With new threats and challenges emerging in the digital world every day, maintaining optimal IT security has become a daunting task for any organization. More than ever before, healthcare organizations are feeling the heat from regulators regarding cyber security. In this blog post, we look at some of the top healthcare IT security tips you should know to keep your organization safe from cyberattacks.
With more than one billion records being compromised every year, data privacy and protection is a topic that cannot be ignored anymore by any organization without risking its reputation significantly. Considering how many patient records are digitized these days, it’s not surprising that hackers are increasingly targeting healthcare companies with ransomware attacks or other ways to get access to confidential information.
Know Your Employees And Monitor Behavior
Healthcare organizations often deal with extremely sensitive data, and thus it’s important that your employees are aware of what information is private and what information can be shared publicly. It’s also important to keep an eye on how your employees are using their devices at work.
If you notice that someone is downloading files from the network that they shouldn’t be accessing, it might be an indication of malicious behavior. It’s also important to keep an eye on the devices your employees are using. If your organization has BYOD (Bring Your Own Device) policies, it’s important to make sure that those devices are secured against malware or other threats.
Ensure Strong Passwords And Network Security
While there are many different ways for cybercriminals to break into your network, weak passwords remain a commonly exploited vulnerability. It’s important to make sure that your employees are using strong passwords containing a combination of letters, numbers, and symbols.
To avoid having to reset passwords on a regular basis, it’s a good idea to suggest the use of password managers. Another important network security tip is to implement two-factor authentication (2FA) for all critical systems. This will help to prevent unauthorized users from accessing sensitive data.
Many cyber gangs list ‘medical organizations’ as non-targets. But, that hasn’t stopped them from executing attacks on hospitals, health delivery organizations, pharmaceutical companies, and other entities in the sector.
Since 2020, the health sector has seen a rapid rise in cyberattacks. Ransomware has been the main form of attack.
Cybercriminals have claimed that healthcare providers have only been collateral victims. Yet, some have deliberately targeted hospitals to obtain classified medical records, transactions, and other sensitive patient data. This article will uncover the main cybersecurity challenges facing the healthcare industry, as well as some solutions to the main threats.
Top Cybersecurity Challenges for Healthcare Organizations
Ransomware gangs have stepped up their attacks on critical national infrastructure, including healthcare.
A survey from 2021 interviewed 597 health delivery organizations. 42% of them reported being victims of at least two ransomware attacks in previous years.
Ransomware is usually distributed through phishing emails containing trojan viruses. The attackers disguise the virus as a link or attachment. When a user clicks the link or downloads the attachment, the trojan is ready to strike.
By Devin Partida, technology writer and the editor-in-chief, ReHack.com.
The medical industry’s growing reliance on digital technologies has come with some increased risks. That became painfully evident for thousands of patients in the wake of a recent ransomware attack on CaptureRX, a healthcare administrative service provider.
On February 6, hackers accessed sensitive patient data from multiple CaptureRX clients, affecting at least 1 million people. The company started investigating after noticing unusual activity, and by February 19, it could confirm that someone had stolen patients’ personally identifiable information (PII). CaptureRX started alerting affected clients on March 30, and the full scope of the incident is still unclear.
Health IT’s Growing Ransomware Problem
This is far from the first instance of a ransomware attack on a health IT company. Ransomware as a whole has become much more common in the past few years, and medical businesses are more at risk than most. Hospitals have more to lose in these attacks, given the sensitive nature of their data, so a successful breach could be more profitable for hackers.
In 2020 alone, there were 92 ransomware attacks against healthcare organizations, affecting more than 18 million patient records. That represents a 60% increase over 2019 in the number of attacks and a 470% increase in records affected. Since 2016, these attacks have cost the industry more than $31 billion.
The CaptureRX attack is the latest in a troubling and growing trend of ransomware attacks against health IT. If industry leaders aren’t already aware of this problem, the sheer size of this incident will likely get their attention. With these attacks becoming more frequent and expensive, the sector will likely shift in response.
The COVID-19 pandemic has created a number of personal health data challenges for both healthcare organizations and private businesses alike. From vaccine passport requirements and businesses handling incredibly sensitive information on their employees, to healthcare workers accessing sensitive patient data while working from home, the health crisis has created unprecedented data security and compliance challenges for employers and healthcare providers.
COVID-19’s Impact on Data Security
When COVID-19 first hit, many healthcare organizations shifted to a partially remote workforce overnight. This meant that healthcare administrators were using personal devices and had access to systems and data that they previously could only access on their employers’ network. The focus was on productivity and business continuity, not cybersecurity.
However, over a year later, we are still using this makeshift IT environment and the increased cyber risks have not been addressed. By accessing patients’ private healthcare information from personal devices or home networks, administrators are doubling or tripling the risk of a breach.
Why Do Criminals Want Healthcare Data?
There are several regulations designed to protect personal data, but health data presents unique challenges. For example, if my credit card were stolen, I can be assured that PCI would cover any losses due to my banks’ contractual obligations with credit card companies. However, my health data – including DNA, disease history and medical conditions – are fully unique. No one can reimburse me with a new set of personal health information!
