SpearTip | July 9th, 2019

Government Agencies Alert Healthcare Industry To Eminent Cyber Threats.

Since August, both the FBI and the National Institute of Science and Technology (NIST) have issued announcements and warnings to the healthcare industry about lack of proper cyber security, and vulnerabilities for being attacked, when it comes to devices and controls using the Internet of Things (IoT).

IoT controlled devices are commonplace throughout the industry from doctors’ offices to hospitals with advanced Intensive Care Units, to medical research facilities. Unfortunately, these devices are often under-protected compared to their more traditional IT cousins, and are prime breach targets for cyber predators, who can often gain full network access with relative ease when gaining entry through equipment using IoT technology.

Because IOT devices add convenience and efficiency to workflow, their growth has accelerated rapidly, with 50 billion devices expected to be in service by 2020. Cyber security protocols for these devices simply have not kept up with demand.

Q: Are There Specific Devices Our Hospital Should Prioritize That Might Be Particularly Vulnerable To Attack?

According to the FBI, IoT devices that are being specifically targeted are wide and varied. They include everything from connected medical devices, routers, wireless radio links, time clocks, and streaming devices, to IP cameras, smart door locks, and network attached storage devices.

Q: Why Can’t Companies Like SpearTip Or Our Internal Team Simply Use The Same Cyber Security Measures For Our IT And Our IoT Devices?

Believe me, I wish the world could be that easy. But IoT devices and controls operate in real world environments that are much different than their IT counterparts. Here’s a great example: Most IT environments feature automatic patching. Given the ramifications of IoT devices, based on the critical nature of their uses, patching and updating a device could lead to a momentary service interruption, resulting in patient endangerment, or even death in the case of a life support system.

Q: Why Are More Cyber Criminals Suddenly Targeting IoT Devices?

The FBI answers your question far more succinctly than I could, in this case. “IoT proxy servers are attractive to malicious cyber actors because they provide a layer of anonymity by transmitting all Internet requests through the victim device’s IP address — Cyber actors use the compromised device’s IP address to engage in intrusion activities, making it difficult to filter regular traffic from malicious traffic.”

Q: What Are Some Things Malicious Threats Look For When Searching For Breachable Targets?

Vulnerabilities in IoT devices that attract attackers include weak authentication, unpatched firmware or other, similar software vulnerabilities, and most commonly default usernames and passwords.

Q: Is There Anything In Particular Our Internal Security Team Should Look For To Indicate A Possible Breach?

We always recommend that internal teams work with a third-party resource, such as SpearTip, to uncover anomalies that could indicate a breach. A good starting check list would include looking for indicators of compromised devices, particularly a major spike in internet use and charges, devices or internet connections running slowly and irregularly, and unusual outgoing traffic patterns compared to similar use periods.

Q: What Are Some Of Things We Can Do To Help Protect Ourselves Against Attackers?

For starters, we suggest using the FBI’s basic checklist. Performing these tasks along with a third-party cyber security provider will allow you to set up new security protocols and reporting structures for critical data and use. You should also have your executive, management, security and care teams participate in tabletop exercises, where you are placed in a real time, controlled breach environment, to experience and understand best practices during a cyberattack.

Again, use the FBI list as a starting point. Just remember what we always tell everyone: Compliant equals complacent. Going above the accept norm is what will keep you safe.

• Change default usernames and passwords

• Use endpoint detection and response tools regularly and ensure it’s up to date

• Ensure all IoT devices are updated and patched regularly

• Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding

• Isolate IoT devices from other network connections through both physical network separation and network segmentation

• If you suspect a compromise or intrusion, do not reboot or turn off your system. Unplug the network connection or disable wireless connectivity and call in an expert third-party resource to conduct an Active Memory Analysis as soon as possible.