Netwrix, a cybersecurity vendor that makes data security easy, released predictions about key trends that will impact organizations in 2021 and beyond. Most of them arise from the digital transformation and new workflows required by the rapid transition to remote work in 2020.
Ilia Sotnikov, cybersecurity expert and Netwrix vice president of product management, recommends that IT and security professionals refine their risk management and business continuity strategies with these seven predictions in mind.
Ransomware will do more damage to motivate payments
Next-gen ransomware will be designed to do damage that is more difficult to recover from in order to force organizations into paying the ransom. One example is “bricking” devices by modifying the BIOS or other firmware. Cybercriminals will also be expanding to new targets, such as operational technology and IoT devices, which may have a much more visible impact on the physical world.
Cloud misconfigurations will be one of the top causes of data breaches
A lack of clear understanding of the shared responsibility model due to the rapid transition to the cloud will backfire in 2021. The speed of transition coupled with prioritizing productivity over security has made misconfigurations inevitable, resulting in overexposed data.
Hackers will increasingly target service providers
The shortage of cybersecurity experts will lead more organizations to turn to managed service providers (MSPs). In response, hackers will conduct targeted attacks on MSPs in order to get access to not just one organization but all of the MSP’s customers.
The rapid digital transformation in 2020 will have a delayed impact on cybersecurity in 2021
In 2020, organizations were forced to quickly adapt to new ways of working and implement new technologies; and through their own admission via the upcoming Netwrix survey with little experience and nearly no time for planning and testing. In 2021, the security gaps caused by the inevitable mistakes during this rapid transition will be exploited, and we will see new data breach patterns like the recent Twitter hacks.
The coronavirus pandemic has impacted us profoundly as most nonessential businesses stay closed, and the nations worldwide stay indoors. The hospital staff is under tremendous stress, and all non-critical medical treatments and procedures are on hold until further notice. The pandemic has halted all industrial activity, and the medical field, the frontline warrior against the virus, has been disrupted the most.
Sadly, whether an opportunistic trend or organized crime, critical situations have always given criminals a favorable moment to strike. Owing to their large payouts and increased public interest in it, medical facilities have emerged as a prime target.
Healthcare: A target of organized fraud
While the health sector has always been a dominant area in case of fraud, the situation intensified after the COVID-19 outbreak. One of the biggest battles that the medical facilities needed and still need to combat is the trafficking of substandard and falsified medical products. These items usually included hand sanitizers, test kits, face masks, and other medical equipment. As the demand for such products spiked, criminal activities attempt to take advantage of the public health system’s capacities.
Besides this major threat, healthcare facilities need to prepare their infrastructure for various cyberattacks. The COVID-19 lowered the resistance of many facilities. INTERPOL reports a significant increase in the number of ransomware attacks against companies and organizations that battle the COVID-19 crisis.
Ransomware virus is one of the deadliest infections as it is capable of stealing or encrypting medical data. Then, if facilities want to retrieve the decryption key or prevent the data from being disclosed publicly, they need to pay large ransoms. During this situation, when hospital staff needs to have access to medical records and patient histories, losing all this confidential data can lead to death. Hence, hospitals need to consider whether their infrastructure is capable of resisting a ransomware infection. One of the options is to perform frequent penetration tests. They help organizations discover their weak points and evaluate the resistance against cyberattacks.
By Justin Fier, director of cyber intelligence and analytics, Darktrace
As the healthcare sector struggles against the COVID-19 crisis, working tirelessly to protect staff and patients while struggling with worsening economic realities, cybercriminals around the world are seeing a golden opportunity to attack.
Overwhelming demand, exhausted staff, IT teams pulled in multiple directions, and a critical reliance on technology to treat patients mean that adversaries have never had more opportunity or incentive to attack healthcare organizations.
By locking healthcare providers out of critical systems at this critical time, attackers can force them to pay a ransom to recover access or face adding to the already grim death toll.
Recently, an advisory was jointly issued by CISA and the UK’s National Cyber Security Centre (NCSC). This joint alert stemmed from the increase in state-sponsored attacks against organizations connected to COVID-19 research and response. These include pharmaceutical companies, hospitals, government agencies, research institutes, and more.
With the spread of COVID-19, strict social distancing and shelter-in-place policies, the practice of working remotely and implementing applications that limit in-person interaction have become the new norm.
Hospitals and health systems are at the forefront of this shift, and many are struggling with managing the IT infrastructural challenges created by the sudden massive demand for remote technology needed to cope with the global crisis.
Those able to work remote may not be used to working outside of the office, nor do they have the proper equipment or office space to comfortably and efficiently work from home.
We assume that in 2020 each employee has access to a decent internet connection, but how can you really make sure they do? What about your infrastructure? Are you confident that your systems currently in place can withstand a different workflow? Do you have the right security measures in place? How do you trust that your employees are still being productive?
