With copious amounts of data collected by healthcare facilities, cybercriminals often target such entities. Moreover, the healthcare industry collects unique data, known as Protected Health Information (PHI), which is extremely valuable. Our PHI is engrained within us; medical history cannot get changed. As such, this information can sell for three times as much as Personally Identifiable Information (PII) on the dark web and can get used in much more nefarious ways. Identity theft takes on a whole new meaning when a bad actor gets ahold of your PHI.
A Silent Sickness
Cybercriminals are turning to hardware-based attacks to carry out their harmful activities. What makes such attacks so perilous is their clandestine nature; Rogue Devices can inject malware, cause data breaches, and more, all while operating covertly. Traditional security software, such as NAC, EPS, IDS, or IoT Network Security, fails to provide the Layer 1 visibility required to detect and accurately identify all hardware assets. As a result of this blind spot, Rogue Devices, which operate on Layer 1, go undetected. By hiding or spoofing their identity through Layer 1 manipulation, Rogue Devices bypass existing security efforts, even those as stringent as Zero Trust. All it takes is a few seconds to attach the Rogue Device to an endpoint, and the attack is underway.
An Open Wound
In addition to visibility challenges, there are several vulnerabilities within the healthcare industry that enable hardware-based attacks. Malicious insiders pose a significant threat to healthcare providers thanks to their physical access to the organization – a requirement for hardware-based attacks. However, gaining physical access to a healthcare facility is fairly easy; many healthcare entities, such as hospitals, are open to the public, with hundreds of people walking in and out each day. A malicious actor can walk in freely, disguised as a visitor or even acting as a patient, and carry out a hardware attack. Further, the interconnected environment typically found within healthcare facilities only makes life easier for these external perpetrators. Interconnectedness creates a larger attack surface as there are more entry points to the organization; outside attackers only need access to just one device to infiltrate their target’s network.
Worryingly, the large number of devices used within medical facilities proliferates the hardware threat. The industry is undergoing a digital transformation and is becoming increasingly reliant on technology and, more importantly, Internet of Medical Things (IoMT) devices. Not only do IoMTs act as an entry point, but the devices themselves are often the target of an attack. Firstly, IoMTs collect significant amounts of valuable data, and the ease with which they can get accessed makes them appealing targets. Additionally, an attack on IoMTs can have a physical impact, which could have dire consequences; some IoMTs perform life-saving operations, such as heart-rate monitors and insulin pumps. Should malicious actors gain control over such devices, the outcome can be fatal.
Cyberattacks on healthcare providers are a very serious matter as patients’ lives are at risk, as is the country’s national security. To protect against dangerous hardware-based attacks – and strengthen existing security measures – healthcare entities should invest in hardware security. With Layer 1 visibility, there is protection on the first line of defense.
About the author:
Jessica Amado – Head of Cyber Research – Sepio Systems
(SecurityAffairs – hacking, supply chain attack)