Remote Desktop Protocol (RDP) allows healthcare professionals to access their work systems remotely, enabling telemedicine, remote patient monitoring, and efficient data management. This remote access capability has been particularly valuable in times of increased remote work and telehealth services.
However, the convenience of RDP comes with significant cybersecurity risks. If left unprotected, RDP ports can become gateways for cybercriminals to infiltrate a healthcare organization's network. Once inside, they can deploy ransomware, malicious software that encrypts data and demands a ransom for its release. With its wealth of sensitive patient data, the healthcare sector has become an attractive target for such attacks.
One recent example is the BianLian ransomware group, which has shifted its focus to extortion-only attacks, posing a significant threat to unsecured RDPs. This case underscores the importance of robust cybersecurity measures and adherence to the Health Insurance Portability and Accountability Act (HIPAA) guidelines, which mandate the protection of patient data.
Related: HIPAA Compliant Email: The Definitive Guide
Remote Desktop Protocols (RDPs) in healthcare
Remote Desktop Protocol (RDP) is a proprietary technology developed by Microsoft. It allows a user to connect to another computer over a network connection in a different location. Essentially, RDP provides a graphical interface for the user to interact with a remote computer as if they were sitting right in front of it.
In the healthcare sector, RDPs have become instrumental in facilitating remote work and telemedicine. Healthcare professionals can access electronic health records (EHRs), radiology images, laboratory results, and other critical patient data from anywhere, at any time. This remote access capability has improved the flexibility and efficiency of healthcare services and enabled continuous patient care.
However, the widespread use of RDPs in healthcare also presents significant cybersecurity risks. If not properly secured, RDP ports can be exploited by cybercriminals as entry points to a healthcare organization's network. Once inside, they can deploy ransomware, steal sensitive patient data, or cause other damage.
One notable example of this risk is the BianLian ransomware, known to exploit unsecured RDPs.
The risks of RDPs: A case study on BianLian ransomware
BianLian ransomware, originally a banking Trojan, has evolved into a formidable ransomware strain. Its operators have shifted their strategy to extortion-only attacks, posing a significant threat to unsecured RDPs. In these attacks, the ransomware encrypts the victim's data and demands a ransom for its release. If the ransom is not paid, the attackers threaten to leak the encrypted data, leading to potential HIPAA violations and reputational damage for healthcare organizations.
The FBI's confirmation of BianLian's new attack strategy underscores the importance of robust RDP security. Healthcare organizations must take proactive measures to protect their RDPs and mitigate the risk of ransomware attacks. This includes limiting the use of RDPs, implementing strong authentication measures, and regularly updating and patching systems.
How to secure RDPs in Healthcare
Securing RDPs in a healthcare setting involves a combination of technical measures, policy implementation, and continuous monitoring. Here are some recommended actions to enhance RDP security and mitigate the risk of ransomware attacks:
- Limit the use of RDPs: Not all tasks require remote access. Limit the use of RDPs to essential functions only. This reduces the number of potential entry points for cybercriminals.
- Implement strong authentication measures: Use strong, unique passwords and consider implementing multi-factor authentication for RDP access. This adds an extra layer of security, making it harder for unauthorized users to gain access.
- Regularly update and patch systems: Cybercriminals often exploit known vulnerabilities in outdated systems. Regularly updating and patching systems can help protect against such exploits.
- Disable command-line and scripting activities: Disabling these activities can prevent cybercriminals from executing malicious scripts or commands if they gain access to your network.
- Restrict usage of PowerShell: PowerShell is a powerful tool, but it can also be used by cybercriminals to carry out attacks. Restrict its usage and ensure it's updated to the latest version.
- Network Level Authentication (NLA): Enable NLA for your RDPs. This security feature requires users to authenticate themselves before they can connect to your remote desktop.
- Firewall configuration: Configure your firewall to block traffic to RDPs (default port 3389) from unknown IP addresses. This can prevent unauthorized access attempts.
- Monitor RDP access: Regularly monitor and log RDP access attempts. Unusual activity could indicate a potential security threat.
While not exhaustive, these measures provide a strong foundation for RDP security in healthcare settings. However, cybersecurity is not a one-time effort but a continuous assessment, implementation, and improvement process.
RDPs and HIPAA compliance
HIPAA doesn't provide specific guidelines for Remote Desktop Protocols (RDPs). However, principles of ensuring the confidentiality, integrity, and availability of Protected Health Information (PHI) are highly relevant.
When using RDPs in healthcare, organizations must consider the following HIPAA requirements:
Access control:
HIPAA mandates that only authorized individuals should have access to electronic PHI. This can be achieved through strong authentication measures, including:
- Unique user identification
- Emergency access procedures
- Automatic logoff
- Encryption and decryption
Audit controls:
Healthcare organizations are required to implement mechanisms to record and examine activity in information systems that contain or use electronic PHI. Regular monitoring of RDP access attempts falls under this requirement.
Integrity controls:
Measures must be in place to ensure that electronic PHI is not improperly altered or destroyed. Regular updates and patches to RDP systems can help maintain the integrity of PHI.
Transmission security:
HIPAA requires protection against unauthorized access during the transmission of PHI. Network Level Authentication (NLA) and firewall configuration for RDPs can help achieve this.
Balance efficiency and HIPAA compliance
While using RDPs in healthcare can enhance operational efficiency, it must be balanced with stringent adherence to HIPAA regulations. By integrating HIPAA compliance into their RDP security strategy, healthcare organizations can protect sensitive patient data while reaping the benefits of remote access technology.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.