Healthcare facilities are prime targets for hackers, given their legacy devices and wealth of
patient data. “With the high cost of each attack, healthcare providers must protect facilities
so they can safely deliver excellent care without interruption,” said Ilan Barda, CEO of Radiflow.
Tel Aviv, Israel, November 29, 2021– Last month saw an alarming rise in cyber-attacks
against healthcare facilities. Ransomware attacks across the globe locked 68 care providers
out of their respective networks during Q3 of this year alone, threatening patient safety and
privacy. Experts fear that patients will suddenly be unable to receive critical care at a
targeted facility without a holistic whole-facility cybersecurity approach.
Johnson Memorial Health Hospital in Franklin, Indiana, US, and the Hillel Yaffe Medical
Center in Hadera, Israel, are just two examples of the attacked medical facilities. At Johnson
Memorial, the early-October attack locked databases and exposed patient data. Days after
the attack, a ransom amount was strangely not yet requested. In early November, Hillel
Yaffe Medical Center was attacked by an allegedly Iran-backed group, Black Shadow. The
personal data of 290,000 individuals were released, and investigators estimated that it would
take many weeks to recover and understand the full scope of what had been accessed.
As healthcare facilities modernize, their legacy OT equipment becomes vulnerable to
hackers. Water, HVAC, oxygen, electrical, and other critical systems are connected, yet may
fall short of proper cybersecurity monitoring and protection. Compromising any of these
utilities will negatively impact patient care, potentially threatening the lives of those being
treated. “Accessing patient data is worrisome, but the idea of hackers gaining access to
components in a specific ward or even a single operating room is alarming,” said Ilan Barda,
CEO of Radiflow. “CISOs at facilities should focus on both IT systems and OT environments,
starting from risk assessment to threat monitoring. There should be continuous holistic risk
management for more mature organizations that combine both IT and OT systems. With
Radiflow, teams can monitor the full range of a healthcare OT security from one central
location.”
The US Department of Health and Human Services (HHS) had warned about the alarming
trends in 2021, with 68 global attacks on healthcare facilities in Q3 of this year alone.
Companies such as Radiflow, partnering with MSSPs around the globe, have spent over a
decade protecting OT facilities by creating purpose-driven technologies to monitor complex
always-on systems, such as those found throughout hospitals. “CISOs today need to
allocate resources carefully. To optimize their resource allocation, they can use CIARA OT-
BAS tool to monitor for weak points and assess their risk exposure,” said Barda.
Harmonizing risk and consequence strategies across IT and OT environments for greater cyber resilience
Strengthening OT Resilience: Protecting Critical Systems in a Rapidly Evolving Threat Environment
Quarterly ICS Security Report 2024 Q3