Plugin devices expose hospitals’ Achilles heel, requiring new approach
By BUFFERZONE Team, 11/09/2022
The healthcare industry is one of cybercriminals’ favorite targets, for obvious reasons. Hospitals store a large quantity of highly confidential data and need to protect themselves against a situation in which their IT systems are locked up and they are prevented from accessing crucial patient care records.
A scenario in which hospital personnel can’t access patients’ most recent records could lead to delayed or wrong treatment, which in turn might result in unnecessary suffering or even death.
Malicious actors pose an especially vicious threat to hospitals these days. First, cybercriminals encrypt all data and prevent access. At the second stage they threaten to publicize highly confidential patient care information. Healthcare facilities are particularly sensitive to both options and are therefore preferred target for cyber gang.
This danger is highlighted in the “State of Ransomware in Healthcare 2022”, recently published by Sophos. The report indicates that cyberattacks almost doubled last year (2021), with 66 percent of healthcare organizations reporting that they were hit by ransomware, up from 34% in 2020.
Criminals targeting the healthcare industry are highly creative and operate in different ways. For example, the FBI issued last year a warning about Hive ransomware, following an attack and ransomware demand on Marietta, Ohio-based Memorial Health System, that shut down its IT network.
Computer professionals and cybersecurity experts are investing immense efforts and resources in attempts to mitigate the damage caused by such cyberattacks. Hospitals should, however, protect themselves not only against attacks stemming from phishing emails with malicious attachments, but also against threats emerging from the usage of portable storage devices.
Although this is one of cybercriminals, oldest tricks, USB sticks are still used by gangs to try an invade computer networks. Doctors and other medical professionals need to routinely process medical information, including very large imaging files provided by patients on removable media such as a CD or USB memory stick. Often, these are used with no inspection.
Keeping the risk away
Hospitals need to implant security solutions that enable them to accept personal files through removable media, without putting security and privacy at risk.
One easy to adopt solution is BUFFERZONE®’s Safe Workspace™. When a doctor opens a CD or USB memory stick, it opens inside the BUFFERZONE® virtual container. From the hospital staff perspective, the files open normally. But behind the scenes, the files are opened in an isolated environment. If malware is present on the CD or USB memory – either intentionally or unintentionally – it will be contained in this Safe Workspace, where it cannot affect the rest of the endpoint or access the hospital network.
With BUFFERZONE®’s SafeBridge®, files can be safely disarmed of any risky components and removed from the container. Optionally, organizational policy can have this happen automatically. Periodically, the container with any possible malware is emptied.
The BUFFERZONE® Safe Workspace™ solution does not rely on error-prone, easily outdated detection, instead providing a pro-active containment and disarming solution that works equally on known and unknown malware. With BUFFERZONE®, endpoints and hospital networks are protected from malware and zero-day exploits at all times, providing higher levels of security at a cost-effective price.