Sağlıkta Siber Güvenlik Çalışmaları: Aşı Çalışmaları ve Veri

Cyber security in healthcare has become almost a necessity, especially with vaccine studies during the pandemic period. In the autumn of 2020, significant progress was made in some vaccine studies (Pfizer/BioNTech, Oxford University/AstraZeneca, Moderna, Sputnik V, Sinovac). Many countries have announced that they will soon start vaccination studies, especially for healthcare workers and risk groups. How reliable which vaccine study is is, of course, the subject of other analyses. However, it is important that the vaccines produced can be delivered safely to the end user. In this regard, global distribution chains must be able to work effectively. The security of scientists’ work and data is closely related to cyber security.

Vaccine Studies

States and private companies are in fierce competition regarding vaccine studies. Both the value of the scientific data produced and the prestige that will be gained by “the one who finds a cure for the epidemic” are important. All of these make the work and knowledge more valuable. In this context, protecting the infrastructure used in vaccine studies becomes a necessity. In addition, the digitalization of communication between stakeholders in this field makes cybersecurity an important topic. For example, interception of sensitive information about vaccine development is a serious risk. A cyber-espionage operation that could be organized for this purpose is considered one of the risks that could disrupt the process.

According to the news in the Media at the beginning of December [1], technology giant IBM, the “cold chain” required for the distribution of COVID-19 vaccines, that is, the logistics network used for the distribution of the vaccine, has been exposed to a global-scale and target-oriented phishing attack by some institutions operating in the field. He announced that he was targeted by the attack. According to IBM, the purpose of this attack may be to gain access to user information in the future. Additionally, attackers may attempt to gather information on methods, processes, and internal communications related to vaccine distribution. Similarly, in November, it was reported that a social engineering attack was carried out against the employees of one of the institutions developing the vaccine with fake job offers via Linkedin and WhatsApp[2]. Governments attach great importance to cyber security during the crisis, starting from drug treatment/vaccine research to vaccine distribution.

Personal Data Security in Vaccine Studies

In addition to the valuable information obtained from vaccine development activities, personal health and patient data are also extremely valuable. In this context, this information is frequently targeted by cyber attackers. As technology advances, cybersecurity is an increasing risk factor for healthcare services and data. One of the cyber security companies conducting research in this field defines the top five risks that affect healthcare organizations the most and their rates as follows [3].

Risks in Healthcare Institutions
Malicious network traffic (72%)
Phishing attacks (56%)
Operation system vulnerabilities (48%)
Man-in-the-Middle Attacks (MITM) ()
Malware (8%)

Cyber attacks can affect the activities, business continuity, and corporate operations of all sectors, from energy to communication infrastructure. However, the healthcare sector is thought to lag behind other sectors in terms of cybersecurity measures. The damage caused here will not be limited to just financial loss. So much so that a cyber attack targeting a hospital can literally be a matter of life and death. Machines in the hospital may malfunction, putting patient lives at risk. When patient data is stolen, it may become difficult to maintain the principles of confidentiality, integrity, and accessibility of data.

As you may remember, one of the concerns, the risk of “loss of life due to cyber attacks”, was realized this year. In September, cyber attackers targeted a hospital in Düsseldorf, Germany, to demand a “ransom” and prevented the hospital’s systems from working, and a patient who had to be transferred to another hospital and whose treatment was disrupted lost his life[4].

We went through a hyper-digitalization process during the pandemic. It assumes that cyber threats will not disappear for critical sectors, especially healthcare. On the contrary, as “connectivity” increases, vulnerabilities and unknowns will increase. This will create new threat vectors and targets for cyber attackers. Therefore, steps must be taken to protect healthcare institutions, systems, data, medical devices, and, most importantly, patients.

Where to Start with the Security of Personal Data?

