Healthcare providers face the challenge of securing their expansive networks from external threats while protecting caregivers, doctors, equipment, and patients. Cyber-attacks are increasingly targeting healthcare systems, disrupting operations and jeopardizing patient safety. In addition to exposing confidential records, these attacks can compromise critical medical devices and systems, leading to delays in treatment, hospital closures and, in severe cases, the potential for patient fatalities. A recent survey found that 77% of healthcare organizations that experienced cyber-attacks reported disruptions to patient care, with some incidents resulting in longer hospital stays or even increased mortality rates. The financial impact is also significant, as the average cost of a healthcare data breach reached $11 million in 2023, highlighting the growing complexity and consequences of such attacks.

Source: Health Leaders Media, HIPAA Journal, Oliver Wyman, ASIS International

Ransomware Attack on Universal Health Services (UHS) Targeting OT Systems (2020)

Universal Health Services (UHS), one of the largest healthcare providers in the U.S., was attacked by the Ryuk ransomware in September 2020. While the attack primarily affected IT systems, there were also impacts on OT systems that manage critical infrastructure like HVAC (Heating, Ventilation, and Air Conditioning), medical devices, and building access controls.

Impact
  • IT and OT systems were down for several days across over 400 UHS facilities in the U.S. and UK.
  • Medical devices connected to the network, including those used for diagnostic and treatment purposes, were rendered inoperable.
  • Patients had to be diverted, and hospital operations were significantly impacted, including the ability to access electronic health records (EHRs) and use connected diagnostic tools.
  • The total cost of the attack was estimated to be over $67 million.
Government Response/Regulation
  • HHS and ASPR Guidance: The Department of Health and Human Services (HHS), through its Office of the Assistant Secretary for Preparedness and Response (ASPR), issued updated guidelines for the healthcare sector. These guidelines emphasized the need for robust cybersecurity practices, including network segmentation to separate IT and OT systems, thus preventing ransomware from propagating across different domains.
  • CISA Collaboration: CISA partnered with HHS and the FBI to release advisories specific to healthcare facilities, outlining best practices such as multi-factor authentication (MFA), securing remote access points, and enhancing monitoring systems to detect threats early.
  • Federal Initiatives for Enhanced Security Standards: The Biden administration proposed initiatives to align healthcare cybersecurity standards with those used in other critical sectors like defense. These measures aim to establish stricter compliance frameworks similar to HIPAA but specifically focused on cybersecurity and infrastructure protection.
  • Potential Cybersecurity Certification Models: Inspired by the Department of Defense’s cybersecurity protocols for contractors, there are ongoing efforts to introduce similar certification models in healthcare. These would mandate compliance and accountability for healthcare systems to ensure they meet rigorous security standards.
Lessons Learned
  • Network segmentation between IT and OT systems is crucial to prevent ransomware from spreading across both domains.
  • Healthcare organizations need to regularly update and patch medical devices and other OT systems to minimize vulnerabilities.
  • Ransomware attacks can cause significant damage by disrupting not only IT systems but also connected OT and IIoT systems critical to patient care.

Gartner’s August 2024 Market Guide for Medical Device Risk:

Invisinet is highlighted as an emerging solution to turn your network from a vulnerable to strong, from confusing to clear–Invisinet is here to redefine healthcare network security.

The Invisinet Solution 

  • Zero Trust Approach: limits access to critical systems to only pre-authorized users, reducing the chances of unauthorized actors gaining entry. This would include multi-factor authentication and strict user identity verification.
  • Cloaking Key Systems: Invisinet’s cloaking technology hides key IT and OT systems (particularly SCADA) from the attackers, making it harder for them to identify which assets to target.
  • Maximize Your ZTNA Investments: Incorporating identity data within session packets enhances real-time network auditing and reduces false indicators of compromise. Additionally, Invisinet enhances your anomaly detection, making it smarter and more effective.
  • Regulatory Assurance: Invisinet supports regulatory compliance by integrating real-time auditing features, ensuring that identity information is accurately monitored and reported within session packets. This not only helps meet evolving cybersecurity regulations but also mitigates non-compliance risks, all while delivering cost-effective and low-disruption solutions that align with operational needs.
  • Seamless IT and OT Integration: Invisinet bridges IT and OT layers, providing end-to-end, low-latency protection within heterogeneous environments. This ensures that both domains are secured effectively without compromising speed or efficiency, making it a truly cost-effective solution for industrial and critical infrastructure.