This content is available to the public and does not require IANS login credentials. Questions? Reach out to us at ians@iansresearch.com.

Content Icon

Poll: Defending Healthcare from Cyberattack During COVID-19

March 24, 2020 | Ask-An-Expert Writeups | Malware and Advanced Threats

Download PDF

The Challenge: Keeping Healthcare Up and Running

The security team for a healthcare organization is worried about hackers targeting the healthcare system while everyone is busy treating COVID-19 patients. Specifically, the team asks:

  • How can security teams stay on top of the threat?

I would be meeting with your chief medical information officer (CMIO) to understand what critical infrastructure is required to support the continuum of care for COVID-19 patiients. Ensure you know what devices are critical and understand their threat posture. Also, everyone is ignoring change control and standing up all sorts of ad hoc solutions for remote access and self-assessment websites. Those are the things that will bite you, changes made in the dark.


I would ensure you have excellent backups and practice your rollbacks. Ideally, you would patch and harden everything, but that is a huge undertaking. By ensuring you can rollback fast and completely if attacked by ransomware, you can mitigate your most likely attack vector.


Most organizations in the healthcare industry are way behind on patching – not just Windows patches, but third-party software as well. I strongly believe that unless/until patching is fully mastered across the network, including network infrastructure and medical devices, healthcare organizations will continue to see exposures/exploits. Focus on patch management. Spend the money to get the right tools. Do it as soon as possible.

Another thing to focus on (especially now, given the distractions of the novel coronavirus) is network visibility. You most certainly cannot protect against the threats and vulnerabilities you don't acknowledge. Now, more than ever, you need good information on what's happening on your network. The quickest solution: Outsource this to a managed security solutions provider (MSSP) that can get you up and running sooner as opposed to later. Stop trying to do everything. You don't have the time and quite likely, no offense intended, the expertise. Arguably the most important thing is to not turn a blind eye on these basics.

Finally, do what you can to stop focusing on Health Insurance Portability and Accountability Act (HIPAA) compliance and instead focus on security and resilience. If you're doing security the right way, HIPAA compliance will happen as a result.

I see three main issues:

  • The new SMB vulnerability could have an effect like WannaCry.

  • Network-connected ventilators are a thing. Basic Health Level 7 (HL7) information is sent from them, and straight-up connectivity can be an issue.

  • Communications – it causes panic, but I think the first two issues cause more direct harm.

Focus on increased patch management, isolation of waste and connected health devices, and increased threat hunting/signature creation for attack precursors (and scanning for those specific vulnerabilities). Now is some of the nest time to conduct red/purple teaming activities, identify soft spots and go directly into active rule-writing and defensive improvement, because there is a new flow to network traffic and signals.

Related Insights

Medical Device Security: A Status Check, July 18, 2019

Explain the Relationship Between Strong Security and Good Patient Care, July 29, 2019

Indicators of Compromise: Identify the Latest COVID-19 Attacks, March 20, 2020

Poll: Scanning Medical Devices for Security Vulnerabilities, Sept. 18, 2018


Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.

Related Research

Poll: Defend Zoom Meetings Against Attacks During COVID-19

As more companies use Zoom videoconferencing to meet and collaborate amid COVID-19, attackers are increasingly targeting the platform. In this Viewpoints report, IANS Faculty Sounil Yu, Kevin Beaver, Dave Kennedy and John Korpal offer tips for keeping Zoom meetings private and secure. 

Choose the Best Bitcoin Wallet for the Task

There are many bitcoin wallets on the market, but which is best to use as part of a ransomware response plan? In this Ask-an-Expert written response, IANS Faculty Jake Williams details the pros and cons of online, mobile, hardware and software wallets.

Indicators of Compromise: Identify the Latest COVID-19 Attacks

Attackers are poised to take advantage of the confusion and uncertainty surrounding the COVID-19 pandemic. In this Ask-an-Expert written response, IANS Faculty Ken Pyle details what organizations should watch for and recommends some key defenses to put in place.