According to Verizon’s 2016 Data Breach Investigation Report[5], financial gain is the primary motivation for most security breaches that have occurred. Attackers usually choose the easiest attack method and the weakest target to reach the information they target. In this context, the problems encountered regarding cyber security in the healthcare sector can be listed as follows:

Major Cyber Security Issues in the Healthcare Sector

Malware and Ransomware: Attackers take over individual devices, servers, and networks through malware and ransomware attacks. As seen in a hospital incident in Germany, ransom may be demanded from individuals or institutions in order to regain control.
Cloud Computing Threats: Recently, cloud applications have become an increasingly popular storage method for health information. However, without proper encryption, this type of storage can compromise security for healthcare organizations.
Misleading websites: One of the most common tactics used by attackers is to capture users and access information by creating websites with addresses and designs that are very similar to a real website. We know that this tactic is frequently used, especially in the banking sector. Some attackers can mislead unwary users simply by changing the website extension (for example, using com instead of gov).
Phishing Attacks: In this strategy, e-mails disguised as being sent from official institutions and organizations are delivered to the user by using techniques such as masking in order to obtain sensitive information from users. Sent emails often contain a malicious attachment.
Blind Spots: Encryption is one of the most effective weapons we have to protect all data, especially health. However, hackers can create blind spots where they can hide in order to detect breaches.
User Error: Despite all the progress in technology, the central role of human-machine interaction underscores the role of the end user in ensuring security. In this context, even if all precautions are taken, employees can make healthcare institutions vulnerable to attacks through weak passwords, unencrypted devices, and similar incompatibilities.

Case Studies

The healthcare industry faces numerous cybersecurity-related issues. These problems can range from malware that can compromise the integrity of information within the system and the privacy of patients to denial of service attacks that can disrupt facilities’ ability to provide patient care. These risks apply to all sectors. However, in the healthcare industry, cyber attacks can cause irreversible problems and damage beyond financial loss and privacy violations.

Cyber Attacks in the Healthcare Sector

Ransomware in the Healthcare Sector

If you’ve been following reports on data breaches in the cybersecurity space lately, you’re likely to come across stories of hospitals being caught by ransomware. Ransomware has become a nightmare for information security/cybersecurity experts in recent years. On the other hand, attackers are always one step ahead of defenders; Constantly changing tactics, techniques, and procedures make it difficult for security experts to keep up with innovations. As a brief reminder, ransomware is a type of malicious software that can infect systems and files and make these files and systems inaccessible or destroy them unless the requested amount of ransom is paid. As you may remember, the Wannacry attack that ravaged the whole world was actually ransomware and made a lot of noise with the damage it caused.

For the healthcare industry, ransomware attacks are perhaps one of the worst situations that can be encountered. As a matter of fact, when this attack is made, critical processes in healthcare institutions may slow down or become completely inoperable. Imagine a completely digital hospital going back to the days when paper and pencil were used! Of course, this would be a development that would paralyze the system. When the incidents are examined in general, it has been determined that ransomware infects victim machines using one of the following three ways:

Via a phishing email with a malicious attachment,
Through a user clicking on a malicious link,
By viewing an ad containing malware

Ransomware Problem

Ransomware Example: Recently, many hospitals have been infected with ransomware through the old JBoss server. In these incidents, the attacker installed malware on an outdated server with which the victim had no interaction, rather than on the common work platform used by staff. Hollywood Presbyterian hospital in California was one of the affected hospitals. This hospital had to pay a significant ransom to regain access and authority to its files and networks.

Ransomware Recommendations: Keeping antivirus software up to date, implementing appropriate email filtering, and making up-to-date backups of data, as well as storing this data offline, will help strengthen and build resilience to your organization against the ransomware threat.

Data Breaches in the Healthcare Industry

Making money is not the only motivation behind cyber attacks lately. As can be seen in the systematic and targeted attacks on vaccine studies, something more valuable than money is now targeted: Sensitive data and information. The data breach scenario is actually quite familiar and not too far off. Usually, an e-mail containing eye-catching social engineering is sent to the victim, such as an advertisement for free credit or an unrealistically high discount. According to research, the healthcare sector faces more data breach cases than any other sector. Malware that can steal identity information, an employee who knowingly or accidentally discloses patient data, and lost or stolen laptops may be the source of the problem.

Examples of Data Breaches

Data Breach Example: The Health Share incident is an example of one of the stories described above and the data leaks experienced in the healthcare industry in 2020. According to research[6], a laptop stolen from the institution containing information such as patient names and contact information about 654,000 patients is the main cause of the leak. After this leak, the company is updating its annual security audit procedures with its suppliers and focusing on training employees.

Recommendations for Data Breaches: Adequate and effective application security and network security are important in the first place to prevent an attack from occurring. Encryption is one of the best ways to prevent patient data from being accessed once an attacker breaks into your systems.

