Hospitals and the health-care community as a whole have become the most common and lucrative targets for cyberattacks. Many breaches are targeted and sophisticated while others are surprisingly random and simple. The Internet of Things has increased the attack surface with a host of new vulnerabilities, and an alarming number of organizations lack even the most basic cybersecurity hygiene, yet everyone is surprised when there is a breach and sensitive information is exfiltrated.
Bad actors come in all forms, with a multitude of methods, motivations, and exploits, but virtually all of them start with phishing attacks. All it takes is one click on a malicious link, and an entire organization can be infected. The initial goal of a hacker is to obtain legitimate admin credentials then move laterally throughout a network, escalating the level of privileges for access. Exfiltration of sensitive information and injecting falsified content are easy with the right access.
Strangely, the health sector as a whole offers virtually zero training on social engineering or even basic standards for a cybersecurity-centric organizational culture. Continuous education on the latest exploits and techniques used by hackers is a mandatory prerequisite to initiating an environment conducive to security. Regularly patching vulnerabilities in applications used industrywide are crucial as vulnerabilities lead to exploit kits designed to infiltrate and corrupt distracted organizations. The most organized risks to the health sector in the United States come from state-sponsored and hacker-for-hire groups, primarily out of China. Platforms such as Elderwood offer a plethora of new Zero Days to organizations such as Deep Panda, Axiom, and Hidden Lynx, etc., whose sole purpose is to breach networks, exfiltrate data, and corrupt critical infrastructure networks.
©2015 James Scott (P)2015 James Scott