There was no shortage of challenges for healthcare CISOs in 2020. From the sudden surge in remote work and telemedicine to an epidemic of ransomware attacks, security teams have had their work cut out for them. Looking ahead to 2021, the Scope Security team sees some new and emerging security threats that security and technology leaders in healthcare should be aware of.
Ransomware attacks will intensify and reach new levels of maliciousness.
If there was any silver lining out of the wave of ransomware attacks that hit healthcare in 2020, it’s that now HDOs know what they’re up against and will head into the year more prepared to defend themselves. This is not lost on ransomware gangs, who will up the ante in 2021 in order to exact payment from victims, predicts the Scope research team. “People are preparing for ransomware authors to become more creative,” notes Jeremy Richards, Scope Security Chief Architect, adding that DDOS attacks will likely escalate as well.
“We could see ransomware around the supply chain and distribution of the COVID-19 vaccine.”
-Jeremy Richards, Scope Security Chief Architect
Going further, ransomware may move toward the extortion end of the spectrum. For instance, gangs may threaten to shut off infusion pumps, putting lives in danger. And a ransomware attack around the Covid-19 vaccine seems possible.
While evil intent and financial gain will motivate a more dangerous trend in ransomware, ironically it is also driven by the refusal of some organizations to pay up—making gangs more desperate. Scope Security VP of Threat Intelligence John Daniele predicts we may see an increasing trend in not paying. “If the data is going to be released anyway, why pay? I can never truly trust that data is going to hit some underground market.” He foresees a need for organizations to work more closely with law enforcement, particularly as it pertains to ransomware payments, adding that a whole new category of protection will emerge. “Now your cybersecurity strategy must include risk-based sanctions compliance programs to cover ransomware payments, This is an entirely new thing that has emerged in cybersecurity—we’ve never had to think about it.”
Scope Security CEO and Founder Mike Murray believes the attacks in 2020 have driven hospitals to put more solid back up and continuity strategies in place and that in turn, attackers will conjure up more creative encryption-based schemes to penetrate HDO networks.
Attacks on security and cold storage supply chains will increase.
Supply chain security risks have been a concern for years, but the SolarWinds hack in December 2020 set off alarm bells across industries, including healthcare. The breach confirmed the ability for attackers to successfully compromise the critical security supply chain infrastructure and indicates a “cut out the middleman” approach by bad actors may be on the rise. “The SolarWinds hack and related fallout presages more attacks in 2021 against managed services providers, not because of any information they necessarily have but because they are the conduit to their victims who are the actual targets of the attack,” predicts John Daniele.
Mike Murray points out that “Medical device manufacturers in the supply chain could potentially be compromised – it doesn’t have to be a technology company like SolarWinds—it could be an EMR or a medical device manufacturer.” Looking ahead, Jeremey Richards notes supply chain attacks will likely include “high-value” targets in healthcare, particularly as it relates to battling COVID-19, noting that we’ve already seen phishing campaigns against the cold chain/supply chain for the distribution of the COVID vaccine.
EMRs/EHR Systems will emerge as a desirable attack surface
The digital transformation of healthcare, combined with an explosion in remote work and telemedicine, will continue and grow in 2021, which in turn will open up new avenues for attackers.
“In 2021 I think we will see attackers really understand the value of the EMR [system] in the modern healthcare system.”
-Mike Murray, Scope Security Founder and CEO
With valuable internet-accessible HDO data hosted on premises and in the EMR vendor’s cloud, attackers no longer have to do the hard work of penetrating the network.
“Attackers can phish credentials from an EMR instance without having to compromise the network since it’s not behind a firewall anymore,” Mike Murray points out. This means that API security and the need for monitoring will rise in importance, as hospitals move to cloud native EMRs. In general, the Scope team sees healthcare becoming more API-driven, which creates a multitude of avenues for breaches.
What else is on our radar for 2021?
- The M and A trend will continue as the full impact of COVID-19 driven revenue shortfalls are felt by smaller hospitals
- Adversarial machine learning will increase as attackers push on security models
- Security budgets will be healthy in 2021 but tools consolidation will increase, in order to streamline management and costs
- Securing clinical environments will move up the priority list for CISOs