According to Healthcare Information and Management Systems Society (HIMSS), there are five current cybersecurity threats that healthcare organizations need to watch out for to prevent unauthorized access to their networks and protected health information.
The first attack method is called key reinstallation or CRACK attack. The attackers exploit a flaw in the way the Wi-Fi network’s WPA2 protocol performs a 4-way handshake every time users attempt to connect to the network. The attacker manipulates and replays the cryptographic handshake messages and could install a key that’s already in use to intercept all communications. As a preventive measure against this type of attack, use VPN with Wi-Fi networks to reduce the possibility of man-in-the-middle attacks.
The second threat is the BadRabbit ransomware attack. This has limited occurrence in the United States. It uses NSA exploits just like other global ransomware attacks. BadRabbit ransomware attacks are typically used to disrupt and not for financial gain. It is recommended to keep all software and operating systems 100% up-to-date and apply all patches promptly. Back-up the essential stuff regularly on at least two different storage media.
The third threat is by an Advanced Persistent Threats (APT) group called Dragonfly. It’s been around since May 2017 and targets critical infrastructure organizations. It typically attacks small networks with poor security then it moves laterally to big networks. The attackers’ primary target is the energy sector but the healthcare industry is a secondary target.
The fourth cyber threat is the Dynamic Data Exchange (DDE) attacks, which target Outlook users. This attack sends calendar invites via phishing emails. Opening the invites result in the installation of malware. The recommended mitigation is to view emails in plain text. If the invites present any attachments or links to other files, users should not click any.
The fifth threat of attack involves medical devices, which typically have poor cybersecurity protections. The devices can be easily targeted with ransomware to gain access to networks and data. Information stored on the devices must be backed-up including the computers and networks to which they connect.