March 2022

More than half of the real-time connected IoT medical devices in hospitals currently pose IoT (Internet of Things) security threats due to existing critical vulnerabilities that can considerably compromise patient care.

This is shown in the report

State of Healthcare IoT Device Security Report

2022 report from Cynerio, a company that develops IoT security platforms for healthcare.

According to the survey, 53% of the Internet-connected medical devices analyzed had a known vulnerability; for every smart device connected at the bedside, one-third were identified as presenting a critical risk.

Cynerio analyzed more than 10 million IoT medical devices in more than 300 global hospitals and medical facilities.

The report warns that if these medical devices were accessed by cybercriminals, it would affect service availability, data confidentiality, and even patient safety.

IoT security in healthcare: a major target for cyber attacks

And even with continued investments in cybersecurity, critical vulnerabilities remain in many of the medical devices that hospitals rely on for patient care.

In practice, healthcare institutions need advanced solutions that mitigate risks and enable them to fight back against cyber attacks, it could mean life or death for patients.

Of all medical IoT devices, the report found that infusion pumps are the most common device with some type of vulnerability at 73%, especially since they represent 38% of a hospital’s IoT.

If criminals hack into an IV pump, it would directly affect patients, since they are directly connected to their users.

Some of the main causes of vulnerabilities found in healthcare facilities result from relatively simple things, such as out-of-date programs.

For example, the report found that most IoT medical devices were running older versions of the operating system.

In addition, default passwords, used on every smart device, across the organization are common risks, especially since these credentials are weak and protect about 21% of smart devices.

In fact, healthcare has become the number one target of cybercriminals in recent years, mainly due to outdated systems and insufficient cybersecurity protocols.

Growing IoT Adoption Has Advantages and Vulnerabilities

The Internet of Things has over the years brought immense advantages to medical organizations and their patients.

From giving patients clearer visibility into their treatment to reducing some of the cost, access, and care coordination challenges currently facing the healthcare industry, IoT is poised to change the way we keep individuals healthy.

According to the report

Global Market Insights report

, the global healthcare cybersecurity market is expected to increase above $27 billion by 2025, with a CAGR of 19.1% from $8.2 billion in 2018.

The Internet of Medical Things (IoMT) has offered a simple doorway for cybercriminals trying to misuse and profit from vulnerabilities.

A
Open Source Cybersecurity Intelligence Network and Resource
states that there are, on average, 6.2 vulnerabilities per medical device.

Considering the sheer volume of IoT medical devices currently present in clinics and clinical environments, this shows a picture of high risk regarding IoT security.

IoT security poses risk to patient care

Because edge devices are absent in a secure network environment, it is simpler for cybercriminals to control the connected medical device, for example, a health assessment device, portable ventilator, or insulin pump, which sends crucial information to the hospital.

In addition, many of these devices are with default passwords and inaccessibility firewalls that make them more vulnerable.

Cybercriminals can gain access to the device to deploy harmful code and make unapproved modifications to the device’s software.

Appropriate anti-malware mechanisms should be in place to ensure the integrity of the device and protect it from spyware and Trojan attacks, thus ensuring IoT security.

Also regarding IoT security, healthcare institutions should still ensure the device is configured with strict password policies.

Compliance with the General Law on Data Protection (LGPD) is also required for equipment used to obtain patient health information.

An organization is only as strong as its weakest link

This means it is more important than ever that healthcare organizations protect and invest in IoT security on all network-connected devices.

Implying the implementation of a solution that can track all traffic to and from IoT devices, as well as limit who and what each device can talk to.

Finding a way to secure and track what machines and devices are doing is crucial. In addition, a vigorous, strong, cloud-oriented network infrastructure is critical.

As medical organizations seek to access the benefits of IoT devices, many of them become obvious targets for cybercriminals.

Getting the right infrastructure and processes in place to protect your frontline will help prepare for the correct and safe use of devices, as well as have the best patient outcomes.

CipherTrust Data Security Platform is the right solution for your hospital to ensure IoT security

The CipherTrust Data Security Platform solution is an important technology resource that can be associated with the use of the Internet of Things (IoT), further extending the security and protection of data.

According to IDC, more than 175 zetabytes of data will be created by 2025, and today more than half of all corporate data is stored in the cloud.

To address the complexity of IoT security, the CipherTrust Data Security Platform solution provides strong capabilities to protect and control access to sensitive data in databases, files, and containers. Specific technologies include:

CipherTrust Transparent Encryption

Encrypts data in on-premises, cloud, database, file, and Big Data environments with comprehensive access controls and detailed data access audit logging that can prevent the most malicious attacks.

