Understand how cyber attacks happen in hospitals

Vulnerabilities in hospital systems can lead to breaches in cyber-attacks, causing real chaos in the healthcare routine. This kind of conquest is proceeding at an accelerating pace in the world and is no different here.

Organizations need to be protected from the ransomware nightmare, which infected 400 medical facilities from Universal Health Services Inc in countries like the US and UK in 2020. It was the biggest cyber attack on healthcare facilities, paralyzing computers, phones and all systems Financial and public health damages.

publicity celebrity

Slots for cyber attacks

One of the main openings for cyber-attacks in hospitals is the weakness of the management systems used by organizations, particularly with regard to the use of passwords by users.

Something similar to what happened in another known case, but now in Brazil: the attack on the systems of the Ministry of Health and the ConectSUS application, in December 2021.

In it, criminals also prevented employees from accessing corporate phones, intranets and email, as well as affecting the vaccination records of the Brazilian population.

Rodrigo Luchtenberg, Director of Services and Technology for Flowti, the company that operates IT management for hospitals, is headquartered in Rio Grande do Sul.

Read more:

System authentication as a solution

To prevent issues like the ones mentioned above, some countries in Europe and the UK are already discussing a rule changing the systems authentication, which today is exclusively via username and password, in favor of information security and ensuring secure IT management in the hospital.

Incidentally, a ransomware attack usually has to enter systems through its weakest link, Luchtenberg mentioned.

Entering credentials is a great source of information for a hacker. If he can “see” that the password used in System A was X, he can infer that in other systems, the same person is using a similar password and seeking to authenticate themselves in a different program To get access with the same credentials. If successful, the invasion has already begun — indeed, it’s a “legitimate invasion”, since the credentials used are valid,” he says.

Rodrigo Luchtenberg, Director of Services and Technology at Flowti, offers tips to help prevent cyberattacks in hospitals; An increasingly common problem in Brazil and in the world. Photo: Flowti . Disclosure

How are attacks designed?

Of the cyber attacks already detected by forensic investigations, 89% started with the end user, i.e. the end user, usually while typing their password to gain access to systems.

“Usually this type of attack starts with emails – the so-called phishing, a kind of social engineering where a link is sent from an ostensibly secure source. The user clicks on the link and uses their device without them noticing anything else. From now on, the virus has Already installing himself and the hacker silently monitoring the accesses that this employee has, an example is the ERP system of a digital hospital”, explains the specialist.

Tips to prevent cyber attacks in hospitals

No password in important systems

The term has been increasingly adopted by system programmers and explains the practice of reducing the need to use a password written into the program. Instead, other technologies such as biometrics and/or facial recognition are used because they are more secure against ransomware attacks.

Digital + physical identification to access

Simply using biometrics and/or facial recognition is not enough. For greater security, you need a physical means that confirms the authenticity of the user, such as a unique encrypted key that is installed on the computer.

In this way, a double check is performed to release access, and even if the hacker obtains a copy of this key, the system blocks when the original version has not been used.

Zero Trust Policy

In this type of cyber defense architecture, everything is checked across the system, from the cryptographic token to biometrics. It is possible to enable this type of verification protocol after a certain stage of access to the system or application, so that information security is greater at certain times.

This architecture is based on not trusting anything, be it users, systems or devices, so it is considered one of the most secure means of authentication.

It also includes the principle of non-repudiation, known as the principle of non-repudiation, which guarantees the validity of the endorsements, that is, a person or entity cannot deny the authorship of the endorsement, since there is a guarantee that the person can in fact obtain the access granted, resulting in a high level Very reliable.

Have you seen our new YouTube videos? Subscribe to our channel!

Leave a Comment