By: Hank Thomas
CEO Strategic Cyber Ventures
It has been a year since the United Kingdom’s National Health Service (NHS) was hit with the WannaCry cryptoworm. In May of 2017 it made its way onto the cyber scene impacting 250 of their 603 facilities. WannaCry targeted computers running Microsoft Windows by encrypting data and demanding ransom in Bitcoin. Fortunately, the NHS had an antiquated system that provided an unintentional security air gap between its business network and much of its medical device networks. Unfortunately for the world, NHS was just one of many that were eventually impacted by WannaCry, as it became a global crisis far beyond healthcare.
Infections at Bayer Corporation were the first evidence that the WannaCry outbreak had hit U.S. healthcare entities. It was also the first known instance of ransomware affecting the operation of medical devices. The widespread deployment of IoT to include medical devices, sensors of all types, and even surveillance cameras throughout industry and government has massively expanded the cyber-attack surface from medical facilities to power plants to government agencies.
Global cyber-criminal syndicates are increasingly turning to publicly-available, easily-acquired tools, like the ones behind WannaCry. Additionally, the identification and targeting of exposed systems can now be achieved via tools like Shodan that can identify embedded systems that are exposed to the Internet. Not only are these systems increasingly connected and accessible, it’s relatively simple to find them.
We are seeing a massive expansion of global cybercriminals, and second tier nation states, using these tools and the tactics, techniques, and procedures that often accompany them. It is getting easier for criminals to sell or share, and consumers to buy or obtain, stolen sensitive security data through Pastebin and in the dark web where posts exposing device IP addresses, and other identifying information, are traded in marketplaces. The risk of accessibility and discoverability are increased by nation states no longer having a monopoly on cyber weapons. Increasingly even some first world powers have lost control of the powerful cyber weapons they have created, much like what appears to have occurred one year ago in the WannaCry outbreak.
It is critical that the medical sector follow more mature industries like financial services and quickly grow world class security defenses and teams. Simply improving cyber hygiene and security patch management could have prevented much of the impact of WannaCry. As we have mentioned in our previous blogs, cyber security controls like deception technology and others in the Strategic Cyber Ventures portfolio represent a good starting point for anyone needing a security roadmap. Building capable security operations and intelligence teams or finding a managed security service that is the right fit for you, is equally important. There must be a culture that ensures actionable intelligence drives your security operations. The medical sector is embracing IoT technologies, which allow for greater efficiency and mobility in so many ways. But they also incur greater operational and systemic risk of attacks.
The widely publicized ransomware attacks on the city of Atlanta are only the most recent of the many that occurred in the year since WannaCry hit the internet. These attacks are estimated to have cost Atlanta nearly $3 million to date. We can expect to see criminal syndicates and rogue and hostile nation states continue to ramp up their use of these tools and tactics in support of a variety of criminal, political, and military objectives in the healthcare sector and beyond. We can also expect for the tremendous financial impact to soon be rivaled by imminent risk to human life that could occur when connected medical and other IoT devices, with life support functionality, are impacted by fast moving cyber-attacks.