NIS 36 million. This is the cost of restoring the computer infrastructure at Hillel Yaffe Hospital in Hadera, after they were hit by a cyber attack that took place last October. NIS 36 million, which in advance planning, even a tenth of which was enough to build a defense system for the hospital that would have prevented the attack, or at least minimized the damage.
Imagine that you, or someone close to you, is about to go into important and complex surgery, and a few hours before the exciting moment, the hospital is attacked by hackers who take over the computerized medical systems and threaten to disconnect the ventilators at the push of a button. This horror scenario is indeed the extreme point of the attack script, but in reality – the postponement of a simple operation, which you have been waiting for for months, because of cyber threats such as the one that Hillel Yaffe experienced, is a frustrating event in every way.
Hospitals by nature are organizations that meet the public in a great many places, which produces quite a few vulnerabilities that we as service recipients may be harmed by, as well as the hospitals themselves as an organization. Hospitals have systems open to the general public, whether these are communication systems like emails, on-site information systems and an app. At the same time, they rely on systems with which they share medical information with research institutions, health funds, doctors, other hospitals and more.
The multiplicity of media fronts directed outward in hospitals, make it an organization whose defense is very challenging. Its weak points move on the axis between attacking the systems through which the medical operation is operated and disrupting them, and the medical information that can be stolen or encrypted.
Risk prioritization is complex, and requires understanding and expertise in medical organizations, as attacking diagnostic systems such as disabling an MRI device, creates many problems, but there is a possibility of moving patients to other locations. On the other hand, ensuring the continuity of critical operating room operating systems is a necessity that is mandatory.
We do not know exactly what the sequence of events was in the attack on Hillel Yaffe, but a possible simulation of a cyber attack on an organization such as a hospital could start from a malicious email sent to the secretariat’s computers and infect the first computer. From there, as in a disease with a high coefficient of infection, the next stop is the administrative bills, until the attackers reach the databases that reinforce medical science in order to steal it, encrypt it, or demand ransom for it. In another equally frightening scenario, attackers can break into the operating networks that hold the medical devices to disable medical devices, such as respirators, thus effectively preventing the hospital from functioning on a regular basis.
There is no one magic solution that can provide a complete shell of protection when it comes to information stored in the cloud. This is a daily war around the clock, against attackers who act in sophisticated ways, whether for commercial motives or on behalf of an enemy state. One cyber company cannot handle the diverse range of threats, so an organization like a hospital needs to use different cyber protection products, and know how to manage them in a synchronized way, in order to protect all its information infrastructures. Individual specialization in medicine is also required, as a cyber protection team, which specializes in the financial sector, will not know how to deal optimally with a hospital attack because of the individual priority in a medical organization for all its complexities.
The trend towards cloud use will intensify this year in organizations such as hospitals. Critical information infrastructures and systems that are connected to the cloud, allow hospitals to lower costs as well as develop and grow, but on the other hand, along with the opportunity the scope of threats grows and develops and unfortunately we see quite a few organizations moving to the cloud but not devoting enough thought to timely protection.
The era of physically protected servers in the basements of the building is disappearing. The cloud infrastructure allows for easy remote operation based on usage permissions, but the “easy life” is abused by hackers looking for places where those usage permissions are unorganized and unwise protected. At the end of the day, anyone who takes over a “cloud identity” can do a variety of actions from anywhere in the world depending on the permissions given to that identity, whether human or applicative. When you have the key in hand, there is no need to break through the window, you just walk in the front door.
The author is a founding partner and chief customer officer at the cyber security company Ermetic