Are Your Remote Working Tools Leaving You Vulnerable to Hackers?
Ever since the COVID-19 pandemic hit the world in 2020, most organizations had little choice but to embrace remote work as the new normal.
Healthcare practices like yours were faced with the challenge to deliver such essential services with at least a portion of your manpower working remotely. This would have been an impossible feat if it were not for the remote working
tools that added efficiency as well as a layer of security to remote operations.
Unfortunately, just like in every other technological milestone in recent history, malicious actors are out to take advantage of any vulnerability they can find. And because of the spike in remote operations among companies all over the world, they’ve been eyeing the tools commonly used in remote work.
Your practice’s tools may be a huge cybersecurity risk
With the popularity and necessity of remote work, it’s inevitable that organizations like yours are utilizing certain software and applications to minimize the risk of cybersecurity threats against your practice.
Sadly, malicious actors are aware of this trend and are obviously taking advantage of it by targeting remote work tools such as virtual private networks (VPNs), remote desktop applications, and email suites.
It’s ironic, we know. Tools that were built and designed to make your remote work more secure are now being targeted and used against you. But that's just how malicious actors work.
Russian hackers are eyeing publicly known vulnerabilities
In a joint cybersecurity advisory, the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) announced that the Russian Foreign Intelligence Service (SVR) is currently exploiting five publicly known vulnerabilities, namely:
- Fortinet FortiGate VPN
- Synacor Zimbra Collaboration Suite
- Pulse Secure Pulse Connect Secure VPN
- Citrix Application Delivery Controller and Gateway
- VMware Workspace ONE Access
The Russian SVR is found to have been using the said vulnerabilities to “conduct widespread scanning and exploitation against vulnerable systems in an effort to obtain authentication credentials to allow further access.”
One of the unfortunate victims of the Russian SVR’s
efforts is Texas-based tech company SolarWinds, whose list of clients includes:
- 425 of the US Fortune 500
- All 10 of the top US telecom companies
- Key US government bodies: Pentagon, State, Treasury, Commerce, NSA, DOJ, etc.
- Various hospitals, universities, and tech companies
In April 2021, SolarWinds made a routine software update available to its clients, not knowing that the Russian SVR had slipped malicious code into the software system. Up to 18,000 SolarWinds customers installed updates that left them vulnerable to hackers.
What you can do to mitigate them
With the Russian SVR constantly scanning, targeting, and exploiting US critical infrastructure and allied networks, it’s important for all organizations to know what they should do to avoid and mitigate the loss of sensitive information.
This is especially important for healthcare practices like yours because healthcare systems are critical infrastructures, too. You have a critical infrastructure within your organization, and you need to protect it.
The NSA, CISA, and FBI have provided
specific mitigations against each of the identified vulnerabilities, and these can be carried out by highly skilled network defenders and cybersecurity officers.
However, there are also general measures that your practice can implement with the help of a cybersecurity IT expert:
Keep your systems and products up to date.
Unfortunately, it’s not enough to simply update—you need to update as soon as patches are released. Malicious actors tend to look at outdated software for cracks in your network security. Without the latest security patches, they can sneak in between these gaps and infiltrate your network.
Secure privileges and accounts.
If you’ve experienced data theft or data modification, don’t expect an update, a patch, or other reactive actions to fix things. Take a more proactive stance by anticipating breaches and preparing for them. Enforce least-privileged access, regularly change passwords, and implement regular account reviews.
Set up an out-of-band management network.
An out-of-band (OoB) management is a solution that provides a secure alternate route to your IT network using the local network. This alternate path is designed to isolate network administration traffic from normal user traffic. This isolation allows you to troubleshoot a potential threat while preventing compromised user devices or malicious network traffic from impacting operations or the infrastructure.
Only use ports that you need.
Because hackers can exploit them and use them to enter your network, block obsolete or unused ports and protocols at the outermost layer of your network’s security (e.g., firewall, ISP, etc.) and disable them in device configurations.
Implement a demilitarized zone in your network.
A demilitarized zone (DMZ) acts as the network’s exposed point to untrusted networks (i.e., the Internet). Because Internet-facing services such as email, web servers, and DNS servers are most vulnerable to attacks, isolating in a monitored subnetwork such as a DMZ helps protect the rest of the network in the event that they become compromised.
Document every move.
Enable and implement robust logging or documenting of Internet-facing services and authentication functions within your network. Always keep an eye out for any signs of compromise or credential misuse, particularly within cloud environments.
Always be on guard.
Adopt a mindset that a compromise can happen at any time. Prepare for incident response activities to ensure that they are performed properly in the event of an actual breach. When a breach does occur, make sure you communicate about it on out-of-band channels. Also see to it that you uncover a breach’s full scope before remediating it.
Partner with a trusted team of IT pros
Cyber threat mitigation and remediation are both highly technical processes. As much as healthcare practice owners would want to be hands-on in their clinic’s cybersecurity, the safest and most practical way to handle this would be to work closely with IT experts.
ER Tech Pros is a managed IT services provider that offers IT, cloud, compliance, and cybersecurity support specifically to healthcare practices. With a HIPAA-certified team and HIPAA-compliant tools, ER Tech can help your practice avoid, mitigate, and recover from cyber threats.
Search Articles
News & Resources
ER Tech Pros is a managed service provider (MSP) that specializes in catering to the IT needs of healthcare practices in and around the Sacramento area.
We use our cutting-edge technology, extensive experience, and 24/7 support to make sure your IT network is in its most secure and optimal state.
HIPAA- and SOC-compliant, we are healthcare’s trusted IT experts.
We take care of your IT so you can care for your patients.
8795 Folsom Blvd., Suite #205
Sacramento, CA 95826
info@ertech.io
Resources
Search this Site
Get Updates
Enter your email address below to receive healthcare tech tips and resources from ER Tech Pros.
Connect With Us