{"id":22167,"date":"2016-12-05T05:00:56","date_gmt":"2016-12-05T13:00:56","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=22167"},"modified":"2016-12-13T10:30:44","modified_gmt":"2016-12-13T18:30:44","slug":"2017-cybersecurity-predictions-ransomware-saas-challenges-persist-healthcare","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2016\/12\/2017-cybersecurity-predictions-ransomware-saas-challenges-persist-healthcare\/","title":{"rendered":"2017 Cybersecurity Predictions: Ransomware and SaaS Challenges Persist in Healthcare"},"content":{"rendered":"

This post is part of an ongoing blog series examining \u201cSure Things\u201d (predictions that are almost guaranteed to happen) and \u201cLong Shots\u201d (predictions that are less likely to happen) in cybersecurity in 2017. \u00a0<\/em><\/p>\n

2016 was the year of ransomware in cybersecurity, and it was especially impactful in healthcare. In this blog post, I\u2019ll lay out a few predictions about the type of threats that the healthcare industry will face in 2017.<\/p>\n

Sure Things<\/h3>\n

1. Ransomware Will Continue to Target Healthcare<\/strong><\/p>\n

I suppose this is an obvious one. Many hospitals were impacted by ransomware this past year. Hospitals in California, Indiana and Kentucky\u00a0were hit especially hard by ransomware variants that target servers, as opposed to user PCs. A hospital in Washington was impacted to the point where it had to redirect patients to other facilities in order to maintain adequate quality of care.<\/p>\n

The bad guys have turned to ransomware as their go-to choice of attack because the Bitcoin payments are anonymous and, as a business model, it is an effective way to get paid without getting caught by the police. They target healthcare because the attack vector for the highly effective SAMSA ransomware variant<\/a> is through unpatched JBOSS application servers in the DMZ (the internet-facing area of a network).\u00a0 Hospitals that have many of these servers and are being successfully exploited in increasing numbers.<\/p>\n

With any luck, the word has been spread well enough to healthcare organizations so that JBOSS vulnerabilities have been patched or at least mitigated. However, we haven\u2019t seen the last of this trend.\u00a0 Ransomware will continue to target healthcare throughout 2017 through the standard areas of attack: web-based drive-by downloads, malicious email attachments or links, and unpatched servers in the DMZ.<\/p>\n

2.\u00a0Accidental Oversharing in SaaS Apps Will Increase, Resulting in Losses of Patient Data<\/strong><\/p>\n

Medical staff love to use cloud file-sharing SaaS apps, like Box, Dropbox and Google Drive, because they fill a gap in many healthcare organizations: easy file sharing. The problem with the public versions of these services is that it\u2019s up to the user to control who has access to the files, and it\u2019s quite easy to accidentally configure a file containing protected health information (PHI) to be shared with the entire internet public. Enterprise versions of Box, for example, enable administrators the ability to restrict public access, but many healthcare organizations don\u2019t block the free versions.<\/p>\n

I wrote a blog post<\/a> earlier this year on the topic of SaaS security, along with some recommendations for mitigating the risk. Until healthcare organizations provide a sanctioned method for file sharing, both within and external to their organizations, and proactively block unsanctioned file-sharing websites, we are likely to see losses of patient data due to accidental oversharing.<\/p>\n

Long Shots<\/h3>\n

1. A Cyberattack on a Medical Device Will Cause the First Confirmed Injury to a Patient<\/strong><\/p>\n

Many medical devices used in medical facilities today lack basic security. Often, medical devices lack endpoint protection, and regular patching, functioning on outdated operating systems, like Windows XP. For these reasons, they are prime targets for malware and cyberattacks.<\/p>\n

There has been only one confirmed FDA order<\/a> to pull a specific medical device out of hospitals. I believe the reason we have only seen one is due to insufficient research on and awareness of the problem.\u00a0 There hasn\u2019t been much research because medical devices are expensive and there is no financial incentive to perform the sort of security research required to find and fix medical device vulnerabilities.<\/p>\n

Attackers motivated by money have used ransomware due to the quick payout and anonymity, but there\u2019s a type of attacker who is in the \u201cI did it because I could\u201d crowd. These adversaries hack for fun. To date there have been no confirmed cases of physical harm to patients due to a cyberattack on a medical device, but I believe that it\u2019s only a matter of time before a bad actor takes advantage of the most vulnerable area of hospital networks \u2013 medical devices \u2013 and wants to make a statement.<\/p>\n

What are your cybersecurity predictions for the healthcare industry? Share your thoughts in the comments and be sure to stay tuned for the next post in this series where we\u2019ll share predictions for financial services.<\/p>\n

\"CP17-infographic-phase4\"<\/span><\/div><\/a><\/p>\n

 <\/p>\n

This article originally appeared on <\/em>HealthDataManagement.com<\/a>\u00a0<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

This post is part of an ongoing blog series examining \u201cSure Things\u201d (predictions that are almost guaranteed to happen) and \u201cLong Shots\u201d (predictions that are less likely to happen) in cybersecurity in …<\/p>\n","protected":false},"author":142,"featured_media":22169,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[138,229],"tags":[3022],"coauthors":[1355],"class_list":["post-22167","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-healthcare","category-predictions","tag-2017-predictions"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/12\/CP17-Linkedin-698x400-healthcare-100.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/22167","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/142"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=22167"}],"version-history":[{"count":7,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/22167\/revisions"}],"predecessor-version":[{"id":22467,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/22167\/revisions\/22467"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/22169"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=22167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=22167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=22167"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=22167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}