Protecting Our Healthcare Heroes: Preventing Cyber Attacks During a Crisis
随着Covid-19 Pandemase指挥很多时间，我们的医疗保健网络的关注和资源，Cyber Thieves正在使用它作为攻击的机会。雅各布Operations Manager, Director and Data Scientist for Cyber Charles Ramsay shares some insights on steps to take to help protect our医疗保健机构.
You might think, because of the life-saving work they perform every day, that healthcare providers would be immune from hackers and cyber thieves, especially during a pandemic.
This is not the case.
据最近的新闻故事报告Bloomberg, cyber-attacks specific to the COVID-19 crisis events include attacks on the World Health Organization and the U.S. Health and Human Services Department hospitals; upon on federal, state, and private sector critical infrastructures; and include fraudulent attempted sales of pharmaceuticals and critical medical equipment, using online social engineering.
电子邮件攻击包含恶意链接暴露s the person to attack when they click on an email, taking them to a URL containing compromising executable code. A banking trojan is malware intended to extract banking account information from the victim’s banking accounts and computer assets.
通过多么复杂的银行木匠恶意软件已被说明Emotet, a banking trojan now classified as a malware bot. As reported byMalwarebytes，“国土安全部......圆满结论是，情绪是最昂贵而破坏性的恶意软件之一，影响政府和私营部门，个人和组织，每次事件的1亿美元耗时地耗费1米。
What is Social Engineering?
在克里斯托弗哈特纳迪的书中Social Engineering: The Art of Human Hacking他将社交工程师分解为11个类别，从诈骗艺术家和身份窃贼甚至不满员工。
Types of SEA include email phishing attacks, online data collection of personal profile information and phone calls. Attacks include the impersonation of IT support, customer support or Human Resources, as well as federal or local government and others. Usually, during a SEA, the main goal is to extract as much information about the victim as possible, including personal information, credit card information, family information (e.g. names, birthdates, security credentials), phone numbers, job titles and roles, locations, social security information and anything that may provide hackers with enough data to proceed to the next phase of the attack. Next steps include using this information to gain access to others for exploitation or injecting malicious exploits on the victim’s computer network.
在Verizon2019 Data Breach Investigations Report在此，过去五年来，据报道，社会工程袭击达到了报告所有数据违规行为的35％。不，verizon调查结果不包括可能来自受损安全凭证的数据漏洞，导致系统违反本身。
Attempts to exploit by human fear allow social engineers to gain information – for instance, healthcare worker information. The over-worked healthcare crisis management teams may be targeted because fear and stress breed opportunity for hackers.
Imagine yourself as a healthcare professional receiving the following email - Subject: “CDC Announces New COVID-19 Recommendations for Emergency Room Triage” - with a link embedded within the professional email message. It may only take one of potentially thousands of healthcare workers to click on that one malicious link to expose an entire hospital network.
在以前的客户参与中，Jacob的网络数据科学团队正在使用源自小型医院链的数据。在我们的评估期间，发现了几项IOC（包括 - 即潜在的安全漏洞），其中包括不足的医院IT部门，优先事项重点关注以下内容：
- Healthcare staff day-to-day needs
- 走读生的集成和维护al systems (out of network)
- Renovation Planning
由于医疗保健传统上不是攻击者的高调目标，所以医院和医疗保健设施的网络安全通常是优先事项。这已不再是这种情况。Hospitals and healthcare facilities have gained the attention of those who intend mal-intent for predominantly financial gain through fraudulent means.
Through social engineering and other methods, a bad actor can gain a foothold on the computers of key IT personnel with the right document coupled with the right exploit in an instance. Below are some steps that may help alleviate cyber threats, specifically social engineering exploits.
- In general, just eliminating email workflows of documents that start outside of the organization can improve the organization’s security posture by an order of magnitude.
- 培训和人员勤奋 - 只需要一个实例来危及网络。了解网络威胁和培训专业人员对适当的威胁预防指导方针有助于预防此类袭击事件。网络安全意识培训，网络劳动力发展和隐私意识培训，包括社会工程预防，都有助于减少威胁。
- 工作流 - 每个组织都有工作流程，倾向于围绕电子邮件旋转。接收，审阅和批准附件是常见的。点击链接，打开附件和其他正常日常无害活动可能导致开发。工作流程应该是a）确定，b）淘汰和c）减轻：
- Identify - Identify existing workflows and observe potential points of risk;
- 消除 - 通过电子邮件选择安全系统工作流程。在可能的情况下，消除电子邮件附件工作流程。例如，而不是接受恢复或患者记录作为电子邮件附件，请求通过可以从IT批准的浏览器查看的云文档向共享文件夹进行链接;
- Mitigate –Some email attachment workflows will not be easily eliminated. However, email attachments can be stripped from emails and replaced with internal links to documents. Limiting exchanged interorganizational emails to those with whom you have an encryption relationship can decrease the likelihood of an attachment being malware. But it must be remembered that the exchange of signatures involves public keys and there is no expectation that public keys will be protected. This means that encrypted emails can still come from spoofed email sources.
- 严格遵守健康保险便携性和问责法（HIPPA）合规性 - 海马保护个人的个人健康信息（PHI）免受公共获取。存在HIPPA Compliance Software Standards, and HIPPA compliant software includes Database Encryption and strong administrative protections (including frequent monitoring and audits). Risk Management Framework and other government-provided security frameworks and controls provide a strong security baseline for IT professionals.
- 网络准备，安全实践和角色 - 医疗保健可以从主动和量身定制的网络举措中受益，以包括防御性网络漏洞评估，典型网络工具和安全云设备的应用。
- Monitoring, Metrics and Adjustment – The monitoring and assessment of network traffic found in healthcare facilities can lead to the discovery of anomalous behavior beyond conventional Intrusion Detection Systems (IDS). Cyber BU analytics that discover threats that normally go undetected can be leveraged.
Cyber-attacks are targeting our healthcare system and have the potential to significantly disrupt the ability to provide critical aid. As networks are increasingly vulnerable, especially through social engineering, we recommend identifying, eliminating and reducing workflows surrounding email systems to greatly reduce the risk of end points being compromised.
Charles Ramsay, Jacobs Operations Manager, Director and Data Scientist for Cyber, is a computer and data scientist with over 20 years’ experience. He and his team are responsible for data science research and development and for the transition of capabilities into real-world client needs.