Tag: healthcare cybersecurity

Clinical Zero Trust: The Time Is Right In Healthcare

By Jamison Utter, director of product evangelism, Medigate.

Jamison Utter

Last year (2020) was a year of chaos, and one that demonstrated why robust cybersecurity is an essential priority for all healthcare organizations. From COVID-19 disruptions to rapidly increasing networks of managed and unmanaged devices, it’s never been more important to secure the critical infrastructure that forms the basis of clinical care.

This is easier said than done- after all, the growing reliance on digital platforms has opened opportunities for increased attacks and raised questions about data collection and privacy. Threats like Ryuk and other high-profile breaches made a notable impact on the industry’s understanding of cybersecurity, not only for their monetary implications, but the significant operational disruptions that these incidents caused. On a national level, we’re seeing care networks expanding alongside access to telehealth services and the implementation of remote patient monitoring tools– with significant amounts of PHI being broadcast and analyzed each day.

When looking at these trends, there are two immediate realizations that all healthcare leaders should understand: 1) the rate of attacks is only going to increase as healthcare operations become smarter and more connected and 2) we need a better solution that works alongside clinical practitioners, biomed departments and organizational leaders even as it protects them from malicious attackers. For many of these concerns, the answer is Zero Trust, or more specifically, Clinical Zero Trust (CZT), that is uniquely attuned to the needs of the healthcare industry.

What Is Clinical Zero Trust?

Zero Trust represents the concept of “trust nothing, verify everything” in terms of cybersecurity. It has since grown to represent a networking approach that centers the design and application of IT networks around the identity and access rights of users and their data. Clinical Zero Trust applies this same idea but to the cyber and physical environment of healthcare organizations.

Think of CZT as a strategy and not a technology; it is an end goal rather than a feature or ability. Cyber protections like firewalls and end-point security solutions make up some of the offerings that help create a CZT environment. A typical healthcare organization has a security system that prioritizes protecting devices and data– CZT shifts the focus to protect physical workflows, which are made up of the people and processes involved in delivering care.

This means the protected surface extends to the physical world, including everything associated with administering a procedure or delivering care. At first glance, it seems like an impossible task to protect physical things with cyber technologies, but in reality, when you look at the clinical setting holistically it makes it easier to identify interdependencies and develop strategies that will effectively protect the physical, business and digital processes to drive optimal patient outcomes.

Continue Reading

How To Secure Hospitals In An Increasingly Inhospitable World

By Paul Keely, general manager, Born in the Cloud business unit at Open Systems.

Paul Keely

Cyberattacks are never easy. But when ransomware actors recently hit several U.S. hospitals with attacks, it was especially problematic. Anything that wipes out a hospital’s compute environment is bad because hospitals are now 100% digital. Add to that the fact that the U.S. is recording around 100,000 COVID-19 cases a day, and you’ve got a real challenge on your hands.

This Was a Large and Sophisticated Attack

There are two general types of cyberattacks. Spray-and-pray attacks don’t have a particular target. Attackers simply go into an environment and hope the worm or malware spreads. WannaCry, which crippled the U.K. National Health Service in 2017, is a spray-and-pray attack.

The recent attack on the U.S. hospitals is known as an advanced persistent threat. This kind of attack is far more sophisticated, and focused on a specific area – in this case, the American healthcare system. We haven’t heard of a similar attack in Europe.

This attack doesn’t appear to have been staged for fun by a group of guys in a college dorm room. It’s a big attack. The FBI is telling American healthcare systems to block 150 IP addresses.

The Threat Ravaged Some and Left Others Unscathed

Some of the targeted healthcare organizations were severely affected by this recent attack. The malware landed on computers and moved very rapidly to encrypt hard drives, making the IT resources of these organizations essentially useless.

At least one impacted organization may have to build and migrate everybody slowly but surely to a new Active Directory environment. That’s a doomsday scenario. Active Directory acts as the very core of an organization’s identity. Without Active Directory, an organization can’t say for sure whether its IT environment – and, thus, its organization as a whole – is safe.

Continue Reading

Navigating Cybersecurity In Healthcare

By Navin Balakrishnaraja, practice director for healthcare IT Services, All Covered (IT services division of Konica Minolta).

See the source imageTechnology continues to advance the healthcare industry, providing more precision and improved delivery of care. However, it’s more important and even more challenging than ever for organizations to secure patient information and keep health data safe.

Advancements in cybersecurity measures need to go hand in hand with privacy and still a necessity. The frequency of data breaches in the healthcare industry has been on the rise and healthcare is now the most targeted sector by cybercriminals.

According to the Ponemon Institute, the average cost of a healthcare breach resulted in $7.13 million, a 10% increase from 2019. Healthcare has been a primary target in recent ransomware attacks, as you’ve probably seen the headlines and continue to hear it all over media.

