{"id":54600,"date":"2020-03-27T14:20:39","date_gmt":"2020-03-27T03:20:39","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=54600"},"modified":"2020-03-27T14:20:39","modified_gmt":"2020-03-27T03:20:39","slug":"healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/","title":{"rendered":"Healthcare sector must be protected from cyberattacks as it deals with Covid-19"},"content":{"rendered":"
<\/figure>\n

Over the past week, Covid-19 has upended our traditional assumptions about how we work and what services are critical, and has shone a spotlight on the importance of communication networks. Nationally, our concept of what is critical is continuously changing. Traditionally, Australian government efforts have focused on protecting the information contained on government and military networks, but largely left civilian networks to fend for themselves. We need to change our national cybersecurity priorities to match our new reality.<\/p>\n

Cybersecurity in the healthcare sector is traditionally very poor and medical staff are rightly focused on saving lives rather than upgrading IT systems. The healthcare sector is an attractive target for ransomware attackers because it has an increasingly large attack surface. The sector has to deal with a multitude of different systems from different vendors and the proliferating use of internet-connected healthcare devices. All of that makes hospitals a difficult IT environment to manage.<\/p>\n

Healthcare services are also made vulnerable by their need to use specialist medical equipment that is too expensive to replace regularly, but whose software isn\u2019t updated for security, as well as the lack of adequate IT resources to keep abreast of threat trends. Due to the critical and time-sensitive nature of their work, hospitals make particularly appealing targets for ransomware operators, because they are likely to pay ransoms.<\/p>\n

Worryingly, last year in the United States ransomware attacks made up more than 70%<\/a> of cybersecurity incidents in the healthcare sector. Ransomware attacks lock up IT systems until a ransom is paid, and are extremely disruptive to hospitals at the best of times.<\/p>\n

In the current environment, when hospitals worldwide are struggling to cope with critically ill Covid-19 patients, any disruption can be a matter of life and death. The virus has drastically altered the consequences from risks we were previously prepared to accept. The security of hospitals has always been seen as crucial, but just mere weeks ago we were content to (literally) live with the consequences of poor hospital cybersecurity.<\/p>\n

Just weeks later and the consequences of disruption are unthinkable.<\/p>\n

As Covid-19 exploits weaknesses in the immune system of its human hosts, malicious cyber actors take advantage of the fear associated with the pandemic to exploit weaknesses in our computer systems and networks.<\/p>\n

Hacking groups are already taking advantage of the chaos caused by the global outbreak of the virus. Despite some hacking groups saying<\/a> they won\u2019t target healthcare, in recent weeks a Covid-19 testing hospital <\/a>in the Czech Republic, hospitals in Spain<\/a> and a public health agency in the US<\/a> have all been hit with suspected ransomware attacks that have disrupted services including delaying surgeries. Although it\u2019s not clear how these networks were penetrated, there have been reports of phishing emails<\/a> targeting healthcare workers.<\/p>\n

Hospitals are obviously critical infrastructure. But with state and federal governments closing borders and non-essential services, we\u2019re one step closer to the lockdowns that are already occurring in the northern hemisphere.<\/p>\n

In January this year, Toll Holdings, a provider of transport and logistics support to businesses like Coles, was a victim of a targeted ransomware attack<\/a> that took its core services offline for six weeks. At the time, the event was of moderate interest to the media. Today, news of a logistics disruption would fuel further panic-buying of groceries and medicines and require a high-level government response. A similar ransomware attack today would be a problem for the nation, not just a problem for a single company like Toll.<\/p>\n

Maintaining access to the internet is also a critical issue. With increasingly large numbers of people worldwide under lockdown and working from home, the provision of reliable internet access has become central to the economy and necessary for supplying telecommunications and even entertainment. Network operators are seeing<\/a> large<\/a> increases<\/a> in internet traffic and some governments have responded by asking people to watch less TV.\u00a0The European Union recently asked<\/a> large streaming video companies like Netflix, Amazon (via Amazon Prime Video) and YouTube to reduce streaming volumes and \u2018preserve the smooth functioning of the internet<\/a>\u2019.<\/p>\n

Hospitals, transportation and governments influencing people\u2019s behaviour to preserve connectivity\u2014these are all examples of how priorities have been altered by the Covid-19 crisis.<\/p>\n

Rather than carrying forward with bureaucratic inertia, our cybersecurity policies and investments should be changed to match these altered priorities. Looking at healthcare in particular, state, territory and federal governments should reallocate federal money to hospital IT defence for worthwhile short-, medium- and long-term initiatives.<\/p>\n

Short-term efforts could include ongoing and reinforced education about phishing across frontline healthcare providers. Such programs could include phishing simulations and penetration testing. As cyber criminals and fraudsters seek to take advantage of people\u2019s fears about Covid-19, some practical efforts to make staff more resilient would yield immediate benefits and reduce the risk of phishing attacks leading to catastrophic breaches.<\/p>\n

In the medium term, governments could also assist by performing cybersecurity audits and providing (or funding) the expertise to develop remediation plans. This should initially focus on ensuring robust and effective data-backup strategies.<\/p>\n

They could also assist in developing robust guidelines for how to either digitally quarantine or replace legacy systems that can no longer be updated or patched.<\/p>\n

