At a time when cybercriminals are targeting healthcare organizations and cyberattacks are increasing, it may be time to rethink exactly how remote access is achieved securely.
Remote access has become a common part of any healthcare organization’s operations – whether it’s used to connect a technician to a medical device or terminal in a patient room, provide support to a nurse at their nursing station, or gain access to a remote or mobile clinic, it has become a necessity.
But, one of the greatest challenges is finding a secure way to provide remote access at a time when the Healthcare industry has seen a 121% increase in malware-based attacks, and 67% of healthcare organizations have experienced significant security incidents in the past twelve months, according to a recent HIMSS survey. Within the HIMSS data we find that, while phishing remains the king of initial attack vectors, 10% of attacks involved some form of remote access as the initial attack vector. Additionally, the most significant security incident was a ransomware attack (which represented 17% of all incidents) and, according to the most recent data, the compromise of remote access is used in approximately 30% of ransomware attacks as the initial attack vector.
So, while your organization should definitely not take its proverbial eye off the phishing ball (as it were), it’s important to recognize the significance of the threat surface that remote access makes up in healthcare organizations today.
Because remote access has become a necessity, it’s imperative that it be looked at through the lens of cybersecurity (in addition to the lens of productivity, that results in using remote access in the first place). In doing so, it becomes evident that the challenge with existing remote access methods that leave the organization vulnerable is two-fold:
- Internal Remote Access is Externally Accessible – this is a huge faux pas, as organizations leaving RDP and other remote access solutions open to the Internet (even if you modify the port being used) are simply providing threat actors with the front door to access their network via a brute force password attack. Today, cybercriminal gangs are looking at dark web “access brokers” to provide easy initial access through the purchase of obtained or derived credentials, leaving that “front door” wide open to attack.
- Internal Remote Access Uses the Cloud – most solutions written today are built around the “cloud-first” mentality of customers who are digitally transforming their business, even today. The problem with using the cloud for internal remote access sessions is that the remote session traffic – despite being encrypted – leaves the organization potentially exposed to Man-in-the-Middle attacks.
So, what should a remote access solution look like through the lens of cybersecurity?
What Does Your “New” Remote Access Solution Look Like?
There’s an assumption here that should be stated that your remote access solution meets your operational and productivity needs; the issue at hand is how it should look from a cybersecurity perspective. Let’s look at a few requirements you should be assessing your current solution(s) with and considering for any in the future.
Layered Security for External Remote Access
The problem with the widespread RDP-types of access being used by threat actors is mostly founded in the lack of leveraging several layers of security around the remote access itself. Looking beyond the most basic credential requirement, there are a few more factors that should be included:
- Multi-factor authentication – Use of additional authentication factors (SMS to a mobile device, smart cards, etc.) knocks out nearly every cybercriminal. Some remote access solutions provide this themselves, while others integrate with third-party solutions.
- Single Sign-On (SSO) – Integration with an SSO solution helps to limit access to your remote access solution without first being authenticated.
- Application Firewall – Any external access is likely going to be mostly the same user accessing the same remote system. This means you can create firewall rules that limit which external IP addresses can access a given internal system.
Internal-Only Remote Access
While I’m a big fan of leveraging the cloud, in some verticals (Healthcare, in particular) where data regulations reign supreme and fines are significant, it becomes imperative that, should your user and desired desktop both reside within the corporate network, your remote access solution needs to directly connect without the use of a cloud-based proxy service. The proxy service is what facilitates remote access connectivity without needing to open the firewall, as most run over TCP port 443. But the use of the proxy is what sends your remote session traffic outside the corporate network – and, from the cybersecurity perspective, this only reduces the strength of your security stance.
Instead, utilize a remote access solution that provides the ability to skip the proxy and just connect to the remote host within the corporate network. In some solutions, the direct connection between two devices must be specifically defined, but in other solutions, it’s based on intelligent detection of the connection request details and leaves any sort of cloud proxy out of the equation whenever deemed unnecessary. Either method is better than the alternative of using a cloud-based proxy every time, but having the auto-detection provides better security than a static definition.
By using direct connection functionality in your remote access solution, not only do you minimize your organization’s threat surface (because there is no longer any internal remote access traffic travelling up to the cloud and back), but you also improve the speed of the connection and the underlying service delivery of the work being accomplished across that connection.
Keeping Healthcare Remote Access Secure
As cybercriminals continue to look for ways to take advantage of any externally accessible service, connection, or session, it’s time for healthcare organizations to no longer see remote access through purely a productivity lens. By considering how remote access puts the organization at risk and looking for alternative ways to achieve the same end result but with security actually strengthened, you will reduce the accessible threat surface, and potentially completely remove remote access from the initial attack vector equation.