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have received “credible information of increased and imminent cybercrime threats” aimed at hospitals and healthcare providers in the United States. They released an advisory of this targeted activity to all healthcare networks and that it appears that targeted attacks are only going to escalate.

Because of the immutable, high-value nature of electronic patient health information (ePHI), health data is a gold mine to cybercriminals. On the dark web, the cost of one record averages around more than $400 per record. A large shift in ransomware deployment operations has taken place. Cybercriminals are like psychologists, staying one step ahead of tools and user sophistication. Many of them depend on malware, but the focus has been on gaining privileged access and exploring target networks to disable security processes.

Also, the malwares do vulnerability scans on their end to see where they can inflict maximum damage to organizations. For example, the cybercriminal enterprise behind TrickBot, which is likely also the creator of BazarLoader malware, has continued to develop new functionality and tools, increasing the ease, speed, and profitability of victimization. Cybercriminals disseminate TrickBot and BazarLoader via phishing campaigns that contain either links to malicious websites that host the malware or attachments with the malware.

Loaders start the infection chain by distributing the payload; they deploy and execute the backdoor from the command and control (C2) server and install it on a victim’s machine. This example shows what organizations are running up against, making cyberattacks more intricate in nature.

Continue Reading

Cozy Bear’s Recent Hack Is Just One More Incident In A Troubling Trend

By Thomas Pace, vice president, global enterprise solutions, Blackberry Cylance.

Thomas Pace

Recently, hacking group Cozy Bear attempted to steal COVID-19 vaccine research from multiple organizations in Canada, the United States, and the United Kingdom. The hackers, reportedly under the employ of the Russian government, scanned targets for network vulnerabilities in an effort to infect them with network tracking and file exfiltration malware. This is not the first time research into the novel coronavirus has been a target and it is unlikely to be the last.

On some level, this news is unsurprising, as healthcare has always been an attractive target for cybercriminals.

Patient data is a valuable commodity on the black market, often containing everything one would need to know in order to commit various types of fraud. Access to critical systems can be a literal case of life and death, and these systems are often so interconnected that an attack may spread like wildfire. Finally, many healthcare agencies lack the time and resources to prioritize cybersecurity to the degree that they should.

Yet this is also a unique situation. We are currently in the midst of a global pandemic, a period of heightened sensitivity and unprecedented digitization. People in all industries are exhausted and anxious, a combination which makes them particularly susceptible to mistakes.

Moreover, vaccine research is a priority for governments across the world. Each seeks to lessen the virus’s impact on their citizenry and economy, with many employing state-sponsored actors to give themselves a leg up. Rank-and-file criminals, meanwhile, are also perfectly willing to exploit the situation for their own gain.

At all levels, phishing campaigns remain the number one attack vector. There’s no need to waste effort trying to break through an organization’s defenses if one can simply trick an employee into granting access. Agencies researching the COVID-19 vaccine are particularly susceptible to targeted phishing attacks due to the collaborative nature of their work.

Continue Reading

Why Is Cybersecurity In Healthcare Still Struggling?

Cyber Security: Fire protection of the 21st century | cfpa ...

It’s mostly not news to anyone anymore (at least to those within cybersecurity and healthcare circles) that healthcare is heavily vulnerable to cyberattacks. In 2018, the healthcare industry received about twice the number of attacks as other industries.

But what’s worrisome is that this hasn’t really changed. Things don’t look much better in 2020, where cyberattacks and human error have led to millions of exposed records. And that’s only the breaches that have been reported so far.

So why, even with ample proof of the cybersecurity challenges and threats to healthcare,nothing has changed? Why aren’t hospitals, providers, and vendors taking the necessary steps to ensure better security practices and thus better patient confidentiality? Let’s dive into the healthcare industry’s cybersecurity problems and look at some of the solutions to them.

Critical underfunding

Those in healthcare are very familiar with budgetary limitations. Underfunding has long been an issue for hospitals and clinics in general, but even more so when it comes to the IT department. In the past, very little of the budget has gone to cybersecurity efforts in all but the big hospitals in metropolitan areas.

There is a silver lining, however. According to the HIMSS Cybersecurity Survey, change – while slow – is happening. Healthcare organizations are starting to allocate more of their budget to cybersecurity – although there’s no significant data on how much that may be.

Continue Reading

Unprecedented Times, Unprecedented Threats: What Healthcare Organizations Can Do to Stay Secure

By Justin Fier, director of cyber intelligence and analytics, Darktrace

Justin Fier

As the healthcare sector struggles against the COVID-19 crisis, working tirelessly to protect staff and patients while struggling with worsening economic realities, cybercriminals around the world are seeing a golden opportunity to attack.

