The cyberattack on the All India Institute of Medical Sciences shows that threat actors are increasingly looking to disrupt mission-critical operations. Attacks on the healthcare industry continue to rise globally, and cyber criminals know that business availability is the Achilles’ heel of healthcare organisations and hitting these systems is likely to yield the greatest impact.
Whilst it’s unconfirmed that cyber-physical systems were hit in this attack, threat actors know these systems play a huge role in business availability. The convergence of IT and OT (operational technology) systems, as well as the connection of Internet of Things (IoT) devices and Internet of Medical Things (IoMT) devices has exposed organisations to new cyber threats, which could then impact patient care.
Organisations need to be able to protect their business availability by closing all security gaps within their cyber-physical systems. They need implement patching procedures for OT systems, IoT and IoMT devices, and introduce network segmentation with asset class network policies to mitigate the impact of malware.