August 18, 2022
In our increasingly digitized world with more personal identifiable information (PII) stored in applications or cloud systems, the healthcare industry is extremely susceptible to online attacks. As healthcare practices integrate more and more online solutions, it is extremely important to keep up to date on protecting your digital assets, establishing secure protocols, and knowing what IT vulnerabilities to look after.
An IT vulnerability means a flaw or weakness in an IT system that can be exploited, either accidentally or on purpose, to violate the system’s security. This vulnerability could expose system information, including PII data.
Due to the large-scale data available on healthcare IT systems, it is important to practice safe cyber methods and establish appropriate security methods within the healthcare practice to protect patient and practice data.
A practice must be aware of these possible exploitation methods, all of which have different attack methods. According to the Department of Health and Human Services, top vulnerabilities in the healthcare industry include: BrakTooth, Conti Ransomware, Hardening Remote Access VPN, Medusa Tanglebot, and New Azure AD Brute Force.
This newer family of vulnerabilities effects Bluetooth-enabled devices and ranges in severity from denial of service (DoS) by either crashing the firmware or creating a deadlock condition where Bluetooth is no longer usable, damaging the code. Healthcare practices facing these attacks should contact their ISAC or ISAOS.
Conti specifically targets the healthcare industry by stealing sensitive data and threatening to release the data if a ransom is not paid. To protect against ransomware attacks, follow the guidelines outlined here.
Hardening Remote Access VPN
Remote access VPN servers have become entryways for malicious actors who access and attack secure networks. It is recommended that healthcare practices continue using VPN’s but select reputable and standards-based sources.
This malware is most commonly spread posing as a COVID-19 SMS message on Android devices. Tricked users would install the malware application onto their device which would then be used to gather data on the user and spread to other devices. This method often targets certain individuals and is difficult for an individual to even know when under attack let alone be tracked. Healthcare professionals must practice safe downloading methods.
New Azure AD Brute Force
This bug effects Microsoft’s Active Directory technology, which is commonly used in the healthcare industry. It is difficult to detect and remove. It is recommended healthcare practices update software for patches and implement cybersecurity awareness training.
Any healthcare practice can fall victim to a cyberattack. It is important that each practice take cautionary measures, implement healthcare IT security training, and remain knowledgeable of common IT vulnerabilities.
ChartLogic can help healthcare practices remain diligent, starting with our free IT systems assessments, which can review, assess, and provide an analysis of your practice’s technology. In fact, our evaluation provides expertly reviewed analysis on the equipment, network, system, and security settings implemented in your practice.
Are you ready to take your first step in protecting your practice, assets, and most importantly, patients? Contact us today or take the free assessment to discover your IT vulnerabilities, our expert staff can review your results and help you get protected with top-notch IT security.