S8: #077: How to Mitigate Cybersecurity Threats in Healthcare
How deception technology and identification solutions can protect networks from cyberattacks
It’s likely you remember hearing about the “Wannacry” malware attacks last year. It affected organizations around the world, but no sector was affected as badly as the healthcare sector. The UK was hit particularly hard – that attack forced the NHS to cancel 19,000 appointments, costing about £20m ($25m) during the course of one week, plus an additional £72m ($90m) in the subsequent cleanup and upgrades to its IT systems.
We haven’t had a headline like that in a little while, but that doesn’t mean that there isn’t still a significant risk. In fact, just last week, December 9, 2018 the University of Maryland Medical System discovered that malware had been installed on its network. The attack was detected at 4.30am, and within 2 1/2 hours its networks and devices had been taken offline and affected devices had been quarantined.
The senior VP and chief information officer, Jon P. Burns, of the University of Maryland Medical System issued a statement that said most of the devices that were infected with the malware were desktop computers. IT staff were able to identify the infected computers and get them quarantined and no files were encrypted and there was no impact on medical services.
While it’s unfortunate that these attacks still persist, it’s great to see how a quick response can limit the impact to data, equipment and care at hospital facilities.
So how can organizations protect themselves from these sort of attacks? And, when attackers do manage to get into the network, how can they be identified quickly so that you can isolate and limit the damage they cause?
Today we’re talking about the unique challenges of cybersecurity in healthcare, and explore some of the tools and solutions that can trap these attackers dead in their tracks. I’m joined on this episode by two guests. Our first guest is Jonathan Langer, he’s the CEO and co-founder of Medigate, a company that identifies, manages and protects connected medical devices. Also joining me on the program is Ori Bach, the General Manager & VP of Products at TrapX Security. TrapX created a new generation of what’s known as ‘deception technology’ that provides real-time breach detection and prevention. We dive into why this is such a threat to healthcare, and find out what providers and manufacturers can do to help prevent these extremely costly attacks.
- The Wanna Cry ransomware attacks and how it exploited the vulnerabilities in the healthcare industry and IoT devices
- What medical institutions and medical device manufacturers are doing to prevent future cyber attacks
- The policy and regulations in keeping IoT devices patched with security updates – are stakeholders doing enough?
- How the healthcare industry is different from other industries
- Jonathan Langer’s advice for the medical industry’s cybersecurity infrastructure
- What is “deception technology”?
- How the medical industry is adapting to the new cybersecurity threat
- “Intended damage” and “unintended damage” and how they are affecting hospitals
- Top tips for keeping your network safe
- Ori Bach’s recommendations and best practices for organizations to ensure a secured network and avoid malware
Links and Resources Mentioned:
- Jonathan Langer on LinkedIn
- Ori Bach on Twitter
- Ori Bach on LinkedIn
- Medigate on Twitter
- Medigate on the Web
- TrapX Security on Twitter
- TrapX Security on the Web
- TrapX Security Investigative Report – PDF
- Digital Health Events
- Join Digital Health Today
This episode of Digital Health Today is made possible thanks to our sponsors. Thank you!