Something alarming occurred in March when the federal government shut down USAID programs and laid off thousands of workers. Even weeks after losing their jobs, some employees found they could still access government devices, systems, and data. Leaders failed to collect equipment and implement proper offboarding, leaving digital backdoors wide open.
Now, as federal health decision-makers plan to cut 10,000 jobs at agencies including the National Institutes of Health (NIH), we can’t afford to repeat these same device mistakes. Leaving the personnel and human side of this discussion to one side, sensitive patient data and medical records would be under huge threat if these same sloppy practices were applied in health. This is particularly important with ransomware attacks up 150% year-over-year and much-needed modernization efforts under threat in the sector’s shake-up.
Let’s take a closer look at health’s endpoint holes, how federal cuts ultimately help ransomware hackers, and what ecosystem defenders can do to step up and fight back.
The cybersecurity state of play
Even before the new federal administration took office, the Department of Health and Human Services had faced sustained cybersecurity threats against critical public health infrastructure. Last February, Change Healthcare fell victim to a ransomware attack resulting in data theft and estimated losses of $870 million. Attackers succeeded through basic endpoint security failures – cracking a single password on a remote account without multi-factor authentication. Not only was a breach like this preventable but it affected various administrative processes and even forced the cancellation of some urgent care surgeries.
Health knows it has a security problem and is – or, at least, has been – trying to fill the void. The Administration for Strategic Preparedness and Response (ASPR) leads collaborative efforts aimed at strengthening the security and resilience of the sector. Further, the Health Resources and Services Administration proposes a technology modernization program to upgrade 1,200 of the 1,400 community health centers nationwide. But cuts actively undermine these efforts.
ASPR is now being demoted from an independent agency to a subdivision of the Centers for Disease Control and Prevention, which confuses the chain of command and impacts responsiveness during critical incidents. Meanwhile, the modernization program was set to launch in May after years of development. But those plans are in limbo after dozens of employees overseeing the upgrade were laid off.
Add to this the broader cuts – including the NIH terminating over 2,000 research grants totaling more than $10 billion – and it’s clear that any and all tough decisions are on the table. The sector was already struggling to close endpoint holes and stalled initiatives, combined with widespread uncertainty, only exacerbate the conditions that ransomware attackers love to exploit.
Ransomware as a result
There’s no doubt hackers are making the most of the moment. They know downtime in health can literally be a matter of life and death, making organizations more likely to pay ransoms. By April, the healthcare sector reported more than 200 confirmed data breaches compromising the personal information of 20 million people.
Ultimately, many of these successful breaches are down to how public and private health bodies handle their connected devices. Endpoints are often shared across users and shifts, making credential management difficult and social engineering possible. Many medical devices also run on legacy operating systems that can’t be easily updated, and newer devices have even been found with unintended manufacturer backdoors.
The risks multiply when organizations fail to properly manage device lifecycles. Public health is chaotic right now and anyone laid off – rightly or wrongly – shouldn’t retain access to sensitive records. This makes it even more essential to get device oversight right and avoid the offboarding and credential management mess we’ve seen over at USAID.
Taken together, between more active ransomware hackers and federal cuts that eliminate critical staff and cybersecurity programs, healthcare faces a perfect storm of increasing threats and decreasing defenses. Admins need to respond in kind.
Closing endpoint backdoors and stopping health hackers
The good news is that health across the board can redouble its device efforts and close endpoint holes with best practices.
Start with automated software updates because about one-third of ransomware attacks begin with a known yet unpatched vulnerability. This is possible with a unified endpoint management platform that also enforces a strong password policy and enables continuous monitoring. If devices are operating outside of regular parameters or accessing blacklisted websites or apps, admins can receive instant alerts. Likewise, they can see signs of degradation or failure before devices crash, unlocking predictive maintenance and preventing the unexpected downtime that puts patient care at risk.
This kind of unifying solution also helps whenever there are personnel changes. A tactile and responsive endpoint system can quickly and securely reset devices at a click. Then, that same device can be reassigned to someone else with the right apps, permissions, and configurations. The result is win-win – the data’s safe and the device’s reusable.
Undoubtedly, this is a stressful time for nearly all stakeholders. But let’s not add salt to the wound of funding cuts and personnel changes by inadvertently inviting even more ransomware. Automated patching, continuous monitoring, and predictive maintenance offer a path forward for better endpoint outcomes. Our patients deserve the highest quality of care without worrying about service delivery or the safety of their information.
Picture: Just_Super, Getty Images
Apu Pavithran is the founder and CEO of Hexnode, the award-winning Unified Endpoint Management (UEM) platform developed by Mitsogo Inc. Hexnode helps businesses manage mobile, desktop and workplace devices from a single place.
This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.
