Defending the healthcare sector against critical cyberattacks

Defending the healthcare sector against critical cyberattacks

Thorsten Stremlau of the Trusted Computing Group sees healthcare sector cybersecurity as still too reliant on human intervention.

Healthcare institutions remain a major target for hackers, with the sector experiencing an average of 1,684 attacks per week in the first quarter of 2023 alone.

Once hackers access a hospital’s network sensitive patient data can be easily exploited – with some attacks resulting in life-threatening consequences.

Equipment that is used to sustain patient life contains a variety of sensors and monitoring technologies, all of which can be used by attackers to gain access to entire networks should adequate protection not be in place.

The functionalities of these sensors can even be weaponized to cause physical harm to patients, making security measures that can prevent these attacks of paramount importance to healthcare institutions.

Financial repercussions for institutions are not limited to successful ransomware attacks; any exposure of patient information can also lead to significant fines.

But patient welfare is the key concern.

For hackers, the healthcare sector is a treasure trove of valuable information, as many hospitals operate on outdated, unsecure IT systems.

Seventy-three per cent of healthcare provider organizations use legacy networks that are laden with systemic vulnerabilities.

Owing to the age of these systems, the sector has to spend significant sums to support and maintain them when budgets could be put to better use elsewhere.

Just because some organizations have moved to cloud infrastructure doesn’t necessarily mean they are better protected: 61% of organizations within the healthcare industry suffered a cyberattack on their cloud infrastructure during 2022, with phishing attempts rife throughout the sector.

As medical records hold significant value for cybercriminals, it is essential that any organization holding this data are protected with the best security practices – strong encryption and authentication protocols – and the most up-to-date standards.

In the event of a cracked password or exposed security layer, measures are required that can minimise the damage and ensure patients and staff can trust the databases and equipment they use daily.

To this end, the Trusted Computing Group (TCG) play a crucial role in ensuring the reliability and trustworthiness of devices found within the healthcare sector.

The technologies, guidance and standards devised by bodies like the TCG should be used as the foundation for trust in computing systems large and small, especially in sectors where attacks continue to rise.

These enable organizations to establish ‘trusted computing’ within their systems, with building blocks that enable components within a computer network to trust all other pieces of hardware and software they are linked to.

One crucial element in establishing integrity and accuracy across healthcare systems is through Root of-Trust (RoT) hardware.

Considered the foundational component of security for any connected device, solutions like the Trusted Platform Module (TPM) can help verify any data

provided to a device to confirm it originates from an authorized source. Implementing a TPM can form a cornerstone for cyber resiliency, network security, identity and attestation, enabling organizations to uncover and mitigate any deviations from normal device behaviour.

As a result, communications between any devices found in the network can be trusted, and any ‘trojan horses’ deployed by attackers can be swiftly dealt with. For smaller devices, such as sensors found in medical equipment, these are supported through the Device Identifier Composition Engine (DICE) specification.

A special security key is provided to each firmware layer found in a device, which is then combined with the previous identifier from the level above and a measurement of the current one to create a strong line of security. In the event of a successful attack.

The unique key provided means an exposed layer cannot be used to infiltrate further elements of the device. Sensors and other technologies can be re-keyed should tampering be discovered within the firmware, giving institutions the tools to identify vulnerabilities throughout a system’s update process.

Strong measures for your own networks is one thing, but these can quickly be made redundant if security isn’t up to scratch across the entire supply chain.

When new medical supplies and technologies are brought into the hospital, the security measures carried out are reliant on human intervention. This includes the monitoring the alignment of labels to verifying the authenticity of serial numbers, neither of which are cost and time effective.

At the same time, as digitalization of systems increases, so too does the number of patients reliant on telehealth services.

Leveraging digital communication technologies can enable patients to be proactive in managing their own healthcare, with devices like tablets and smartphones commonly used to access medical services. It also lets doctors, nurses and other professionals to remotely provide support without leaving a site.

As institutions cannot directly manage the security of other organizations within the chain, or their patient’s own devices, they must rely on standards bodies to protect the general ecosystem with enhanced security measures.

This can come through Firmware Integrity Measurement (FIM), devised to determine the health of multiple endpoints within a network.

Through the guidelines provided by the specification, institutions can review the integrity of devices during the manufacturing stage and offer a baseline measurement that allows for security result comparisons throughout.

The FIM specification verifies that an endpoint device has been received by the end user and matches their exact order.

The FIM can then be measured and compared to the Reference Integrity Measurement (RIM) to detect whether the hardware has been compromised.

At any point of a supply chain, manufacturers can determine the integrity of a device, allowing institutions to trust the devices once used by patients to access sensitive medical data.

Hacking attempts will no doubt increase in volume and sophistication, but standards bodies continue to evolve to overcome the growing threat landscape.

It is imperative that healthcare institutions continue to adhere to the latest standards and specifications to protect their networks and patient well-being.