“The COVID-19 pandemic is spurring adoption of cloud services across all industries as they rapidly pivot to support remote work and collaboration. This is particularly true for healthcare providers at the front line as they leverage remote access and cloud analytics to scale operations. While the pandemic will likely dissipate, the long-term impact for healthcare providers is likely to be profound – leaving business leaders and security professionals tasked with protecting an attack surface that to date has been uncharted.”
That’s according to the new 2020 Spotlight Report on Healthcare, a study from security vendor Vectra, which develops network threat-detection and response technology.
WHY IT MATTERS
According to the report, the rush to scale up cloud services in order to manage the myriad new demands imposed by pandemic carries risks, given healthcare providers’ “sudden and rapid” shift toward remote hosting as they seek to support big telehealth expansions and work-from-home accommodations.
“Healthcare providers have been tasked with quickly leveraging remote access and cloud analytics to scale their operations,” explained Chris Morales, head of security analytics at Vectra, in a statement.
“While cloud computing better optimizes the use of resources in healthcare, it also creates significant risks. This is especially true when cloud adoption happens faster than proper due diligence can be applied by information security personnel. This trend will persist well after the pandemic.”
The quick shift toward cloud hosting, often done in a hurry, without enough due diligence around vendors and configurations, means IT and infosec teams now have a much larger threat surface to safeguard, according to the Vectra report.
Going forward, even as the pandemic hopefully one day subsides, that will require heightened levels of vigilance and cross-enterprise collaboration, and may demand new strategies for ensuring adequate visibility into where health data resides.
THE LARGER TREND
In a quote from the Vectra report, UK-based David Willis, head of cyber, governance and assurance at the NHS Greater Manchester Health and Social Care Partnership, noted that his organization had seen a “stark and sudden growth in data movement outside of our organization’s traditional boundaries.”
That increase, he said, is “most likely due to how the NHS has traditionally worked in siloed data centers behind a firewall and has now shifted to the COVID-19 world of cloud-based collaboration.”
In its new report, Vectra took a close look at potentially threatening network behaviors such as command and control, internal reconnaissance, lateral movement and data exfiltration – and found these threats often to be connected to advantageous exploitation of cloud migration activities, rather than from pointed attacks, according to researchers.
Among some specific findings, they found a 38% increase in command-and-control behaviors from January to May, indicating remote access of internal systems by the remote workforce.
Researchers also noted a doubling of data exfiltration behaviors, pointing to data leaving internal healthcare networks to external destinations like cloud services. So-called smash-and grab behaviors, meanwhile, also increased significantly, which can occur with a medical device that sends large amounts of data to a hosted cloud site. Data-smuggler activity, which can occur when patient medical records are transferred to cloud storage, has also seen an uptick.
“While the use of cloud computing to optimize resources in the healthcare sector has great potential, there are also risks,” said Vectra researchers. “This is especially true when cloud adoption happens faster than proper due diligence can be applied by information security.”
ON THE RECORD
“COVID-19 has accelerated the roadmap for cloud adoption faster than most organizations can ensure the secure transition data to cloud services,” said Morales in a blog post. “This leaves healthcare security teams in a reactive mode as they try to identify new vulnerabilities and stop new threats rather than staying proactive to head-off the spread of potential attacks.
“The healthcare attack surface of unmanaged medical IoT devices is now compounded with an attack surface of unmanaged cloud services,” he added. “This is incredibly risky and represents a future cyberpandemic just waiting to happen.”
In a crisis, the “need for immediate response outweighs the normal policy oversight to ensure secure data-handling processes,” said Morales. But even once the coronavirus emergency has hopefully subsided, he suggested, healthcare security pros will still “likely struggle with managing the need for availability of patient information with the policy and controls required for securing and protecting that data in the cloud.”
Security in the COVID-19 Era
This month we look at how the COVID-19 pandemic is fundamentally changing healthcare organizations’ approaches to security, now and in the future.