Cybersecurity Recommendations for Healthcare

19 October 2021 - by Obrela SOC

Basic recommendations to defend against ransomware


A ransomware attack can be cause any organisation to feel powerless. In the case of Healthcare, a successful cybercrime operation can result not only in thousands or millions of pounds in ransom demands but also the loss of human lives. All public and private healthcare organisations, from research labs to small clinics to large hospitals, are lucrative targets for cybercriminals. The value of human life over systems and money paid in ransom puts upper management and technical administration teams under pressure to ensure necessary controls and technologies exist and are being implemented correctly. While there can be no guarantee of ‘absolute security’, nonetheless there are several things to keep in mind to minimise the impact of an incident, should it occur.


  1. Conduct comprehensive and rigorous end-user awareness training on phishing and social engineering techniques. Not every member of the organisation will have the technical background to understand the implications of a malicious email, but everybody should understand that they are sharing a common cyber risk.
  2. Maintain regular backups of your files and configurations from a verified ‘safe’ state and ensure the backups are stored offline. It is crucial to ensure the integrity of these backups otherwise the threat will not be properly eradicated.
  3. Leverage centralised log systems, such as a Security Information and Event Management (SIEM) system, to increase log retention and availability during an incident analysis.
  4. Identify assets that store sensitive organisational and patient data and implement strong access controls along with proper network segmentation. The latter proves to be a challenge as the introduction of IoT medical devices forces network administrators to reconfigure firewalls and zones with strict policies, thus limiting their interconnecting functionality.
  5. Implement strict identity policies regarding internet facing and remote services by using multi-factor authentication (MFA) for all remote access that’s internet accessible


Best practice guide for Healthcare C-Level & Middle Management


Cybersecurity should start being regarded as a shared responsibility between all individuals of the organisation, regardless of roles, responsibilities or technical background. It is important that middle management communicates to upper management the risks of handling sensitive patient data or adopting new IoT devices, to address the risk factors and propose mitigation strategies. At the same time, C-level management should aim for a concrete cybersecurity plan inside the organisation with emphasis not only on prevention but also response:

  1. Implement an incident report process with a transparent policy. It is important to engage all individuals to share responsibility of keeping the organisation safe without fear of repercussions. An effective process can lead to fast incident detection and analysis without spreading to the entire facility networks.
  2. Develop a thorough Incident Response plan with well-defined roles and responsibilities giving emphasis on the interoperability of departments to effectively contain and recover from an incident. Based on the impact analysis of critical medical devices and patient storage databases, prioritise the restoration of your assets in case of a ransomware attack.
  3. It is important to understand threat actors are likely to pose a threat to healthcare organisations by reviewing or conducting cyber threat intelligence. Equally important is the establishment of information sharing channels between other stakeholders of healthcare by sharing Indicators of Compromise (IoCs) of cyber attacks faced. It is very likely that these will help others strengthen their cyber security posture to effectively defend against the same threat.
  4. Regularly publish internal communications to educate employees on ransomware and security awareness and remind them the incident report process.


Obrela’s Digital Universe Study: Europe sees 67% increase in brand attacks

21 April 2021 - by George Papamargaritis

Every quarter Obrela Security Industries releases its Digital Universe Study, which is a round up of the attacks targeting our customers from the last three months.

The study runs a comparison from the same quarter of the previous year to understand how attacker techniques are changing, which industries and continents are facing the most attacks and what within the IT infrastructure is being attacked most frequently.



Some of the key findings from the latest study highlight:

  • In the first quarter of 2021, Obrela’s data shows there was a 67% increase in attacks targeting organisation’s brands in Western Europe.
  • Security attacks on cloud infrastructure within oil and gas organisations increased by over 24%.
  • There was a 19% increase in attacks targeting endpoints and users within the banking and finance industry.
  • There was a 76% increase in attacks targeting healthcare organisations.
  • IoT attacks in healthcare saw an increase of 57%.
  • Attacks on brand saw the biggest increase overall, with construction and food and beverage seeing a 100% increase in attacks compared to Q1 2020.
  • Western Europe saw a 67% increase in brand attacks.
  • Users in Western Europe were the most heavily targeted, with a 39% increase in attacks.


Putting the numbers into perspective

In the last year, the world has found itself in an unfamiliar situation, where almost every person on the planet has had to adapt their lifestyle because of the pandemic. The same goes for cybercriminals.

Our data shows that cybercriminals have adapted their attack techniques to suit the changing global environment. This can be seen in the increase in attacks targeting users and endpoints.

The healthcare industry has also come under significant pressure, particularly as vaccine programs get underway. The COVID vaccine is one of the hottest commodities on the planet, and the increase in attacks targeting the industry highlights that cybercriminals are doing all they can to get their hands on it.

One of the data points that stands out most is the increase in attacks on brands. Recent data has shown just how negatively brand damage can impact a company’s reputation, so it is not surprising cybercriminals are upping their efforts to hurt businesses at their very core. These attacks can take a variety of forms; many involve using social media as a platform to spread fake news or using c-level executive social platforms to send out phishing links.

Overall, our data shows that even despite the hardship of the last year, attackers are more determined than ever and show no signs of slowing down. Therefore, the best defence is a platform or service which can secure an organisation’s digital universe – regardless of where attacks are coming from or what area of a company’s online infrastructure they are targeting. This will alleviate pressure from internal IT teams and minimise organisations becoming overwhelmed from trying to manage too many products and pieces of technology, which could inadvertently put them at risk.


The full Obrela report is available on Professional Security.