CipherTrust Database Protection

It provides transparent column-level encryption of structured and confidential data that resides in databases such as credit card, social security numbers, national identification numbers, passwords, and e-mail addresses. Fundamental to ensuring IoT security in healthcare facilities.

CipherTrust Application Data Protection

It offers APIs for developers to quickly add encryption and other cryptographic functions to their applications, while SecOps controls the encryption keys.

CipherTrust Tokenization

It offers application-level data tokenization services in two convenient solutions that provide customer flexibility – Token without Vault with dynamic policy-based data masking and Tokenization in Vault.

CipherTrust Batch Data Transformation

It provides static data masking services to remove sensitive information from production databases, so that compliance and security issues, directly linked to the IoT security issue, are alleviated when sharing an information database with a third party for analysis, testing, or other processing.

CipherTrust Manager

It centralizes keys, management policies, and data access for all CipherTrust Data Security Platform products and is available in FIPS 140-2 Level 3 compliant physical and virtual formats.

CipherTrust Cloud Key Manager

It offers its own key lifecycle management (BYOK) for many cloud infrastructure, platform, and software-as-a-service providers.

CipherTrust KMIP Server

It centralizes key management for the Key Management Interoperability Protocol (KMIP) commonly used in storage solutions.

CipherTrust TDE Key Manager

Centralizes key management for encryption found in Oracle, SQL and Always Encrypted SQL.

The portfolio of data protection products that make up the CipherTrust Data Security Platform solution enables healthcare organizations to protect data at rest and in motion across the entire IT ecosystem and ensures that the keys to this information are always protected and only under your control.

It simplifies IoT security over data, improves operational efficiency, and accelerates compliance time. Regardless of where your data resides.

The CipherTrust platform ensures that your data is secure, with a wide range of proven, industry-leading products and solutions for deployment in data centers, either those managed by cloud service providers (CSPs) or managed service providers (MSPs), or as a cloud-based service managed by Thales, a leading security company.

Tool portfolio ensuring data protection in IoT devices

With data protection products from the CipherTrust Data Security Platform, your healthcare organization can:

Strengthen security and compliance

CipherTrust data protection products and solutions address the demands of a range of security and privacy requirements, including electronic identification, authentication and trustThe Payment Card Industry Data Security Standard (PCI DSS), the General Data Protection Act (LGPD), and other compliance requirements.

Optimizes staff and resource efficiency in IoT devices

CipherTrust Data Security Platform offers the broadest support for data security use cases in the industry, with products designed to work together, a single line for global support, a proven track record of protecting against evolving threats, and the industry’s largest ecosystem of data security partnerships.

With a focus on ease of use, APIs for automation, and responsive management, the CipherTrust Data Security Platform solution ensures that your teams can quickly deploy, secure, and monitor the protection of your business.

In addition, professional services and partners are available for design, implementation, and training assistance to ensure fast and reliable implementations with minimal staff time.

Reduces total cost of ownership

CipherTrust Data Security Platform’s data protection portfolio offers a broad set of data security products and solutions that can be easily scaled, expanded for specific use cases for IoT security, and have a proven track record of protecting new and traditional technologies.

With CipherTrust Data Security Platform, healthcare institutions can prepare their investments for the future while reducing operational costs and capital expenditures.

About Eval

With a track record of leadership and innovation dating back to 2004, Eval not only keeps up with technological trends, but we are also in an incessant quest to bring news by offering solutions and services that make a difference to people’s lives.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

The year 2021 was a total highlight for ransomware attack cases as it wreaked havoc on individuals and organizations around the world when it comes to Cybersecurity. It is a trend that will continue into 2022 and beyond.

While ransomware is not new to Cybersecurity, it is a threat that has received attention at the highest levels of government and business.

The threat has affected people’s ability to get medical care, put gas in their vehicles, and buy groceries, among other impacts.

The financial effects of a ransomware attack also became prominent during 2021. The impacts hit supply chains, causing more widespread damage than an attack against a single individual.

There has also been an increased response from government and technology vendors to help stem the tide of ransomware attacks.

Anatomy of a ransomware attack in 2021 and 2022

We haven’t even finished the first quarter of 2022 and ransomware attacks are already catching our attention. Companies such as Americanas, Submarino, Shoptime, Samsung, NVidia, and Mercado Livre have recorded Cybersecurity incidents that were probably triggered by ransomware attacks and phishing scams.