Criminals understand this, which has led to a rise in personal health data being stolen. Many hackers are now breaching health systems’ networks for personal information, and demanding ransom from individuals to keep that data private.
Furthermore, healthcare workers have been under increased pressure due to the pandemic, which has made hospitals and health systems a more appealing and “softer” target for hackers.
Response from Sarah Johnson, RN and the health ambassador, Family Assets.
I’m an RN and the health ambassador for Family Assets, an eldercare and senior living resource for older adults and caregivers.
Working in eldercare and watching how telehealth technology has radically reshaped geriatric care during the pandemic, I think the most important question healthcare technology professionals should be asking themselves right now is: given that hospitals and healthcare facilities have been prime targets for cybercriminals, largely because of aging infrastructure, what needs to be done to make the rapidly expanding healthcare tech industry more secure?
I think the obvious answer to this is the development of much more robust digital security protocols at individual institutions and a massive educational initiative for healthcare providers and workers. This should include, among other things, scheduled stress testing that probes for cybersecurity vulnerabilities.
Too many organizations, within and outside of healthcare, are completely unprepared for the cyberthreats they face and are not diligent enough when it comes to monitoring and probing for weaknesses.
All healthcare technology professionals should have this issue front and center
Netwrix, a cybersecurity vendor that makes data security easy, released predictions about key trends that will impact organizations in 2021 and beyond. Most of them arise from the digital transformation and new workflows required by the rapid transition to remote work in 2020.
Ilia Sotnikov, cybersecurity expert and Netwrix vice president of product management, recommends that IT and security professionals refine their risk management and business continuity strategies with these seven predictions in mind.
Ransomware will do more damage to motivate payments
Next-gen ransomware will be designed to do damage that is more difficult to recover from in order to force organizations into paying the ransom. One example is “bricking” devices by modifying the BIOS or other firmware. Cybercriminals will also be expanding to new targets, such as operational technology and IoT devices, which may have a much more visible impact on the physical world.
Cloud misconfigurations will be one of the top causes of data breaches
A lack of clear understanding of the shared responsibility model due to the rapid transition to the cloud will backfire in 2021. The speed of transition coupled with prioritizing productivity over security has made misconfigurations inevitable, resulting in overexposed data.
Hackers will increasingly target service providers
The shortage of cybersecurity experts will lead more organizations to turn to managed service providers (MSPs). In response, hackers will conduct targeted attacks on MSPs in order to get access to not just one organization but all of the MSP’s customers.
The rapid digital transformation in 2020 will have a delayed impact on cybersecurity in 2021
In 2020, organizations were forced to quickly adapt to new ways of working and implement new technologies; and through their own admission via the upcoming Netwrix survey with little experience and nearly no time for planning and testing. In 2021, the security gaps caused by the inevitable mistakes during this rapid transition will be exploited, and we will see new data breach patterns like the recent Twitter hacks.
The coronavirus pandemic has impacted us profoundly as most nonessential businesses stay closed, and the nations worldwide stay indoors. The hospital staff is under tremendous stress, and all non-critical medical treatments and procedures are on hold until further notice. The pandemic has halted all industrial activity, and the medical field, the frontline warrior against the virus, has been disrupted the most.
Sadly, whether an opportunistic trend or organized crime, critical situations have always given criminals a favorable moment to strike. Owing to their large payouts and increased public interest in it, medical facilities have emerged as a prime target.
Healthcare: A target of organized fraud
While the health sector has always been a dominant area in case of fraud, the situation intensified after the COVID-19 outbreak. One of the biggest battles that the medical facilities needed and still need to combat is the trafficking of substandard and falsified medical products. These items usually included hand sanitizers, test kits, face masks, and other medical equipment. As the demand for such products spiked, criminal activities attempt to take advantage of the public health system’s capacities.
Besides this major threat, healthcare facilities need to prepare their infrastructure for various cyberattacks. The COVID-19 lowered the resistance of many facilities. INTERPOL reports a significant increase in the number of ransomware attacks against companies and organizations that battle the COVID-19 crisis.
Ransomware virus is one of the deadliest infections as it is capable of stealing or encrypting medical data. Then, if facilities want to retrieve the decryption key or prevent the data from being disclosed publicly, they need to pay large ransoms. During this situation, when hospital staff needs to have access to medical records and patient histories, losing all this confidential data can lead to death. Hence, hospitals need to consider whether their infrastructure is capable of resisting a ransomware infection. One of the options is to perform frequent penetration tests. They help organizations discover their weak points and evaluate the resistance against cyberattacks.
By Justin Fier, director of cyber intelligence and analytics, Darktrace
As the healthcare sector struggles against the COVID-19 crisis, working tirelessly to protect staff and patients while struggling with worsening economic realities, cybercriminals around the world are seeing a golden opportunity to attack.
