International. According to the Nozomi Networks OT and IoT Security Report, the Health and Public Health sector is one of the most vulnerable, hence the importance of taking into account the state of the network, software vulnerabilities, risks of credentials and limited data.
Nozomi Networks, explained in depth these four key aspects that the health sector must consider to keep its critical infrastructure safe and care for the integrity of patients.
Since 2020, several cyberattacks have been reported on hospitals around the world. According to the Nozomi Networks OT and IoT Security Report, the Health and Public Health sector is one of the most vulnerable, ranking fourth in cases of disclosed information.
In addition, ransomware costs to care centers and hospitals has reached as much as $1.5 million per day, as happened with the attack on the medical network of a university in Vermont, United States.
Fernando Castro, director of sales for South America at Nozomi Networks, explained: “By means of technological systems in medical services, various procedures and controls of critical systems such as respirators, medication supply, vital sign monitors, among others, are carried out. Many of them connect to the internet, collecting and sharing sensitive information between devices and networks, to improve the efficiency and effectiveness of care. However, their level of importance to hospitals and people in general has put them in the crosshairs of cybercriminals, which can put patient safety and the integrity of medical data at risk.
Properly protecting themselves from the risks to which they are exposed, health providers and entities require implementing cutting-edge solutions to adequately monitor and monitor the behavior of their equipment and devices, in addition to identifying suspicious behaviors or activities on time.
These are the four keys that the sector must consider in order to have mature cybersecurity strategies in its systems:
1. Network Health – Lack of network visibility is a big problem for cyber threat protection. Without a real-time map of the inventory of communicating machines and computers in their environment, organizations cannot identify unauthorized devices or detect malicious activity.
2. Vulnerabilities in the software of the product: they are not all the same; the degree to which vulnerabilities affect the integrity and availability of systems varies. Some of them are limited in scope and only apply to certain software features or interfaces, while others may have additional controls that mitigate their severity and level of risk to the network.
3. The risks of credentials: Default remote access is a major threat to the security of network-connected medical devices. Attackers steal and use these credentials to gain access to the system and deploy a botnet attack, which can put patient privacy and security at risk.
4. Limited data: Anomaly detection and behavioral analysis in network operations are valuable tools for improving threat intelligence and overall security postures, even though the amount of information available may be limited. Constant monitoring and analysis can help security leaders identify the root of unexpected changes in operations and deviations from normal behavior.
Like other sectors, cybersecurity has become a priority for the protection of critical infrastructures that provide vital services such as energy, water, gas and, of course, the health of citizens. This issue has also been taken into account by regulatory and government entities, which have established regulations and security standards, in order to protect the integrity of the system and the well-being of citizens as much as possible.
Fernando Castro, indicated that the OT and IoT cybersecurity sector, health is one of the main priorities of our work. We are constantly improving our solutions to detect malware and Indicators of Compromise (IOCs) by combining multiple forms of OT/IoT/IT threat detection, and continually receiving updated asset and threat intelligence.
And finally, he assured that it is crucial that any hospital, care center or provider of these services include these tools in their security strategy and avoid being a victim of cybercriminals.
Leave your comment