A year ago it was just a subordinate clause, now it is an explicit warning: more and more often hospitals and other health care facilities are being targeted by cyber criminals. Especially ransomware blackmailers represent an extremely high danger. This is shown by the current situation report on IT security in Germany, which was published by the responsible Federal Office for Information Security (BSI) in October 2020. The sheer number of malware programs now even exceeds the billion mark: in the reporting period between June 2019 and May 2020 alone, 117.4 million new variants of known malware were added; the combination of emotet, trick bot and ransomware Ryuk was particularly active.
The consequences of a successful cyber attack were recently tragically demonstrated by the case of the University Hospital in Düsseldorf: The hospital was unable to accept any new patients after the failure of its IT system, which meant that a woman who urgently needed help had to be transported to a clinic much further away. The additional time proved to be fatal. The gateway for the ransomware attack was a security hole in Citrix' VPN software. And even though the attackers handed over the decryption key free of charge, it took more than two weeks before the hospital was able to resume normal operations to a reasonable extent.
The right approach to security should encompass a wide range of next-generation technologies that use threat intelligence and machine learning algorithms to do their job, including multi-layered security for endpoints - including physical and virtual machines, mobile devices, embedded devices in medical equipment and cloud-based workloads. However, many data leaks are not caused by malicious intent, but by carelessness. Internal training and education can help. All users with access to the relevant data must be aware of corporate compliance and industry-specific data protection policies. They also need to be sensitized to various threat situations and opportunities: How can phishing mails or compromised websites be detected? What are the current threats? Who do I need to inform in case of danger? The goal is to get a "human intrusion detection system" by attentive and trained employees, which contributes to the fight against cyber threats in addition to technological solutions.
Apart from the threat of external attackers, so-called "internal threats" also pose a threat. A DLP (Data Loss Protection) solution prevents the - whether negligent or intentional - outflow of data by employees. This can happen in many different places: For example, patient data can be sent unsecured by e-mail to the family doctor for further treatment or even to a third party due to a typing error. Healthcare institutions are particularly at risk in this respect, as employees are often simultaneously located in different data networks and process or forward information via private, usually unprotected end devices. A DLP solution ensures that employees can neither send data without authorization nor copy it to external data media. Outgoing messages are scanned based on a data classification that is adapted to the authorizations of the respective user. If classified data is contained, the transmission is blocked. There are also security solutions that sound the alarm if unusual activities occur. These include moving large amounts of data, actively using a computer outside of normal working hours and repeatedly visiting unusual websites.
A next-generation firewall, on the other hand, which has an integrated intrusion prevention system (IPS), not only analyzes the stream in real time to be able to react to threats early on. The technology is also capable of influencing firewall rules in the event of detected attacks without the need to configure complex connections and rule sets for communication between IPS and firewall.
