Practicing Good CyberSecurity Hygiene

Bots & Healthcare Best Practice for Bot Protection

“Just as health care professionals must wash their hands before caring for patients, health care organizations must practice good cyber hygiene in today’s digital world by including cybersecurity as an everyday, universal precaution. Like hand washing, cyber awareness does not have to be complicated or expensive.”

So says The US Department of Health and Human Services (HHS) which has recently published a report specifically addressing cybersecurity for smaller health companies, that may not have dedicated resources to deal with these new threats. Often, these smaller companies rely on 3rd party cloud-based services.

How can smaller healthcare companies ensure they apply the same quality of care and outcome-driven approach, within their own practice, to cybersecurity?

The report identifies the following five major threats:

  1. E-mail phishing attacks
  2. Ransomware attacks
  3. Loss or theft of equipment or data
  4. Insider, accidental or intentional data loss
  5. Attacks against connected medical devices that may affect patient safety

These threats are all very different but have the same root cause. Access to the trusted domain is compromised allowing these attacks to happen. The cybercriminals are unlikely to be local to you, they often operate from countries and regimes which have lax attitudes to cybercrime. What’s vital to understand is how they target you in the first place, and which tools they use to gain access to your trusted domain.

THE BOT RECONNAISSANCE PARTY How Cybercriminals target your website

The tool of choice for the cybercriminal is an automated bot army that crawls the internet looking for vulnerabilities on your website. Healthcare websites need to be open for public access. The cybercriminals operate as a military reconnaissance party, trying to insert themselves behind your lines of defense in order to launch a coordinated attack, once all the vulnerabilities have been accessed. If they don’t find the vulnerabilities, they are unlikely to launch the attack and will move onto a more promising target.

How do the Cybercriminal bots work?

Just like a virus entering the body, these bad bots are looking for vulnerabilities to exploit and will perform a scan across your website and infrastructure to find them. Often cybercriminals spoof legitimate bots to gain access. These crawler bots don’t appear to be harmful as they work in a very similar way to Googlebot and simply crawl each page. However, for cybercriminals this early reconnaissance work is far from innocent.

Looking back on our list of the top five threats, you can see how early prevention of bad bots is a vital first stage of protection - just like washing our hands.

THE ATTACK AREAS The top five major threats

1. Email Phishing Attacks

The reconnaissance bots will first detect any email addresses which are contained in the web site copy. These bots can then examine your email records and determine the email format your organization uses. For example, it could be first name, last name, followed by the domain. These bots can then gather the names of the employees from the about us pages, and automatically compile an email directory of company employees. Many third-party services can be used to bulk check email validation before they are sent to ensure they are valid. This allows Cybercriminals to launch a phishing attack which is much more likely to be successful, and this process can be completely automated.

2. Ransomware

These types of attacks rely on someone downloading a virus onto their PC which in turn compromises the machine. The chances are very high that the initial attack will come in via email or as a result of the phishing attack, which has provided the attacker with login credentials. This type of malicious software is designed to block access to a computer system until a sum of money is paid.

3. Loss or theft of equipment or data

Once passwords have been compromised data theft is a real possibility. Many healthcare companies have rigorous security policies in place to protect laptops and other portable devices from theft. However, the remote threat from cybercriminals who are actively looking to exploit your data rather than sell your hardware for cash is more real.

4. Data Loss - accidental or intentional

Most smaller healthcare companies use cloud-based services which have remote back-up systems to protect from accidental, or in most cases, even intentional deletion. If the cybercriminals are able to access patient records or other sensitive data, then they know that your practice has a significant legal compliance problem, which they can then attempt to leverage.

5. Attacks against connected medical devices that may affect patient safety

Multiple security breaches would have needed to occur for a medical device to be hacked, but again the initial point of entry will most likely be from the Internet. As medical practitioners roll-out more home and monitoring services, and use more connected devices, the threat to these devices from cybercriminals becomes more real.

Why VerifiedVisitors?

Very simply, we provide you with a dedicated subscription service that only allows the bot visitors you want onto your web site, so you can deal with the others. Once you have locked down your website to prevent these unauthorized bot visitors, they won’t be able to report any vulnerabilities back to the cybercriminals. While our service can’t protect you from every single attack, it is a cost-effective and vital first layer of protection. Just like washing your hands, our service is an easy and inexpensive first layer of barrier protection.

Our Portal Dashboard

Once VerifiedVisitors is active, our dashboard allows you to easily see all the legitimate activity of the bot visitors. After activating your VerifiedWatchList we can go ahead and block any unwanted and fake bots with confidence. We then do all the heavy lifting to ensure your bot visitors are constantly verified and your firewall is up-to-date.