The anatomy of attacks that occurred throughout 2021, and will likely continue into 2022, indicates that cybercriminals have realized that certain techniques produce better results and are focusing on those approaches.

Let’s look at some of the main attack characteristics.

Supply Chain Attacks

Instead of attacking a single victim, the supply chain attacks have extended the blast radius. An excellent example of a ransomware attack in 2021 is the Kaseya attack, which affected at least 1,500 of its managed service provider customers.

Double Extortion

In the past, ransomware was about attackers encrypting information found on a system and demanding a ransom in exchange for a decryption key.

With double extortion, the attackers also export the data to a separate location. There, it can be used for other purposes, including leaking the information to a public website if payment is not received.

Ransomware as a Service (RaaS)

In Cybersecurity, gone are the days when every attacker needed to write their own ransomware code and perform a unique set of activities. RaaS is pay-per-use malware.

It allows attackers to use a platform that provides the code and operational infrastructure necessary to launch and maintain a ransomware campaign.

Attack unpatched systems

This was not a new trend for 2021, but it remains a problem year after year. Although there are ransomware attacks that use new zero-day vulnerabilities (
Zero Day
), most continue to abuse known vulnerabilities in unpatched systems.

Phishing Scams

Although ransomware attacks can infect organizations in different ways, in 2021, some form of phishing email was the primary cause.

How to invest in Cybersecurity and prepare for ransomware attacks

Perhaps one of the most important cybersecurity lessons to be learned from the past few years is the importance of advanced preparation for potentially disruptive incidents, such as phishing or ransomware attacks.

A wave of social engineering coups followed as the global health crisis spread around the world, striking at the fears and discomfort of workers during this uncertain period.

While many of the phishing and ransomware controls are already in place today, there are important steps that security administrators should take to prevent and address a potential attack.

Daily Cybersecurity checks for phishing and ransomware

During business activities the main ways to prepare for phishing, ransomware and other cyber attacks include the following:

Secure the network perimeter and mitigate any potential breaches to prevent malware from entering the organization;
Analyze intrusion attempts and make adjustments to perimeter protection as needed;
Ensure that network perimeter Cybersecurity equipment, including firewalls, intrusion detection and prevention systems, DMZs, and security analysis systems and software are up to date with current configurations and rules;
Regularly monitor performance metrics, such as average detection time and average repair time, to ensure that incidents are managed effectively;
Test and verify cybersecurity management systems and software can be accessed and managed remotely;
Perform regular updating of safety equipment rules and other parameters;
Install and test all relevant patches;
Review and update cybersecurity policies and procedures as needed, especially for phishing and ransomware incidents;
Train cyber security team members on all security mitigation features, procedures, and policies.

Investment in Cybersecurity goes beyond critical global events

The COVID-19 pandemic and other global events, such as Russia’s current war against Ukraine, affect thousands of companies and millions of people around the world.

While the long-term implications have yet to be determined, for cyber security professionals, the need for increased due diligence is key.

With people working remotely and focusing on global issues, cybercriminals are likely to be more aggressive.

In future similar events, the need for proactive Cybersecurity management will be an essential business requirement.

CipherTrust Transparent Encryption: Real-Time Protection Against Any Type of Ransomware Attack

CipherTrust Transparent Encryption is a file system-level encryption solution that leverages the encryption and key management capabilities of the CipherTrust Manger platform to protect against any type of Ransomware attack.

Filesystem-level encryption is a form of disk encryption in which individual files or directories are encrypted by the system itself. The CipherTrust Transparent Encryption solution performs transparent encryption.

In practice, authorized users continue to have read and write access to the encrypted data, while unauthorized users cannot access the encrypted data. As the main characteristics of the solution, we can highlight:

Centralized key and policy management to meet compliance requirements;
Performs transparent encryption of server data at rest without interrupting business operations or application performance;
Granular access controls so that unauthorized users and processes cannot access the encrypted data;
It can be deployed on network shares, file, web, application, database servers, or other machines running compatible software.

Deployment is simple, scalable, and fast, with agents installed on the operating file system or device layer, and encryption and decryption are transparent to all applications running above it.

CipherTrust Transparent Encryption is designed to meet data security compliance requirements and best practices with minimal disruption, effort, and cost. Critical to combating the Ransomware attack.

Implementation is seamless, keeping business and operational processes running smoothly, even during deployment and launch.

About EVAL