11 May 2023
Cloudy with a chance of cyberattack
Healthcare is a prime target for cyber criminals, consistently leading the ranking of industries (H2 2022) reporting the most data breaches to the OAIC.
As cloud adoption accelerates in the sector, so does its potential to become a risk factor for health and healthcare organisations. Indeed, threat actors are increasingly looking at cloud environments as a lever to launch cyberattacks, and recent research by Netskope Threat Labs shows that 42% of malware delivered to enterprise healthcare workers in February 2023 was achieved via cloud applications. To minimise the occurrence of major cyber incidents disrupting health operations, while maintaining the benefits brought by cloud solutions, the industry needs to adjust its security standards.
Overcast in healthcare
The continued digitisation of health is accelerating cloud adoption in healthcare. New research shows that healthcare workers already use 22 different cloud applications at work per month on average, with the most popular being those from the Microsoft and Google suites (OneDrive, Teams, Sharepoint, Google Drive, Gmail and Youtube). Most clinical and practice management software and electronic health record software providers are also migrating customers to their cloud version, and myriad niche applications are implemented to optimise processes across medical teams and departments.
The way health and healthcare organisations operate is also changing, and their network perimeter with it. Many physicians and nurses work at multiple locations for the same institution, sometimes visiting several locations in one day, or clinical staff may conduct research at a nearby university. In doing so, they may access and share sensitive data from different locations and devices, and cloud is an enabler of these more agile operations.
Its adoption is necessary because health can’t stay on the sidelines of digital transformation, and cloud is one of the core components of these advances. Facilitating the transfer of – and access to – medical information among relevant medical and healthcare stakeholders, including government services like Medicare or future digital ID tools, will also all depend on cloud for essential infrastructure.
A double-edged sword
Despite its potential to transform healthcare, cloud usage can also open up new risks. Cyber criminals – whether motivated by geopolitical goals or commercial gain – are targeting the growing number of cloud environments within healthcare, and they need to be secured. Some of the attackers’ techniques are testament to their creativity.
For example, threat actors have started creating fake cloud applications disguised as legitimate tools that allow users to sign up or log in directly by connecting with their Microsoft or Google work accounts. Once those fake apps are connected with Google Drives or Sharepoint accounts, they become a gateway for adversaries to navigate their target’s systems and extract sensitive information, sometimes unchecked for weeks or months.
Many cyber incidents now originate from the cloud – often helped by a degree of human error – either from attackers leveraging a technical vulnerability, compromising a cloud vendor, opportunistically discovered unsecured folders, or managing to steal an employee’s login credentials to a cloud application connected to the organisation’s tech stack.
Data breaches in recent years illustrate the risk that unchecked cloud environments can represent. In 2022, sensitive NDIS health data, including details of diagnoses, treatments, conditions or disabilities were stolen via a cloud system used by the agency. Back in 2021, NSW Health also reported a data breach that included “health-related personal information”, and originated from a cyber attack on a file transfer software used internally.
All the benefits without the nasties
Here are some recommendations for health and medical organisations to avoid such scenarios, and enjoy all the benefits of the cloud without suffering the potential risks:
- Use security technology that checks all downloads from employees and medical staff from the internet – and crucially, include cloud services in these checks – to make sure they don’t contain viruses or other harmful software.
- Warn staff about – and specifically monitor downloads and execution of – certain types of files such as executable files (.exe) or archive files (.zip, .rar …) that are often used to deliver cyber threats.
- Block downloads and uploads from cloud applications and services that employees and medical staff do not need to use. This can help prevent the risk of human error, intentional or accidental.
- Consider solutions that block traffic on the network that looks dodgy. This can help stop attackers from doing more damage once they’ve gotten into the network.
- Consider using remote browser isolation (RBI) tools, which will keep the network and computers protected even if staff visit risky websites.
Tony Burnside is APAC vice president of cybersecurity company Netskope.