After the attack on the CHSF in Corbeil

While the Corbeil-Essonnes hospital, in the Paris suburbs, has been the target of a computer attack since last week, an overview of the cyber threats affecting this sector.

When it comes to cybersecurity, healthcare is an area where the stakes couldn’t be higher. Digital threats to this sector, and to all critical infrastructure, have been escalating for years. And Russia’s invasion of Ukraine has further increased the threat level.

Europe’s cybersecurity agency, ENISA, reported a few months ago that attacks against the sector increased by nearly 50% year-on-year in 2020. There’s more than money at stake: a 2019 study claimed that even data breaches can increase the 30-day death rate of heart attack victims.

But by building cyber resilience through better IT hygiene, best practices, and improving incident detection and response, there is a way forward for the industry.

Why is healthcare vulnerable to cyberattacks?

Like all businesses, as connected entities, healthcare institutions have become common targets of cyberattacks. In addition to their office infrastructure, scanners, MRIs, biomedical devices and other connected objects represent as many points to be monitored and protected against the risk of attacks.

And like many companies and communities, health establishments have neither the resources nor the skills necessary to be able to react to the increase and determination of attackers. The sector is currently facing the following challenges:

> The shortage of skilled laborwhich affects the entire sector, but hospitals often cannot compete with the higher salaries offered in other sectors.

> The pandemic, which has put unprecedented pressure on staffincluding IT security teams.

> An IT infrastructure to be continually renewed.

> Vast amounts of data personnel and a heavy load to meet regulatory requirements.

> The adoption of maintaining data in the cloud, which can increase the attack surface. Many organizations lack the in-house skills to set up these environments securely.

> Connected devices, which include operational technology (OT) devices in hospitals. With connectivity comes the risk of remote attacks.

> The professionalization of cybercriminals who increasingly see these organizations as easy targets. Patient data, which can include highly sensitive information and financial details, is a lucrative commodity in cybercrime circles.

What to do against these cyber threats?

The question is to know what solutions to adopt when you know that your material and human resources are not unlimited and that zero risk does not exist. Stacking solutions is useless if they are not well configured or poorly supervised.

A discipline called Cyber ​​Threat Intelligence (CTI) makes it possible to better know its attackers, or even to anticipate attacks that could target a particular type of activity according to its characteristics, its cyber maturity and its level of equipment. The CTI takes these constraints into account to build a personalized cyber defense strategy.

It goes without saying that the adoption of the cloud makes life easier for administrators who can thus call on external forces to guarantee a level of operation and security that goes well beyond what would be necessary. Because all cyber defense involves constant updating, both of threat research elements and of infrastructures.

30 years ago, in the days of antivirus, we worked a lot with signature databases that we updated regularly. Today, we mainly work with algorithms both on local machines, and especially with the power of the cloud, which allows them to be fully exploited. The cloud provides the flexibility and responsiveness needed to fight against constantly innovating cyber threats.

MDR, for optimal security coverage?

Managed Detection and Response (MDR) is one of the best cybersecurity services possible. Its first interest is that it integrates Threat Monitoring, that is to say activity monitoring for the search for threats.

But sometimes, despite this monitoring, cybercriminals manage to penetrate the network. Fortunately, thanks to its Threat Hunting capabilities, the MDR regularly scans systems to ensure there are no dormant or hidden intrusions that might wake up on a Friday night.

Indeed, it is essential to opt for a 24/7 service, because cybercriminals attack the day before or on weekends, when the teams give themselves a well-deserved rest. This is usually when attacks begin and this service is there to monitor, detect and issue an alert if it identifies the beginnings of an attack. But the primary objective of the MDR really remains anticipation. The faster we detect, the more we can remedy it, prevent the spread, and eradicate the threat.

After the attack on the CHSF in Corbeil-Essonnes, what assessment of cybercrime in the hospital sector?