The IT Security, and Healthcare sectors are all abuzz over the recent MedStar attack, especially in light of the earlier attacks on two other medical facilities in California and Kentucky, additionally the US Government Accountability Office (GAO) recently released a report on over 300 security incidents faced by the Healthcare.gov portal. But what do these attacks highlight? One’s immediate reaction might be simply “better security,” and most people think of access controls when they think of IT security, that confidentiality element of the security triad, but there is more to it than that.
Technical security controls definitely need to be in place, but so do operational activities such as system backups and the procedures for restoring a system with as little downtime as possible. Organizations should regularly test the backup and recovery systems and procedures by conducting contingency exercises that actually require personnel to follow the procedures. Such exercises identify areas of improvement as well as capturing technology changes that will always slip through the cracks no matter how good your configuration control policies and procedures are. Possessing such a capability can mean the difference between being at the mercy of your attacker(s) and having the capability to quickly restore operations with minimal disruption.
Coming back to the topic of technical security controls, there is a tremendous emphasis on boundary controls to protect organizational systems from outside attack, but there is often very little importance placed on internal network controls, controls that segment and control internal network communication. The current “Internet of Things” (IoT) era in which we live, requires a close look at how we design and implement enterprise network architectures. Controls need to be in place to limit which devices can directly communicate with each other and through which protocols that communication can take place. Those controls can be far more manageable and sustainable when the underlying network architecture supports it.
Effective network segmentation and isolation can provide an organization the ability to disconnect a breached segment without having to shut down all network resources during the restoration. MedStar was thankfully able to quickly react to contain the threat, at least it appears that way based on available information. Hopefully they will be able to recover quickly as well.
Here are some relevant posts that help organizations create a more robust cybersecurity framework.