerns:
- Using a VPN to access telehealth services and to access general devices.
- Maintaining HIPAA compliance to protect patient health information (PHI)
- To ensure the security of endpoints, authentication and authorization are important components of security systems.
- Encryption and other safety measures should be incorporated into telehealth platform interactions with patients.
- Educating patients about telehealth security threats allows them to update their applications frequently and restrict app permissions to what is required for app functionality.
- Take advantage of customized Cybersecurity solutions to use now for your healthcare or telehealth business
How are Cyber-Attackers targeting Telehealth and Healthcare?
- Entry points to a larger attack: In the case of a criminal organization with access to modern hospitals, the organization can seize or shut down a large hospital or a group of hospitals in the city, state, or country. This type of cyber-attack can compromise national security without provoking physical conflict.
- Financial gain: Having a health record containing private and personal information is attractive and highly valued by cybercriminals. Even if they can recover sensitive patient records from their backup systems, healthcare providers typically pay ransomware attackers because their priority is to put patients’ lives at risk.
- Easy target: Healthcare employees lack cybersecurity digital literacy, and there are insufficient regulations and enforcement mechanisms due to high vulnerability. Many medical devices are now connected to the internet of things, which means more attack surfaces for hackers. For example, 83% of medical image devices run on unsupported operating systems, many medical devices such as ventilators or robotic surgical equipment are now connected to the internet of things.
Use the Field Engineer Platform for Healthcare IT Security
By evaluating business needs and technical feasibility, the Engineer can generate deliverables for Vulnerability Management.
The online freelance marketplace is in high demand for Cyber Security Solutions Engineers. If you are looking for some great services, you should register at FieldEngineer.com. On this site, you can find highly skilled and talented freelance engineers from around the world. The site currently has 60,000 engineers from 195 countries.