In the Healthcare Sector: DDoS Attacks

Denial of service (DDoS) attacks are a popular tactic used by cybercriminals to overwhelm a network until it becomes inoperable. This type of attack can pose a serious problem for healthcare providers. Especially in situations that require internet access, such as patient care or information exchange. Some DDoS attacks may be accidental. However, in most cases, social, political, ideological or financial motivations are the main reasons for attack.

DDOS

DDoS Example: In 2014, there was a DDoS attack targeting a Boston children’s hospital. The attack was carried out by a person who identified himself as a member of Anonymous. In short, it launched DDoS attacks on the hospital’s network, based on the claim that patient rights were violated. In the attack, people in this network, including Harvard University hospital and other hospitals, lost internet access. Networks were down for almost a week. The patients and medical staff in question were unable to use the systems to check test results, appointments, and other case information.

Recommendations against DDoS Attacks: DDoS attacks can occur in many ways. Understanding what type of attack is occurring is an important part of being able to properly mitigate it. Generally, you should maintain an effective partnership with your Upstream Network service provider to protect against DDoS attacks. Or you can contract with companies that provide DDoS mitigation services.

Accidental or Deliberate: Internal Threats to the Healthcare Industry

Organizations often struggle with defending the integrity, availability, and security of their networks against external threats. Therefore, dangers that may arise from within can sometimes be overlooked. However, a person within the institution can actually pose a great threat, as he or she does not face difficulties such as precautions taken against outsiders, with the legal access authority he or she has. Additionally, these people may have information about the security vulnerabilities of the system. Even if they are not knowledgeable, it is possible for them to obtain this information more easily than many people outside.

Insider Threat Example: An employee at a Texas Hospital in the USA used the hospital network to attack a hacker group he saw as a rival. This attack victimized the hospital and people with the construction of BotNet. The attacker recorded a video while infiltrating the hospital network. He later posted it on YouTube for everyone to see. In the published video, it is clearly seen that the attacker used a special password/key to infiltrate the hospital network. In addition to the information revealed, it was also learned that it created a backdoor that could harm patients in the hospital.

Recommendations against Internal Threats: The best way to detect an internal threat is through internal employees. You should train your users or employees on how to recognize an insider threat. In this way, you take the first step in protecting your institution and organization. There are open-source training programs that raise awareness of institutions and employees on these issues. Training guides employees to recognize suspicious behavior and to whom, when, and how to report it.

Cyber Security Strategies in Healthcare

Siber Güvenlik ve Operasyonel Teknolejiler

The possible consequences of cyber attacks targeting the healthcare sector include data breaches and serious financial burdens. This can lead to endangering consequences for human lives. Therefore, it is necessary to develop some strategies to be resistant to attacks.

Basic Strategies

Importance of Security Culture: It is important for organizations to provide necessary cyber security training to employees. This may change their code of conduct in a positive way. It is essential to create a cyber security culture that reminds employees that threats are real and permanent.
Protecting Mobile Devices: Healthcare workers are increasingly using mobile devices at work. In this context, it is necessary to consider mobile devices within asset management and risk assessment architectures. Protective measures, especially encryption, are critically important to ensure the security of information on these devices.
Using an Antivirus Program: An antivirus program should be used for every device connected to the Internet. But just installing anti-virus software is not enough to be protected. As in all sectors, the healthcare sector also has to keep its antivirus programs up to date.
Planning for the Unexpected and Dealing with Uncertainty: Cyberspace is inherently different from the physical world. In this context, it is very important to plan for the unexpected, that is, to visualize possible scenarios and reduce uncertainties. For example, data should be backed up regularly and on secure platforms to prevent ransomware attacks. Backed-up information should be located away from main systems and networks.
Strong Password Policy: According to Verizon’s report, weak and compromised passwords are responsible for 63% of data breaches. Those working in the healthcare industry should not only use strong passwords but also change them regularly.
Limiting Network Access: When adding a new software or application, it should not be installed by unauthorized personnel.
Controlling Physical Access: Cyberspace is not the only entry point for data theft. Just like when laptops are stolen, data breaches can occur when hardware parts are stolen. Therefore, computers and other electronic devices containing important information should be kept in safe areas.