Overwhelming demand, exhausted staff, IT teams pulled in multiple directions, and a critical reliance on technology to treat patients mean that adversaries have never had more opportunity or incentive to attack healthcare organizations.

By locking healthcare providers out of critical systems at this critical time, attackers can force them to pay a ransom to recover access or face adding to the already grim death toll.

The unprecedented amount of global warnings, including the recent INTERPOL alert and an announcement from the FBI and the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), highlight that cybersecurity for the healthcare sector is not just about protecting data, but about saving lives.

Recently, an advisory was jointly issued by CISA and the UK’s National Cyber Security Centre (NCSC). This joint alert stemmed from the increase in state-sponsored attacks against organizations connected to COVID-19 research and response. These include pharmaceutical companies, hospitals, government agencies, research institutes, and more.

Continue Reading

Why Employee Password Practices Might Be Your Security Missing Link

By Michael Greene, CEO, Enzoic.

Michael Greene

With the healthcare sector a top target of hackers, cybersecurity and privacy are of paramount concern—so much so that HIMSS20 has dedicated an entire track to the topic. According to its description, “Every organization must respect and maintain the privacy and security of patient information, no matter how small or large and no matter where they are located.”

While cybersecurity is clearly a primary area of focus, the frequency of attacks on healthcare institutions is on the rise—the HIPAA Journal found that the equivalent of 50% of the U.S. population has been affected by data breaches over the past decade. While there are several reasons healthcare institutions continue to fall prey to attacks, one of the most common ones may surprise you: employee password reuse and password sharing.

Risk Rises with Password Reuse

Most healthcare workers know better than to reuse passwords across multiple sites and applications.  Still, this security best practice is often overlooked in the name of convenience and the urgency associated with providing high-quality care. However, password reuse puts the entire organization at risk when an unrelated third party is breached, as cybercriminals can easily obtain breached or leaked credentials via the Dark Web and use them against other online accounts or systems.

With breaches occurring on a daily basis, hackers can select from an unlimited supply of newly compromised passwords. If even just a handful of your employees reuse passwords across applications and accounts, it won’t be long before hackers leverage this password faux-pas for their own advantage. And if your organization is anything like the average company, it’s likely that password reuse is also pervasive. According to Google, at least 65% of people use the same password for multiple, if not all, sites and systems.

Password Sharing Increases Vulnerabilities

When every second counts in administering critical care, the last thing hospital staff have time for is issues with login. For this reason, many healthcare workers will share credentials, with 74% of respondents in one study admitting they had obtained a colleague’s password. The researchers state, “Apart from…large-scale mistakes and malicious acts… one of the most common breaches of PHI is the use of another’s credentials to access patient information, i.e., the use of the EMR password of one medical staff member by another.”

It’s easy to understand why healthcare workers would default to this practice, but it’s equally easy to visualize how password sharing substantially increases security vulnerabilities.

With threats inherent in everything from:

It’s evident that hospitals cannot afford the risks associated with password sharing.

Continue Reading

Keep Your Eye On 4 Trends Revealed At HIMSS19

By Sheri Stoltenberg, CEO, Stoltenberg Consulting.

Sheri Stolenberg

The 2019 HIMSS Annual Conference may be over, but that doesn’t mean an end to the pressing challenges and trends discussed at Orlando’s Orange County Convention Center. More than 42,500 people attended the conference — the majority of whom were C-suite executives and HIT professionals taking full advantage of the healthcare IT industry’s largest opportunity for networking, product promotions, continuing education and major announcements.

As always, there were a few subjects during HIMSS19 that generated significant buzz. Here are four of those trends that will remain key topics throughout the next year:

Healthcare data exchange

The release of two long-anticipated proposed rules on information blocking came just as HIMSS19 convened. The Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) unveiled proposals that would require healthcare providers and plans to implement open data sharing technologies to support transitions of care. The first focuses on standardized application programming interfaces (APIs) and carries forward provisions from the 21st Century Cures Act.

Those associated with Medicaid, the Children’s Health Insurance Program (CHIP), Medicare Advantage and Qualified Health Plans in the federally-facilitated exchanges would have to provide patients with immediate electronic access to medical claims and other health information by 2020. Under a latter proposal, health information exchanges (HIEs), health IT developers and health information networks (HINs) can be penalized up to $1 million per information blocking violation, but providers are not subject to fines.

The goal of the proposals is to consider care across the entire continuum, giving patients greater control and understanding of their health journeys. This is interesting, given that HIMSS attendees who responded to Stoltenberg Consulting’s seventh annual HIT Industry Outlook Survey noted “lack of system interoperability” as one of their biggest operational burdens, and “leveraging meaningful patient data” as the IT team’s most significant hurdle this year. Thus, overcoming these challenges to meet the newly proposed mandates will likely dominate discussions during the remainder of 2019.

Continue Reading