By: Moshe Ben Simon
Hospitals these days seem to have more cyber viruses than actual viruses. In fact, the University of California’s cyber team found that up to a thousand patients per month are victims to unfavorable events from compromised healthcare devices. These events include WannaCry ransomware, malware, compromised electronic healthcare records and attacks on facility systems.
Hospitals in Trouble
This is a really scary reality, people think of hospitals as a safe haven when they have health problems. The last thing they should have in mind is the fact that their next hospital visit will expose them to risk due to the vulnerabilities in today’s medical devices. In fact, a single WannaCry cyber-attack, recently shut down sixteen hospitals simultaneously in the UK. Patients were rejected and had nowhere to go. It was an absolute disaster.
To add salt to the wounds, since there were so many data breaches in hospitals over the last three years, the price of personally identifiable information (PII records) has been rapidly decreasing. This means that there is an abundance of patients’ personal information in the wrong hands.
Counter-Intelligence on Hackers Using Deception Technology
Our team at TrapX Security are on a mission to put an end to these cyber-attacks. We decided to go the extra mile to protect hospitals. In order to do that, we had to think out of the box and do something that no other cyber security company has ever done before.
We created an entire [fake] hospital network and lured attackers into it by “selling” them several stolen VPN accounts to access to the fake hospital network. Our team immediately gained good traction from the threat actors that focused on the healthcare industry. We released a fully-detailed report on this called Medjack.4. One highlight of this report is that hackers immediately injected WannaCry Malware into the fake hospital’s network with the intention to take over the (IoT) medical devices.
What is WannaCry Malware and How Does it Harm Medical Devices?
WannaCry malware is a type of ransomware that encrypts data and demands ransom payments in cryptocurrency.
Medical devices and their application server platform are often running an outdated Operating System. This leaves them vulnerable to every standard spreadable malware. Once the malware hits the network, it creates significant damage. Just a single medical device infected with WannaCry can spread across the entire network and can damage hundreds of medical devices in less than an hour – as you can see in the above image.
The WannaCry malware is proof that it’s not complicated to shut down a hospital quickly. The most famous WannaCry case was the aforementioned cyberattack in the UK that shut down sixteen hospitals. Most of the IT & medical systems in those hospitals were compromised and thousands of appointments and surgeries were cancelled. Additionally, multiple patients had to travel very far to accident and emergency departments.
Our team at TrapX keeps seeing the WannaCry malware on a daily basis as it spreads across healthcare, manufacturing and even CORP networks that are supposed to be completely clean.
Video: Detecting and Containing a WannaCry Attack
WannaCry may be a powerful threat, but for Deception Technology, a spreadable malware, no matter how sophisticated or how smart it may be, can easily be detected.
In the short video demo, you will see:
1.How the malware tries to spread across the network,
2.How it will engage with a Trap/decoy,
3.An alert will be instantly sent out to the security team,
4.After several seconds, TrapX will mitigate the threat by isolating the infected machine from the network.
Deception Technology is based on simple logic, nothing should touch a fake asset. If something touches a fake asset it is definitely an attacker or malware that doesn’t belong in your network.
This is how the DeceptionGrid has now become a powerful solution for early breach detection and network visibility.