A hospital in Versailles, near Paris had to cancel operations and transfer some patients after being hit by a cyberattack over the weekend, France’s health ministry said Sunday. Six patients had been transferred by Saturday evening — three from intensive care and three from the neonatal unit — said the minister, Francois Braun, as he visited the hospital. Others might follow, he added. The regional health agency (ARS) said the hospital had cancelled operations, but was doing everything possible to keep walk-in services and consultations running. Extra staff had to be called in to the intensive care unit because, while the machines there were still functioning, more people were needed to watch the screens as they were no longer working as part of a network, aid Braun. The cyberattack had led to a “total reorganisation of the hospital” the minister added.
Cyber criminals know that hitting patient services and business availability is the most effective way to gain a ransom payment. The healthcare industry is one of the few sectors where cyberattacks can fatally impact human life, and threat actors know this.
They want to put decision makers in a morally impossible situation so that they have no choice but to pay ransoms in order to get their services back up and running. Unfortunately, situations like this are likely to increase as healthcare providers add more cyber-physical systems to their networks.
The convergence of IT and OT systems as well as the connection of Internet of Medical Things (IoMT) devices exposes to new cyber threats and vulnerabilities which can impact patient services, and ultimately human life.
Protecting business availability and building resilience should be the number one priority for the healthcare industry. Healthcare providers need to implement patching services to fix urgent OT and IoMT vulnerabilities. Network segmentation with asset class network segmentation policies will also limit the movement of malware and mitigate the impact of cyberattacks.
The fact the hospital had to move patients suggests a lack of confidence in its cybersecurity tools. Compromising patient services in the face of a cyberattack puts lives at risk, so hospitals must get to the point where they have the confidence that an attack won’t disrupt patient care.
Cyberattacks are only going to increase as the number of connected devices and open Wi-Fi connections within healthcare environments rises. Every hospital should be building breach containment capabilities to reduce the impact on critical services.
Cyber resilience is paramount for healthcare organisations where human lives are on the line. Any healthcare provider that hasn’t already should adopt a Zero Trust strategy to restrict and control communication and movement through the network and prevent cyberattacks from becoming a tragedy.
This a serious and deplorable incident in which the lives of the most vulnerable have been threatened due to a cyberattack. Healthcare providers and corporations are among the most highly regulated organisations in any market. The reason for this scrutiny is obvious: they collect and handle some of the most sensitive personal data about an individual, information that goes beyond contact and financial data. And by that very reason, the healthcare industry is among the most lucrative targets for threat actors. This attack demonstrates the multi-pronged strategy that threat actors can implement. By shutting down infrastructures, they put victim organisations into the position of sustaining the financial and reputational damages of outages while tempting them with a ransom that promises to end the gridlock.
Companies should learn from situations and prepare for such eventualities by deploying data-centric security and having a robust backup strategy. The bare minimum of data security includes fortifying the perimeters around this type of data. However, more effective data protection methods are readily available in the marketplace, including data-centric technologies such as tokenisation and format-preserving encryption. These measures guard the data itself instead of the environment around it by replacing sensitive information with representational and innocuous tokens. This data-centric protection travels with the data, so even if hackers circumvent perimeter security or information is inadvertently exposed, any sensitive data subsequently accessed will be worthless, thereby averting the worst repercussions of a breach or leak.
“In recent years, we’ve seen more and more hospitals and healthcare providers impacted by cyber attacks; be they intentionally targeted towards them or not.
Whenever a hospital’s systems are targeted, it has a massive impact on patients needing health care. It’s therefore vital that hospitals and other healthcare providers ensure that their systems are adequately protected and only those systems which absolutely need to be connected online are – with others shielded from direct access.
A good layered approach is needed which includes not just the right technologies, but also to provide timely and appropriate security awareness and training to staff so that they can be part of the defence of the hospital and be able to identity and report any suspicious activity.”