Advanced Persistent Threat groups (APT) continue to use unique and sophisticated techniques in order to compromise healthcare organisations throughout Europe and the rest the world. The global pandemic, which has been a major concern over the past year, has raised more interest in APT actors to both gather information on Covid-19 and use the disruption to cover their activities.
New methods of attack are being used against the healthcare industry. New waves of attack have led to threats against the European Medicines Agency and disruptions to hospitals via ransomware. There are also concerns about weakening in the vaccine supply chain.
According to theJoint alertOfficials reported an increase in Coronavirus-related password-spraying campaigns last year according to the UK National Cyber Security Centre and Department of Homeland Security Cybersecurity Agency (NCSC). These attacks can only be detected by a comprehensive holistic view of networks that allows for detection, mitigation, and a reduction in response times.
Security and monitoring of medical devices is vital for patient well-being. Hospital security operations teams have to be very careful. To overcome the threat posed by APT groups, there is a growing demand for comprehensive detection and response systems in the healthcare industry.
The healthcare sector is under threat
A variety of malicious attacks, including phishing emails or password spraying, have been linked to APT group responsible for healthcare disruptions. Ransomware, doxware, and other threats to privacy have increased. Ransomware is no longer a common malware strain that targets home users but has become a powerful and deadly tool in the arsenal for advanced threat groups.
Protecting the healthcare sector against advanced threats is the biggest challenge. The environment is unique and complex. Healthcare providers may have a lot of sensitive information. They may also run large campus-style organisations and often have both commodity and specialised software. Others in the industry may have intellectual property of significant value that could be of interest to both criminals as well as nation-state actors.
Healthcare organizations are vulnerable to a variety motives and may be targeted or attacked by many types of attackers. APT groups have targeted healthcare sectors that are involved in Covid-19 national and international responses. Targeting clinical trials data or research data is a common target for nation-state threat actors.
Healthcare sector must understand the importance of cybersecurity in patient healthcare and take a proactive approach to cybersecurity. Security analysts will have a better chance at identifying the threat actor activity early enough in the kill-chain.
Combating an evolving challenge
Threat actors are always looking for weaknesses in people or processes. The threat landscape is constantly changing. As more health information is digitalized and tele-health services increase in popularity, the attack surface increases and the payoff for threat actors increases.
Many organisations, especially in the public sector may be facing budget constraints due to the increasing threat of persistent threat actors and larger attack surfaces. It is not an easy decision to make. But, the current landscape may force you to make it.
Visibility is an essential part of a comprehensive cybersecurity strategy. It is not enough to deploy preventative technologies and hope it will work. Continuous monitoring of the environment is essential and will allow for multiple detection and response options.
A SIEM platform provides the foundation for this ongoing monitoring. It gives a single pane view of the entire environment, including legacy systems and cloud-based options. The SIEM platform can also be used to perform analytics, search, reporting, and analysis. It can highlight individual events or changes that may indicate that an attack is in progress. This is key to reducing time to detect an SIEM. A key element of a successful security program is to reduce the time it takes to detect. After all, dwell time is the best friend of threat actors.
Securing the healthcare environment
Healthcare IT environments are becoming more complex. APT groups will continue exploiting the weaknesses in the ever-changing industry. Healthcare security teams must keep up-to-date with the latest threats to the medical sector and be ready to act quickly.
Healthcare organizations must be prepared to detect and respond to threats to avoid the many consequences of sophisticated attacks that are becoming more common. Security-first is the goal.
The post Advanced persistent threat risks: Creating a security-first healthcare environmentThis article was first published on LogRhythm.
*** This is a Security Bloggers Network syndicated blog from LogRhythmLaura Halls authored this post. You can read the original post at: https://logrhythm.com/persistent-threat-security-first-healthcare/
