Cyber Attacks on Hospitals – Time to Take This Seriously

We talk with Sasa Software’s Oren Dvoskin about why 2017 will be, reluctantly, their best year.

The image of Oren Dvoskin, Commercial Manager of the Americas at Sasa Software, sitting in his nondescript office, black t-shirt and headphones, looks Californian, as he spells out the pessimism of his profession.

“There are two types of hospitals” – he says; “those that have been hacked and know it; and those that have been hacked, but don’t know it.”

Oren’s office is nowhere near Orange County. It is on the border of Israel and Lebanon. If anyone knows about security, it is he. As he continues… “Israel is under unique constraints. We live in a tough neighbourhood, with State and non-State hackers ceaselessly attempting to undermine our infrastructures, in addition to increasing rates of Cyber Crime attacks. We don’t compromise on security, but as everyone, want to live normal lives, and can’t have business interrupted.”As Sasa Software prepare to face its growing and exponential market at HIMSS 2017 – it surely does not get any more black than this.

Cyber hacking, data breaches and ransomware, is growing to the point where it cannot be ignored and assumed it is for someone else. But its growth is not the most alarming feature. It is that, for hospitals, any cyber-attack would have to be pre-meditated and unique and specifically tailored to find the weak spot, the easiest point of entry, into that particular hospital.

What is worse is – because health records (which are the prime target) are deeply personal and full of personal ID info – any attack is inevitably immediately visible and damaging. Unlike say a Bank etc, a Hospital must report breaches to the authorities, they cannot pretend it has not happened and just pay the money.

This is no simple phishing attack.

What that means is, and why Sasa Software believe that this 2017 will be our most “challenging”, i.e. most concerted and worrying year – is that hospitals are still not waking up to this important threat, despite the evidence that 75% have suffered some sort of hacking incident – and that is just those that are publicly noted.

The answer, according to Oren – is to have a mix of baseline protection, the sort that all of us have on our PCs and office servers and Cloud access. This stops the initial and simplest attacks. But to combat the precise and targeted attack mentioned above, Sasa takes the view that every incoming email, data request, every file transfer – is a threat of some sort. Their Gate Scanner range of solutions is designed to neutralize any incoming file, malware or suspicious entry, at source – an approach known as deep content disarm and reconstruction.

But it is also a realization that files we take for granted – the DICOM images, the voice recording – that we regularly append to our EHR records, are the new source of threat. Viewing images online across the globe, that holy grail of Clinical Consultant interoperability – may be the one area that is the Achilles heel for the modern Hospital. Attackers try to enter through the organization’s trusted and legitimate content channels. Their Gate Scanner DICOM Protector is designed to prevent these targeted attacks.

If there is a light at the end of the tunnel, it is not in the fingers crossed hope that that things can get better. It is the realization that you can do something about it. Oren is a philosopher with a positive view of human nature, despite the nature of his profession and the market he develops, “In this world of zero trust, we believe healthcare information can be protected with innovative technologies”.

The cost of your sorting out a healthcare data breach is alarming, at $401 per patient record, over 50% more than a breached financial record. A risk healthcare organizations just can’t continue to ignore. Sasa Software will be addressing both the Pharma and Clinical markets at HIMSS. Worth having a serious chat.