The theft of 70TB of data from Barts Health NHS Trust reported by Tech Monitor earlier this year highlights why it’s imperative for healthcare organizations to prioritise cyber defence protocols such as endpoint isolation security as critical aspects of their cybersecurity program. For example, a single vulnerable endpoint can provide threat actors with access to orchestrate a cyberattack, especially with the rise of remote work, BYOD (bring your own devices) policies, and the increasing number of connected devices in healthcare IT networks.
Endpoints encompass a wide range of devices, including laptops, mobile devices, medical equipment, printers, servers, and smart gadgets, among others, that are connected to an organization’s IT network. With potentially thousands of endpoints managed either internally or by third-party vendors, healthcare organizations must remain vigilant in securing their endpoints.
BlackCat’s History of Stealing Sensitive Data from Healthcare Providers
According to The Register, the ransomware gang responsible for the attack on Barts Health NHS Trust, known as the BlackCat crew or AlphaV, leaked some personally identifiable information belonging to NHS workers on their website as evidence of the intrusion and exfiltration. This includes financial details, CVs, and copies of passports and driving licenses. It remains unclear whether any patient or medical data has been compromised. Barts, one of many NHS trusts in the UK, manages five hospitals in London and serves approximately 2.5 million people. Ominously for healthcare providers the BlackCat crew has a history of targeting major hospital groups to obtain sensitive data.
With the rise of advanced threat actors and the persistent threat of ransomware attacks in the healthcare industry, it is imperative for healthcare organizations to grasp and adopt robust endpoint isolation security measures. This is crucial to safeguard patient data and effectively manage cyber risks.
Healthcare Sector Faces a Significant Cybersecurity Threat
The outbreak of COVID-19 has compelled numerous employees to work remotely, leading to a surge in the number and types of endpoints being used. Remote work was not a common practice in the healthcare sector, but due to the pandemic, non-essential staff were compelled to work from home whenever feasible. Consequently, healthcare institutions were ill-prepared to tackle the cybersecurity challenges that arose from this sudden and unforeseen shift.
The healthcare sector faces a significant cybersecurity threat due to the rapid transition to remote work, as highlighted by the Cybersecurity and Infrastructure Security Agency (CISA). Insufficient cybersecurity training for remote workers and the prioritization of operational needs have resulted in organizations neglecting cybersecurity measures. Moreover, the utilization of personal devices (BYOD) to enhance workflow and productivity in hospitals has gained popularity in recent years. However, this practice brings forth various security concerns that may result in the unauthorized disclosure of patient data.
Research published in JMIR Mhealth and Uhealth outlined several significant security issues facing the health sector. These included the utilization of devices lacking adequate security measures by hospital personnel, a lack of control or visibility for management to uphold security standards, limited awareness among staff members, absence of clear directives or guidance for BYOD implementation, subpar user experience, adherence to legal obligations, scarcity of cybersecurity expertise, and the risk of device loss.
Safeguarding Health Data With Endpoint Isolation Security Solutions
Endpoint security solutions are not a panacea, but they can assist healthcare organizations in addressing certain security and privacy concerns related to BYOD. The U.S. Department of Health and Human Services (HHS) published guidance that recognizes the value of endpoint security solutions in safeguarding health data. This states that in today’s landscape, cyberattacks frequently target endpoints just as much as networks. By implementing fundamental security measures on these assets, organizations can establish a crucial layer of threat management. The guide emphasizes the need for secure interaction and functionality of these assets, especially as the modern workforce becomes increasingly mobile.
The computing environments we rely on are primarily composed of endpoints that are no longer confined to the organization’s main network. Virtual teams, mobility, and remote access methods are commonly utilized by organizations to carry out work. In some instances, endpoints may rarely connect to the corporate network. Therefore, it is imperative to develop cybersecurity practices that consider these characteristics. Traditional network security measures, such as antivirus software and firewalls, aim to detect and prevent threats before they reach the endpoints connected to an organization’s network. However, these measures have limited visibility and cannot address all the potential threats and vulnerabilities present in end-user devices.
Increasing Use of Endpoint Devices
Endpoint isolation security protection, on the other hand, provides comprehensive visibility into all connected endpoints. Unlike network security tools that focus on stopping specific threats and are deployed across the network, endpoint security tools are specifically installed on the endpoints themselves.
“In the past, network security controls used to dominate organizations’ security budgets. However, with the increasing use of endpoint devices, the boundaries of network perimeters have been greatly diminished,” said Tim Royston-Webb, CEO, SentryBay. “As a result, organizations are now seeking a comprehensive approach to security that covers all entry points to the network. By integrating network and endpoint isolation security, organizations can have a better understanding of the various security threats they face, both in real time and through historical analysis. While network security remains crucial, it is no longer effective to solely rely on physical systems, which are too rigid for today’s dynamic network environment.”
In today’s rapidly evolving digital healthcare landscape, the importance of robust cybersecurity measures cannot be overstated. Developing a security program that prioritizes both individuals and devices can enable organizations to effectively regulate access and manage all endpoints to protect organizations from cyber threats, while ensuring comprehensive coverage of end-users and connected devices.
SentryBay’s Armored Client
“At SentryBay, we are acutely aware of these challenges and have developed our Armored Client solution product specifically to address them,” said Brent Agar, Director of Business Development, SentryBay North America. “What sets Armored Client apart is its ability to provide encrypted keystrokes and protection against illegal screen capture. This ensures that sensitive patient data and healthcare operations remain secure, even in the face of sophisticated cyber threats.”
As healthcare organizations increasingly transition to Microsoft platforms, there’s a growing need for enhanced endpoint protection. SentryBay’s Armored Client for Microsoft offers an additional layer of security, safeguarding employee endpoints against a range of cyber threats. This is crucial for healthcare organizations that are embracing digital transformation and need to ensure the utmost security and privacy of their data.
In conclusion, as healthcare continues to advance technologically, the integration of comprehensive endpoint isolation cybersecurity tools like SentryBay’s Armored Client solution becomes essential. These tools not only protect critical healthcare data but also fortify the trust patients place in healthcare providers.