There is some startling data in the 2017 Verizon Data Breach Investigation Report. What stood out to me as most concerning is that more breaches occurred in healthcare this year than last year. After reviewing the report, I see three key trends.
By default, a lot of people have access to patient medical records. This only make it very easy, and perhaps a bit enticing, for a few of those people to take advantage of the situation.
The Verizon report shows that internal actors are largely responsible for the loss of data. I’m talking about employees who access patient data out of curiosity or to commit identity fraud. Apparently, it is the only industry where this is occurring in such a dramatic volume.
While everyone else is worrying about cyber attacks from someone they’ve never met, cybersecurity professionals in healthcare worry most about the people they talk to in the break room.
Even worse, it seems to be a bit of a mix between financial gain – patient records are the most valuable form of digital personal data – and simple curiosity. The curious want to know what’s going on with others and the information is there for the taking.
When an attack on healthcare comes from an outsider, ransomware is the order of the day, extorting millions of dollars from people and organizations after infecting and encrypting their systems.
It was a lowly 22 on the list of common malware in the 2014 Verizon report. In 2017, it’s No. 5. The number of ransomware incidents increased to 228 in this year’s report, up from 159 in the 2016. That tells me it’s easy to do, and more importantly, it works. Good for attackers. Not so good for healthcare.
The ongoing proliferation of IoT in the medical industry doesn’t help either. These medical devices are producing an unprecedented volume of data about all of us at an alarming rate, and most people don’t even have a way to track what or where those devices are.
IoT might be the easiest target for attackers. There are lots of them, no one is watching and security is nonexistent. We’ve seen recent attacks evolve from authenticating through default admin passwords and using IoT for botnets to the outright destruction of IoT devices by wiping their drives. Granted, wiped devices can be restored, but the impact is far greater if those devices deliver critical care.
There is a recurring set of challenges based on the feedback we get from our healthcare customers.
When you factor in how long it takes to discover a digital breach, it becomes apparent that healthcare is currently losing the battle. It’s not acceptable to find out weeks, months or years after a breach occurs.
I believe the answer lies in 360-degree visibility inside the network, real-time attacker detection, and the prioritization of all detected threats.
However, that answer must address the challenges I mentioned earlier. Here are four ways to get there:
This is the fundamental approach advocated by a growing number of healthcare organizations. Many are augmenting their security teams with artificial intelligence to automate the hunt for cyber attackers in the network and speed-up incident response. It’s a battle that has been won by many healthcare organizations.
Ransomware attacks have unique characteristics, such as credential theft to propagate the attack, delayed encryption to infect as many machines as possible, and code that targets servers and user systems.
Healthcare is the No. 2 target of ransomware. One recent victim is Greenway Health, an electronic health records firm for the healthcare industry. A few weeks ago, a ransomware attack impacted 400 clients, according to a story in Health Data Management.
The article states that Greenway restored about half its clients to date, with the other half still stuck using manual processes. This is of concern to everyone. Greenway is suffering financial losses and healthcare providers are suffering from a crisis in the quality of care.
Ironically, the chief information security officer at one of our healthcare customers recently told me that “Vectra enabled my security team to detect and stop not one, but three ransomware attacks last year before they caused damage.”
The idea of automating the hunt cyber attackers in the network and speeding-up incident response is catching on in healthcare.
For more information about strengthening cybersecurity in healthcare, download the solution brief, Protecting patient health and privacy from cybercriminals.
Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.