Skip to main content

Cloud services and remote healthcare create new exploitable attack surfaces

(Image credit: Shutterstock)

The Covid-19 pandemic has increased the adoption of cloud services across all industries, especially for healthcare providers, as they leverage remote access and cloud analytics to scale operations.

While cloud computing better optimised the use of resources in healthcare, it also created significant risks.

When examining the cybersecurity statistics for the healthcare sector, Matt Walmsley, EMEA Director for Vectra, said there is an increase in two trends during the first five months of the year (January-May).

The first, he said is the upward trend of command-and-control behaviours, which indicate remote access to internal systems.

Vectra has seen a 38% increase in command-and-control behaviours from January-May 2020.

The second, he said is the doubling of data exfiltration behaviours, which indicates that data is leaving internal healthcare networks to external destinations like cloud services.

“This increase in remote access and data transmitted to external destinations aligns with the rapid adoption of cloud services in healthcare during the Covid-19 pandemic. Cloud adoption happened faster than proper due diligence can be applied by information security personnel and with proper security visibility and data governance,” he said.

Moreover, he said that the healthcare sector suffered the most due to sudden and rapid shift to the cloud to support overwhelmed infrastructure and increased collaboration using the same strapped IT and security resources.

Matt Walmsley, EMEA Director for Vectra

"Cloud adoption happened faster than proper due diligence can be applied by information security personnel and with proper security visibility and data governance," Matt Walmsley, EMEA Director for Vectra, said. (Image credit: Vectra)

Need of the hour is NDR platform

David Willis, head of cyber, governance and assurance at the Greater Manchester Health and Social Care Partnership, National Health Service, in the UK, has observed sudden growth in data movement outside of their organisation’s traditional boundaries.

 “That growth is most likely due to how the NHS has traditionally worked in siloed data centres behind a firewall and has now shifted to the Covid-19 world of cloud-based collaboration,” he said.

World Health Organisation (WHO) had said that they have seen a five-fold increase in phishing and ransomware attacks over the same period.

In March and April, security researchers, the US Department of Homeland Security, and other federal agencies warned that attackers were taking advantage of the increase in remote workers and the COVID-19 crisis.

These warnings ranged from launching ransomware, hijacking videoconferencing, targeting virtual private networks (VPNs), and ramping up business e-mail compromise schemes and fraud attempts.

Breaking down the healthcare threat data by geography, Vectra study showed that Europe, the Middle East and Africa (EMEA), as well as North America, experienced an increase in the volume of external data movement.

EMEA doubled the amount of data moving to external destinations over the five months from January-May 2020. In North America, healthcare providers experienced an initial spike in external data movement activity that settled down over time.

The bigger concern, Walmsley said is the increase in data that leaves the internal infrastructure to external destinations not seen before and this is likely due to the result of large volumes of health-related data rapidly propagating within cloud services.

“The problem of data going to new and unmanaged cloud services compounds the existing issue of unmanaged medical devices that are already widespread in healthcare,” he said.

The need of the hour, he said is that security teams must now urgently grapple with where healthcare data resides and how to safeguard it.

“To do so require pan-organisational cooperation among IT and security teams as well as network visibility that integrates the cloud and the on-premises infrastructure to enable truly comprehensive threat detection and response capability,” he said.

However, he said that security organisations in healthcare will likely struggle with managing the need for availability of patient information with the policy and controls required for securing and protecting that data in the cloud.

The best option, he said is to have a network detection and response (NDR) platform to detect and respond to attacks that have circumvented or defeated defensive controls and gained an operating capability inside an organisation’s infrastructure.

While the pandemic will likely dissipate, he said that the long-term impact for healthcare providers is likely to be profound – leaving business leaders and security professionals tasked with protecting an attack surface that to date has been uncharted.