According to FireEye’s 2019 report, Beyond Compliance: Cyber Threats and Healthcare, the healthcare sector is often a target for bad actors. Unfortunately, the ramifications of a cyber attack on a dental practice can be far reaching—especially if protected patient information is compromised.
Cyber criminals often follow a familiar pattern, and there are steps you can take during the different stages of an attack to protect your practice. Named the “Cyber Kill Chain” by Lockheed Martin, this model outlines seven steps the cyber criminal must take in order to achieve their goal (please note that there are instances where steps are combined or skipped).
In this chart below, I have outlined the various stages in the kill chain and what you can do to mitigate damage to your office.
|
Stage in Kill Chain
|
Actions You Can Take
|
|
Reconnaissance The bad actor will begin by researching and identifying targets. This can be done by scouring social media or obtaining email lists.
|
|
|
Weaponization The bad actor will now gain remote access through an automated tool, known as a weaponizer. Even seemingly innocuous file types, such as PDFs or Microsoft Office documents can be used as a vehicle for the weaponized deliverable.
|
Adversary creates weapon - no action can be taken
|
|
Delivery The weapon is transmitted to the target’s environment via email, websites or USB.
|
- Enable anti-virus tools
- Filter emails and web access
- Educate your team
- Conduct phishing exercises
- Limit USB devices
- Block auto-Run
|
|
Exploitation Once the weapon is deployed, the code is executed on the victim’s system and the target is most often an operating system or application vulnerability.
|
- Keep up to date on patches
- Scan for vulnerabilities
- Protect websites with web application firewalls
|
|
Installation The malware is installed in the system, allowing the bad actor remote access to the environment.
|
- Enable anti-virus tools
- Control “admin” rights
- Implement multi-factor controls
- Whitelist tools for software
|
|
Command and Control During this stage, the bad actor establishes a command channel to manipulate the victim remotely.
|
- Implement firewalls
- Enable intrusion protection systems
- Utilize proxy filters
|
|
Actions on Objectives At this stage, the bad actor can achieve their objectives, which most often includes data exfiltration for the purposes of encrypting and extracting data.
|
- Secure backups
- Implement your disaster recovery plan
- Consult with your cyber insurance provider
- Forensic IR retainer
|
During a recent expert panel on best practices for protecting your practice, I went into more detail on the anatomy of a cyber-attack and what you can do to protect your practice. You can view the video below.
Anatomy of a Cyber Attack—and How You Can Protect Your Practice from Carestream Dental on Vimeo.