As health organizations continue to provide the same high quality of care and service while also keeping clinicians safe and healthy, we see IT challenges arising in numerous areas. While there is a great deal of depth to this topic, the following outlines a few of the major considerations for health organizations and IT teams shifting to a remote workforce.
When was the last time you evaluated key areas and were provided with recommendations for improvements in your IT environment? Take this opportunity to ensure you have the systems in place to facilitate strategic shifts and new initiatives like working remotely.
Network and remote access: to meet dynamic business needs, an organization’s network environment needs to be efficiently architected to facilitate high-performance at the right cost. As end users and devices accessing a network remotely increase, this service becomes a more important and critical responsibility. Optimize and manage bandwidth to ensure your network can withstand the rapid influx of traffic. Also, don’t forget to account for the number of licenses you will need to support your remote connections.
Virtual desktop infrastructure: remote workers can be deployed faster and supported more easily by using a Virtual Desktop Infrastructure (VDI). VDI allows for a consistent and simplified computing environment both locally and remotely. With VDI, IT support staff are better equipped to manage desktop computing due to centralized management tools that ease the burden of software updates, endpoint security, end-user support, endpoint replacement and future expansion
In the past few months, telehealth services have helped many to obtain medical services and avoid exposure to COVID-19 while freeing up resources for those facing graver conditions. This is a great example of an unexpected circumstance quickening the adoption of new technology that will remain after the crisis has passed, but the rapid adoption has also overwhelmed telehealth services, illustrating the importance of network resilience.
Telehealth is just one relatively new application of technology that’s part of a constantly growing repertoire of connected tools. To provide optimal patient care, healthcare ecosystems require constant connectivity to many other bandwidth-intensive applications, such as IoT devices, systems to process patient data via electronic health records (EHR) and picture archiving systems (PACS). With experts predicting the Internet of Medical Things (IoMT) market to be worth $158.1 billion USD by 2022 (Deloitte), we can only expect this trend to grow.
With all these new advancements come new risks. Healthcare systems are comprised of multiple facilities, such as hospitals, labs and urgent care units that all have multi-point connectivity requirements. This requires higher capacity wide area networks (WAN) – often in the form of software-defined wide area networks (SD-WAN). If one of these points loses connectivity for reasons like a cyber-attack, an interoperability issue or a bad SD-WAN router update, the entire network could go offline.
To keep healthcare networks running, organizations need intelligent systems and processes to monitor every piece of equipment, prevent issues, and recover from incidents quickly. This will ensure the secure, always-on availability needed to decrease costs, meet strict regulatory requirements, and improve patient experiences.
Top challenges that can bring your healthcare network down
Three large challenges healthcare organizations face are protecting data, staying online during network consolidations, and unexpected incidents like natural disasters or physical equipment disruptions. These could all bring the primary network offline.
Cyber criminals constantly seek to breach data networks and harvest patient data. In this regard, ransomware attacks, which are primarily transmitted through spam/phishing or other manipulations of unprepared users operating in the primary data plane, cause many healthcare enterprises to shut down computer systems, including their EHR. No topic is off limits to hackers, and even in the past few months, research has revealed phrases like “corona” or “covid” have been featured in spam emails (RiskIQ).
Weather a health system is seeking to modernize its infrastructure or a merger has led to a large transformation, consolidating networks can also be a challenge, requiring the migration of a multitude of apps and hardware components that must stay online at all times and integrate with one another in a cohesive system.
Lastly, unexpected outages from physical events can bring a system offline by disrupting vulnerable points like last mile connections. In this regard, a wide range of network components, such as cable interconnects, switches, power supplies, storage arrays, or chillers could present problems. To support new technologies, network environments are only becoming more complex, which means more software stacks that are frequently updated and susceptible to exploits, bugs and cyberattacks.
Healthcare employees are on the frontlines of the coronavirus pandemic, in many cases working extended hours under extremely taxing circumstances in an effort to treat the growing number of infected patients. In this environment, it’s critical that everyone is cognizant of an unfortunate reality of our times: hackers are always looking for ways to capitalize on a crisis.
As such, it’s important that hospitals and healthcare institutions help employees safeguard their data and ensure they are cognizant of the increased security threats associated with the pandemic. Following are a few tips to consider:
A rise in phishing scams. As mentioned above, many hackers are employing phishing scams to pose as companies offering a legitimate coronavirus-related service in an attempt to trick recipients into sharing credit card information or other personal data. The good news is that there are some common characteristics associated with phishing attacks that people can use to vet these communications. For example, encourage employees to check for grammar, punctuation and formatting errors as these are often phishing red flags. It’s also important to review links before actually clicking on them and look for things that appear odd such as dashes, extra characters, or additional letters and numbers. Another good practice is to check the email address itself to see if it contains multiple numbers or letters. Finally, encourage employees to always reach out to the company in question to determine the authenticity of an offer before clicking on any links if they harbor doubts.