In the longer term, governments could encourage the development of interoperability standards that allow for a secure healthcare IT ecosystem. Part of the problem in healthcare is that solutions from different vendors often don\u2019t integrate well, placing the onus on cash-strapped IT departments to meld diverse systems into efficient workflows. This is difficult to do well with limited resources, and as a result security is often jettisoned in favour of usability.<\/p>\n","protected":false},"excerpt":{"rendered":"

Over the past week, Covid-19 has upended our traditional assumptions about how we work and what services are critical, and has shone a spotlight on the importance of communication networks. Nationally, our concept of what …<\/p>\n","protected":false},"author":1100,"featured_media":54607,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[2658,713,2138,987],"class_list":["post-54600","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-coronavirus","tag-cyberattack","tag-cybersecurity","tag-health","dinkus-coronavirus"],"acf":[],"yoast_head":"\nHealthcare sector must be protected from cyberattacks as it deals with Covid-19 | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Healthcare sector must be protected from cyberattacks as it deals with Covid-19 | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Over the past week, Covid-19 has upended our traditional assumptions about how we work and what services are critical, and has shone a spotlight on the importance of communication networks. Nationally, our concept of what ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-27T03:20:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/03\/GettyImages-1211268635.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"683\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jocelinn Kang\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jocelinn Kang\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/03\/GettyImages-1211268635.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/03\/GettyImages-1211268635.jpg\",\"width\":1024,\"height\":683,\"caption\":\"SEOUL, SOUTH KOREA - MARCH 09: Medical staff, wearing protective gear, move a patient infected with the coronavirus (COVID-19) from an ambulance to a hospital on March 09, 2020 in Seoul, South Korea. The South Korean government has raised the coronavirus alert to the \\\"highest level\\\" as confirmed case numbers continue to rise across the country. According to the Korea Centers for Disease Control and Prevention, 69 new cases were reported on Monday, with the death toll rising to 53. The total number of infections in the nation tallies at 7,382, the highest outside of China. (Photo by Chung Sung-Jun\/Getty Images)\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/\",\"name\":\"Healthcare sector must be protected from cyberattacks as it deals with Covid-19 | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/#primaryimage\"},\"datePublished\":\"2020-03-27T03:20:39+00:00\",\"dateModified\":\"2020-03-27T03:20:39+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/341d1ce2f1a835c9ebcb1d13a21e21e2\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Healthcare sector must be protected from cyberattacks as it deals with Covid-19\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/341d1ce2f1a835c9ebcb1d13a21e21e2\",\"name\":\"Jocelinn Kang\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e65b9e7b0bdec9c4f3380d2709fbd30f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e65b9e7b0bdec9c4f3380d2709fbd30f?s=96&d=mm&r=g\",\"caption\":\"Jocelinn Kang\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/jocelinn-kang\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Healthcare sector must be protected from cyberattacks as it deals with Covid-19 | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/","og_locale":"en_US","og_type":"article","og_title":"Healthcare sector must be protected from cyberattacks as it deals with Covid-19 | The Strategist","og_description":"Over the past week, Covid-19 has upended our traditional assumptions about how we work and what services are critical, and has shone a spotlight on the importance of communication networks. Nationally, our concept of what ...","og_url":"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2020-03-27T03:20:39+00:00","og_image":[{"width":1024,"height":683,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/03\/GettyImages-1211268635.jpg","type":"image\/jpeg"}],"author":"Jocelinn Kang","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Jocelinn Kang","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/03\/GettyImages-1211268635.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/03\/GettyImages-1211268635.jpg","width":1024,"height":683,"caption":"SEOUL, SOUTH KOREA - MARCH 09: Medical staff, wearing protective gear, move a patient infected with the coronavirus (COVID-19) from an ambulance to a hospital on March 09, 2020 in Seoul, South Korea. The South Korean government has raised the coronavirus alert to the \"highest level\" as confirmed case numbers continue to rise across the country. According to the Korea Centers for Disease Control and Prevention, 69 new cases were reported on Monday, with the death toll rising to 53. The total number of infections in the nation tallies at 7,382, the highest outside of China. (Photo by Chung Sung-Jun\/Getty Images)"},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/","url":"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/","name":"Healthcare sector must be protected from cyberattacks as it deals with Covid-19 | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/#primaryimage"},"datePublished":"2020-03-27T03:20:39+00:00","dateModified":"2020-03-27T03:20:39+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/341d1ce2f1a835c9ebcb1d13a21e21e2"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/healthcare-sector-must-be-protected-from-cyberattacks-as-it-deals-with-covid-19\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Healthcare sector must be protected from cyberattacks as it deals with Covid-19"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/341d1ce2f1a835c9ebcb1d13a21e21e2","name":"Jocelinn Kang","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e65b9e7b0bdec9c4f3380d2709fbd30f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e65b9e7b0bdec9c4f3380d2709fbd30f?s=96&d=mm&r=g","caption":"Jocelinn Kang"},"url":"https:\/\/www.aspistrategist.ru\/author\/jocelinn-kang\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/54600"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/1100"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=54600"}],"version-history":[{"count":8,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/54600\/revisions"}],"predecessor-version":[{"id":54605,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/54600\/revisions\/54605"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/54607"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=54600"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=54600"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=54600"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}