Cybersecurity in the Laboratory: How Far We’ve Come, Where We Still Have To Go

By Jordan Rosenfeld - September 10, 2024

19-240531-JP_CV_online

One of the perils of the digital age, in which hospitals and laboratories rely on digital technologies and network connectivity, is that they are increasingly the target of ransomware attacks by cybercriminals.  

Hospitals and laboratories are big targets because they hold confidential patient data and are frequently vulnerable in their cybersecurity protections. Other healthcare adjacent companies are also becoming targets—such as a recent high-profile breach at Change Healthcare, a subsidiary of insurer UnitedHealthCare.1 

Critical Values spoke to experts Toby Cornish MD, PhD, Professor of Pathology and Director of Pathology Informatics at the Medical College of Wisconsin, and Pathology & Laboratory Medicine Informatics Officer at Froedtert Hospital in Wisconsin, and J. Mark Tuthill, MD, Division Head of Pathology Informatics at Henry Ford Health System in Michigan. They explain how far cybersecurity in the laboratory has come in the two years since we last reported on this issue, and where we still need to go to help laboratories and hospitals prevent future attacks.  

Hackers are more sophisticated 

One of the biggest changes in ransomware attacks over the past two years is that the hackers’ strategies have grown more sophisticated, and the volume of attacks and attempts has increased, Dr. Tuthill says. 

Additionally, he says it’s no longer just greedy hackers, in essence, but “bad actors on the international level” who threaten not only laboratories and hospitals but banks and water systems. “It’s cyber warfare,” Dr. Tuthill explains. 

These hackers have gotten very good at identifying what Dr. Cornish calls “soft targets”—organizations that are not as well equipped to prevent attacks. Many hospitals and laboratories fall into this category because they still haven’t made the level of cybersecurity improvements necessary to defend themselves. “A lot of organizations haven’t gotten the memo that they are vulnerable,” Dr. Cornish says. 

From ransoms to blackmail 

As if the increase in attacks isn’t alarming enough, Dr. Cornish says they’re evolving beyond straightforward ransoms, as well. 

“In the past, they were still mostly locking and holding data and you’d pay your ransom to get your data back. Now they’re exfiltrating data and then blackmailing,” he says. So, the ransom is to prevent the selling or release of the data to the dark web, and yet in some cases, even after the ransom has been paid, the data still gets released where it should not. 

“Hacking has gone from a cute adolescent playground of people screwing up your computer to an approach that is highly organized, highly sophisticated, and makes money. This changes the whole game,” Dr. Tuthill adds. 

Hackers have improved infiltration techniques

There are also concerning evolutions in the sophistication of how hackers infiltrate systems, Dr. Cornish says.  

Hackers have been relying for years on “social engineering,” in essence, manipulating people inside of an organization to effectively do the bidding of a malicious actor. In the 1980s, social engineering typically occurred over the phone, but today’s electronic communications have multiplied the number of avenues of attack.  A main hacking practice is to send malicious files via “phishing”—emails that fool you into thinking they’re from a trusted institution or business you frequently use, such as retailers, or even your own bank, asking for your username and password.  

The Trojan Horse approach 

More alarming, the hackers are playing the long game through a virtual Trojan Horse approach, Dr. Tuthill explains. “Malware can sit there and silently grow across your network and become activated at some later period of time or by a remote trigger.” 

This sort of malware can come in via phishing or can even hunker in websites or files that the user isn’t aware of. “They can literally hide out as packets of information in emails, in attachments to emails, and in executable files on emails,” Dr. Tuthill says. 

There’s also something known as “typo squatting,”2 or “URL hijacking,” Dr. Cornish says, where hackers take advantage of people’s propensity to mistype a web address. Cybercriminals hijack these incorrect links to take the user to an alternative website that may have nefarious purposes.  

Infiltrating open source software 

Lastly, since much software development relies heavily on being open source—that is, freely available and easy to modify—Dr. Cornish says, “These malicious actors have been trying to infiltrate various projects and slip back doors and other types of malicious exploits into these open source repositories, which then are used by companies or software products.”  

While laboratories have little ability to control what software vendors do, Dr. Cornish says it’s important to utilize vendors that have strong security protocols in their software development process.  

Changing the way you back up data  

The virulence of these hacking approaches necessitates a change in how laboratories and hospitals should back up their data, as well, Dr. Cornish warns.  

In the past, if you got attacked, you could reinstall data from backup. “That really isn't true anymore because these cyber criminals will infiltrate systems and then remain dormant for months and they will actually sabotage all your backups,” Dr. Cornish says. 

Dr. Cornish suggests laboratories also need to exercise their back-ups; that is, to practice restoring data from them to make sure they work. 

This requires a backup process that is not directly connected with the network that is potentially going to be attacked, all of which requires a multi-layered process that adds steps for the user. 

And of course, hackers can still get into networks the old-fashioned way, by plugging in an outside device, thumb drive or external drive to a physical jack or wireless network in a laboratory or hospital, Dr. Cornish warns, so these should be strongly protected. 

Build in layers of security 

A robust education of all staff in cyber security and “data hygiene” practices is another important step in the protection process, Dr. Tuthill explains. This includes things like changing your passwords frequently, having a time-based window in which to input a password, adding in dual authentication processes, and other habits. 

Unfortunately, “Humans are the biggest vulnerability,” Dr. Cornish says. Preventing these kinds of attacks means tightening everything up. “When you tighten down networks… when you make things more secure, you make things less convenient.”  

If your laboratory doesn’t have solid security practices, Dr. Cornish warns, “You might as well close down your lab, because someone else will do it for you eventually.” 

Refercences 

 

 

 

 

 

Jordan Rosenfeld

Contributing Writer