Overwhelming demand, exhausted staff, IT teams pulled in multiple directions, and a critical reliance on technology to treat patients mean that adversaries have never had more opportunity or incentive to attack healthcare organizations.
By locking healthcare providers out of critical systems at this critical time, attackers can force them to pay a ransom to recover access or face adding to the already grim death toll.
Recently, an advisory was jointly issued by CISA and the UK’s National Cyber Security Centre (NCSC). This joint alert stemmed from the increase in state-sponsored attacks against organizations connected to COVID-19 research and response. These include pharmaceutical companies, hospitals, government agencies, research institutes, and more.
With the spread of COVID-19, strict social distancing and shelter-in-place policies, the practice of working remotely and implementing applications that limit in-person interaction have become the new norm.
Hospitals and health systems are at the forefront of this shift, and many are struggling with managing the IT infrastructural challenges created by the sudden massive demand for remote technology needed to cope with the global crisis.
Those able to work remote may not be used to working outside of the office, nor do they have the proper equipment or office space to comfortably and efficiently work from home.
We assume that in 2020 each employee has access to a decent internet connection, but how can you really make sure they do? What about your infrastructure? Are you confident that your systems currently in place can withstand a different workflow? Do you have the right security measures in place? How do you trust that your employees are still being productive?
As health organizations continue to provide the same high quality of care and service while also keeping clinicians safe and healthy, we see IT challenges arising in numerous areas. While there is a great deal of depth to this topic, the following outlines a few of the major considerations for health organizations and IT teams shifting to a remote workforce.
When was the last time you evaluated key areas and were provided with recommendations for improvements in your IT environment? Take this opportunity to ensure you have the systems in place to facilitate strategic shifts and new initiatives like working remotely.
Network and remote access: to meet dynamic business needs, an organization’s network environment needs to be efficiently architected to facilitate high-performance at the right cost. As end users and devices accessing a network remotely increase, this service becomes a more important and critical responsibility. Optimize and manage bandwidth to ensure your network can withstand the rapid influx of traffic. Also, don’t forget to account for the number of licenses you will need to support your remote connections.
Virtual desktop infrastructure: remote workers can be deployed faster and supported more easily by using a Virtual Desktop Infrastructure (VDI). VDI allows for a consistent and simplified computing environment both locally and remotely. With VDI, IT support staff are better equipped to manage desktop computing due to centralized management tools that ease the burden of software updates, endpoint security, end-user support, endpoint replacement and future expansion
In the past few months, telehealth services have helped many to obtain medical services and avoid exposure to COVID-19 while freeing up resources for those facing graver conditions. This is a great example of an unexpected circumstance quickening the adoption of new technology that will remain after the crisis has passed, but the rapid adoption has also overwhelmed telehealth services, illustrating the importance of network resilience.
Telehealth is just one relatively new application of technology that’s part of a constantly growing repertoire of connected tools. To provide optimal patient care, healthcare ecosystems require constant connectivity to many other bandwidth-intensive applications, such as IoT devices, systems to process patient data via electronic health records (EHR) and picture archiving systems (PACS). With experts predicting the Internet of Medical Things (IoMT) market to be worth $158.1 billion USD by 2022 (Deloitte), we can only expect this trend to grow.
With all these new advancements come new risks. Healthcare systems are comprised of multiple facilities, such as hospitals, labs and urgent care units that all have multi-point connectivity requirements. This requires higher capacity wide area networks (WAN) – often in the form of software-defined wide area networks (SD-WAN). If one of these points loses connectivity for reasons like a cyber-attack, an interoperability issue or a bad SD-WAN router update, the entire network could go offline.
To keep healthcare networks running, organizations need intelligent systems and processes to monitor every piece of equipment, prevent issues, and recover from incidents quickly. This will ensure the secure, always-on availability needed to decrease costs, meet strict regulatory requirements, and improve patient experiences.
Top challenges that can bring your healthcare network down
Three large challenges healthcare organizations face are protecting data, staying online during network consolidations, and unexpected incidents like natural disasters or physical equipment disruptions. These could all bring the primary network offline.
Cyber criminals constantly seek to breach data networks and harvest patient data. In this regard, ransomware attacks, which are primarily transmitted through spam/phishing or other manipulations of unprepared users operating in the primary data plane, cause many healthcare enterprises to shut down computer systems, including their EHR. No topic is off limits to hackers, and even in the past few months, research has revealed phrases like “corona” or “covid” have been featured in spam emails (RiskIQ).
Weather a health system is seeking to modernize its infrastructure or a merger has led to a large transformation, consolidating networks can also be a challenge, requiring the migration of a multitude of apps and hardware components that must stay online at all times and integrate with one another in a cohesive system.
Lastly, unexpected outages from physical events can bring a system offline by disrupting vulnerable points like last mile connections. In this regard, a wide range of network components, such as cable interconnects, switches, power supplies, storage arrays, or chillers could present problems. To support new technologies, network environments are only becoming more complex, which means more software stacks that are frequently updated and susceptible to exploits, bugs and cyberattacks.