Increased online shopping: With more shopping taking place online, particularly for healthcare employees working long hours, the importance of strong, unique passwords is more critical than ever. It’s extremely common for people to create simple passwords that they share across multiple accounts. However, if those credentials have been leaked in a previous breach, hackers can easily use them to access these accounts and all the data they contain. Healthcare institutions must stress the significant vulnerability of this poor password practice, and encourage employees to review existing passwords and ensure any new accounts they create are protected by strong, unique credentials. Password manager solutions can be extremely helpful, particularly for people who are setting up numerous new online accounts in response to “Stay Home” orders.
An uptick in connectivity: With people working from home or participating in remote learning programs, many families are experiencing an increase in internet connectivity. This undoubtedly puts a strain on bandwidth, but it also introduces some security vulnerabilities. For example, what if a child accidentally downloads malware on the home network? And are connected devices like voice assistants or smart TVs protected by unique passwords, or do they still have the default factory settings? It’s important that employees are aware of the threats that can arise with greater connectivity and ensure they take steps to address them. It’s also essential that hospitals insist employees use their VPN whenever accessing work-related systems or data from home to keep this information protected.
In addition to the considerations outlined above, it’s also important that healthcare employees keep an eye on the evolving cybersecurity landscape as it relates to the pandemic. It’s likely that hackers will continue to find new ways to exploit the situation for their own nefarious purposes. As employees work diligently to combat coronavirus, it’s essential that hospitals remind them to keep their personal information safe.
Anyone who watches the news should be aware of the constant threat of identity theft. Every day, hackers create new scams and tactics to steal private information that they can sell to the highest bidder or use to take out loans and credit cards and put victims in debt. Unfortunately, few industries are as exposed to these threats as the healthcare industry.
Every time someone goes to the doctor, they are sharing personal details with their medical provider and other staff, which gets logged into a computer for later — and hackers are eager to unlock this treasure trove of private info. As technology advances, so will the threats, so extra precautions will be necessary. Below are the threats coming down the pike and how to prevent them.
Emerging Healthcare Threats
Healthcare will always be a huge target for cyber thieves simply because of the pure amount of information that is created with every doctor’s appointment or surgical procedure. An emerging threat that is gaining steam is ransomware attacks, where hackers take control of patient data with the hope of illegal profit.
Just one example includes how, early in 2019, hackers gained access and encrypted the data within the computer system of provider NEO Urology. Fearing the worst, the staff paid the requested $75,000, and the data was freed. It was a painful price to pay for a threat that could have been avoided.
All it takes is one successful scheme to bring the criminals out of the woodwork. Since the NEO hack, several other ransomware attacks have occurred around the country, including instances in New York and California, where thousands of patient records have been compromised. When these attacks occur, it is not only patients that face the consequences, but also the business, as the cost to repair a corporate image and fix the damage could cost a company millions.
New technologies are on the horizon, but they too must be safeguarded from cyber threats. Lately, the idea of integrating artificial intelligence into hospitals has been gaining steam, as experts believe that this technology could limit the number of hospital errors as well as assist with earlier detection of medical issues. However, while this technology continues to evolve, it is still open to the risk of cybercrime.
As a first step to securing your hospital systems, a penetration test should be completed. Penetration testing involves inspecting your system for vulnerabilities, such as weak firewalls or poor security policies, and creates a report, so you know what to fix to protect patient information involved. Your baseline security should be intact before adding any new features.
By Dena Bauckman, vice president of product management, Zix.
When you go to the hospital, you want to be under the care of the best personnel and state-of-the-art technology. It’s easy to assume that’s the case when you’re surrounded by astronomically expensive devices like MRI machines, CT scanners, and surgical robots.
Behind the scenes, however, systems might not be on the cutting edge. According to a report from the Institute of Global Health Innovation at the Imperial College of London, the National Health Service is plagued by inadequate cyber defenses that could put the service system’s patients at risk. The picture isn’t any rosier on this side of the Atlantic Ocean. In September 2019 alone, just shy of 2 million records were breached in American healthcare hacks.
Antiquated computers, insufficient funding, and a lack of necessary expertise in cybersecurity are all combining to create a dangerous situation in healthcare. Sensitive as patient data may be, its theft isn’t even the biggest risk. “A cyberattack on a hospital’s computer system can leave medical staff unable to access important patient details — such as blood test results or X-rays, meaning they are unable to offer appropriate and timely care,” one of the aforementioned report’s authors wrote. “It can also prevent life-saving medical equipment or devices from working properly.”
