Reports consistently point to increased risks to patient safety after ransomware attacks. However, according to John Riggi, Senior Advisor for Cybersecurity and Risk at the American Hospital Association, the most pressing variant facing healthcare is the technologically advanced, stealthy cyber threats originating in China. , the long-lived malware Daixin.
Speaking to industry leaders during a discussion at the University of California, San Francisco Stanford Center of Excellence in Regulatory Science and Innovation on Tuesday, Riggi outlined risk areas that vendors should address shortly.
He is also tough on provider organizations that are still reluctant to implement multi-factor authentication across their enterprise, especially as threat actors continue to target critical infrastructure and supply chain partners. I have issued a warning.
“If you don’t do MFA at this time, it will be difficult to defend your case, both civil and regulatory, because it’s a very basic technique at the moment,” Riggi said. increase. “The White House has asked us to implement basic cybersecurity measures that can prevent a significant portion of ransomware attacks at a fraction of the cost.”
As ransomware and other cyber threats continue to plague the industry and cyber insurance is no longer guaranteed, MFA needs to be high on the list to protect every remote access point within an organization. There is, he added.
While versions of his Daixin in various forms have been used in attacks over the past decade, researchers observed that in February 2022, a more sophisticated variant was revived. Symantec described the threat as the “most advanced malware” it has seen so far in China. Supported Attackers. Daixin is used in both smash-and-grab and stealth maneuvers.
The main goals of these attacks appear to be espionage, hijacking of legitimate TCP/IP services and listening on port 80 for traffic patterns that can be interpreted as commands.
In the healthcare sector, Daishin has suffered multiple casualties, including a cyberattack on his Oak Bend medical center in September 2022. The incident led to several weeks of network outages and the suspected theft of patient health information from the hospital’s internal servers. Data evidence of the stolen data was published on Daixin’s dark website.
Daixin was also involved in his large-scale attack on AirAsia in November, along with Fitzgibbon Hospital, Trib Total Media, and ista International GmbH. Several federal agency alerts were issued as a result of these attacks, including one directed to the health sector warning that public health and the medical sector are prime targets. Riggi expects this relentless targeting to continue shortly.
The Chinese government uses diaxin to attack intellectual property
For Riggi, the risks posed by Daixin and other state actors are multifaceted. With clear goals to access patient data or disrupt operations for quick payments, these players are specifically eyeing the treasures of medical research and innovation, among them medical devices. and related to the development of medical technology.
The Chinese government is the “most prolific and aggressive” of these groups, specifically targeting “intellectual property,” he explained. The government has even announced plans to dominate the world by 2049, not only militarily, but “through economic control, including health care, especially medical technology.”
Device makers see these plans as calls to action and “think about the sensitive information in the medical technology that may be behind it for their We need to understand the intricacies of software design that can be applied to healthcare,” said Riggi.
These attackers do not rely heavily on new and sophisticated tactics to infiltrate networks. Riggi explained that hackers use tried and tested methods to gain access to victims’ systems, including exploiting vulnerabilities in medical devices and phishing attacks.
“Honestly, the way bad guys get in is by exploiting known and publicly disclosed vulnerabilities.
They just beat us,” said Rigi. Organizations should work to speed up the patching process, even if it is difficult for medical devices.
All companies in the industry should review past successful attacks on the industry and learn from past mistakes. Citing outages caused by Kronos and others, Riggi reiterated the importance of integrating cyber incident response plans with contingency plans, disaster recovery, business continuity plans, and downtime procedures.
In particular, he warned, business continuity should be sophisticated and well-practiced: it supports all care models and is used to ensure that care is delivered to those who need it most. It means understanding the importance of technology to B. Emergency patients and cancer patients.
These plans should also consider the impact of third and second parties. This information is used by the Supply to establish downtime procedures in the event of a failure of her chain partner.
“We have learned the painful lesson that healthcare cyber risk is not just an IT problem, it is a business risk that affects every function of an organization,” he said. “Most importantly, it impacts the ability of hospitals and health systems to provide patient care and poses risks to patient safety.”