A Typical Diagnosis
Despite the plethora of healthcare cybersecurity breaches in the headlines, most organizations still aren’t prepared to defend themselves against the latest generation of cyber threats. That’s no surprise because the number of threats they must contend with is increasing each day. In order to provide the best care possible, healthcare organizations must also collect some of the most valuable data available to enterprising cybercriminals.
Birthdays, Social Security numbers, payment information, and health records all add up to an identity theft gold mine. Once they have the information, hackers can steal even more with targeted phishing campaigns (a practice called spearphishing) that are almost impossible for the average user to detect. If all else fails, the granular detail associated with healthcare information means that the data can fetch a large sum on the dark web — especially when records are stolen by the millions.
As healthcare organizations adopt exciting new technologies, the problem only becomes worse. Those new technologies come with new vulnerabilities, some of which won’t be discovered until they’ve caused a breach. With so many digital devices (including those owned by employees) being used to access, store, and transmit sensitive data, it’s no wonder hackers are having an easy time finding an entry point.
By Glenn Day, chief sales officer and practice leader of healthcare, HUB International.
True Story: An employee at one New England medical practice stayed after hours to search patient records for gossip on her neighbor. She found what she was looking for – evidence that the neighbor was seeking psychiatric counseling. She posted it on Facebook. As soon as the clinic discovered what happened, the employee was terminated.
But, the damage had already been done. The practice was named in a lawsuit for failing to properly supervise the employee and safeguard patient medical records. Without cyber coverage, the medical clinic was on their own for legal fees and settlements.
Healthcare data breaches are complex and this story is just one example. It doesn’t matter who the perpetrator of the breach is, the responsibility for regulatory-compliant breach response almost always falls upon the original data collector.
With more than half – or 63% – of healthcare cybersecurity breaches caused by criminal or malicious activity; hacking accounts for 20% and ransomware represents 10% of healthcare breach claims.
Data breaches have also brought new regulations and guidelines to healthcare, like the HIPAA and ransomware guidelines published by the Department of Health and Human Services. The rule requires HIPAA-covered entities that have suffered a ransomware attack to prove thorough a documented investigation that their data wasn’t actually acquired, but only frozen by the hacker.
These forces have contributed significantly to healthcare’s rising data breach costs. According to the Ponemon 2017 Cost of Data Breach Study, healthcare has the highest per capita data breach cost.
Having a robust healthcare cybersecurity policy, and understanding what’s covered and what’s not can help alleviate losses and put your healthcare institution into the driver’s seat post-breach.
Here are seven things you need to know about healthcare cybersecurity coverage:
Developments in technology have had a profound impact on nearly every aspect of our lives. We can hardly get through an hour without tech having an effect on what we’re doing, let alone a full day. From the morning alarm on our smartphones, to the Bluetooth sound system in our cars, to the social media accounts we share everything on, technology surrounds us.
Perhaps one of the aspects that many of us think the least about is how it has utterly transformed the way we manage our healthcare data. The development of electronic health records and, even more importantly, the cloud, have brought about all sorts of changes. Many have the potential to impact our lives in both positive and negative ways depending upon how they are managed.
When it comes to our health data, there is an added urgency in making sure everything is safe and secure no matter where it is ultimately stored. Well managed data can mean a more efficient and effective healthcare service, while mismanaged data can lead to the loss of personal information and an unraveling of the privacy most of us have come to expect in a professional healthcare setting.
Medical Records, HIPAA and the Cloud
In 1996, the United States government passed HIPAA, a landmark healthcare act that helped to create and enforce privacy and data security requirements associated with medical information. The act has since been expanded in an effort to keep up with modern technologies, and nearly everyone involved in the healthcare system is expected to follow the rules. Because of this legislation, one can expect that their medical records will be kept private unless they choose to release them, no matter where they are stored.
Cloud-based data storage and technology provides numerous benefits to the healthcare system including things such as better dataset analysis, improved efficiencies in individual patient care, and a much lower cost. However, it can also lead to a number of concerns, especially when it comes to HIPAA compliance. HIPAA rules not only apply to the medical facilities that are using cloud technology, but also to the tech vendors as well.
Unfortunately, just because cloud technology providers are not exempt from HIPAA rules, does not mean that they necessarily follow them. There is no real certification process and the government doesn’t exactly clear companies to work with healthcare organizations. It is completely up to the healthcare entity and the tech provider to make sure their services are meeting the necessary HIPAA standards.
Loopholes in the System
It may come as somewhat of a surprise to both patients and healthcare providers to learn that there are popular new aspects of medicine and technology that aren’t necessarily covered by HIPAA regulations. For instance, HIPAA does not cover anonymized data such as the data that is collected during genetic testing. Essentially, this allows for a patient’s anonymous information to be shared at will.