By Dirk Schrader, resident CISO (EMEA) and vice president of security research, Netwrix.
Ransomware is steadily increasing each and every year, with the healthcare and hospital industries suffering among the most. In 2021, we saw that “The healthcare sector is seeing the highest volumes of ransomware attempts, averaging 109 attempts per entity, every week.”
Why is this sector being targeted specifically? They hold extremely sensitive patient data and information. Hackers are working more diligently than ever to find data, threaten hospitals and providers, and even extort individuals themselves. With such a high amount of cybercrime, how can this sector protect itself and its patients? To start, by learning about security trends and working to implement them where they can.
Here are five security trends we’ll see more of in 2022:
Cybercriminals will be increasingly greedy.
In 2022 attackers will search for new ways to monetize the access to large data troves. This may lead to changes in the tactics, techniques and procedures of threat actors. They will begin to extort individuals rather than the infiltrated companies themselves. The healthcare industry is especially prone to this trend. The data generated and held by a healthcare sector is life-changing for many people and can easily be misused.
Consider this possible scenario: by extracting and aggregating personal data about hundreds of thousands of diabetic patients (34.2 million people alone are diabetic in the US), threat actors might try to ‘offer’ cheaper drugs to the individual patients, extracting money from a highly vulnerable group. If such a scheme can trick, let’s say, ten thousand victims to pay $500 for Insulin (instead of about $1,000 on average), the amount of money on the table is substantial.
Medical device IoT will create more security gaps.
More and more medical devices are being connected using vulnerable IP stacks or old webserver packages which cannot be easily patched as it would jeopardize the devices certification for medical use. In 2017, around 10 billion medical devices were connected to the internet, with an expected jump to 50 billion by 2027. While this connectivity has created so much opportunity for advances in the medical field, it has also created a new set of vulnerabilities.
Frequently, the task of configuring a medical device is considered done when it operates within the parameters of the medical process it is supposed to support or enable. Any additional security aspects are overlooked and often neglected. As long as these medical and IoT devices remain unmanaged, unmonitored and improperly updated, this exposure risk will continue to be exploited by threat actors throughout 2022 and beyond.
By Ilia Sotnikov, vice president of product management, Netwrix.
New warnings from the FBI report “an increased and imminent cybercrime threat” to U.S. hospitals and healthcare providers. Experts say the ransomware, called Ryuk, was seen by at least five U.S. hospitals in October. This isn’t unexpected.
In fact, recent research has found that every third healthcare organization experienced a ransomware attack during the past few months. This is the highest exposure across all industries surveyed, above education, finance and public sector. It has disrupted patient care at up to 510 facilities.
So with cyberattacks in healthcare at their peak, it’s time to take heed. Particularly since ransomware in the healthcare sector not only impacts money and reputation, but also human health and lives. And with the current pandemic, healthcare organizations are more vital and fragile than ever.
Today’s healthcare strongly depends on IT; without access to health data and IT systems, doctors cannot provide treatment to patients or make decisions. What is worse, if intensive care units and life-support devices, which are typically connected to the network, are blocked by ransomware, this puts lives of critically ill patients at risk. Such a damage is incomparable to losses in terms of reputation and money, but these still follow as well for healthcare organizations just as they do in other industries.
One of the common reasons why the healthcare industry is vulnerable to ransomware is the frequent use of legacy systems that can be easily exploited by hackers. Making hospitals even more vulnerable to cybercrime is that their IT departments are understaffed. This makes them prone to errors, particularly as they face additional pressure and the demand to support remote work due to pandemic.
In fact, 39% of healthcare organizations suffered from admin mistakes during the past few months. Such mistakes might include improper configurations changes or failure to install updates in a timely manner, which result in vulnerabilities.
The sad reality is that any hospital might fall a victim of ransomware. Therefore, it makes sense to get ready to the worst scenario, taking under consideration the shortage of resources that organizations in the health sector face. Here are five major areas to focus on:
Netwrix, a cybersecurity vendor that makes data security easy, released predictions about key trends that will impact organizations in 2021 and beyond. Most of them arise from the digital transformation and new workflows required by the rapid transition to remote work in 2020.
Ilia Sotnikov, cybersecurity expert and Netwrix vice president of product management, recommends that IT and security professionals refine their risk management and business continuity strategies with these seven predictions in mind.
Ransomware will do more damage to motivate payments
Next-gen ransomware will be designed to do damage that is more difficult to recover from in order to force organizations into paying the ransom. One example is “bricking” devices by modifying the BIOS or other firmware. Cybercriminals will also be expanding to new targets, such as operational technology and IoT devices, which may have a much more visible impact on the physical world.
Cloud misconfigurations will be one of the top causes of data breaches
A lack of clear understanding of the shared responsibility model due to the rapid transition to the cloud will backfire in 2021. The speed of transition coupled with prioritizing productivity over security has made misconfigurations inevitable, resulting in overexposed data.
Hackers will increasingly target service providers
The shortage of cybersecurity experts will lead more organizations to turn to managed service providers (MSPs). In response, hackers will conduct targeted attacks on MSPs in order to get access to not just one organization but all of the MSP’s customers.
The rapid digital transformation in 2020 will have a delayed impact on cybersecurity in 2021
In 2020, organizations were forced to quickly adapt to new ways of working and implement new technologies; and through their own admission via the upcoming Netwrix survey with little experience and nearly no time for planning and testing. In 2021, the security gaps caused by the inevitable mistakes during this rapid transition will be exploited, and we will see new data breach patterns like the recent Twitter hacks.
Netwrix released an infographic based on the findings of its global 2019 Netwrix Cloud Data Security Report for the healthcare industry. The infographic provides an industry perspective of the data that healthcare organizations store in the cloud, the state of their cloud data security and their plans for using cloud technology.
The 2019 Netwrix Cloud Data Security Report revealed that 32 percent of healthcare organizations store a wide range of sensitive data in the cloud, including healthcare data and personally identifiable information (PII) of customers and employees. In addition, the number of those who are ready to adopt Cloud-First approach has increased by 31 percent since 2018, and the number considering becoming 100 percent cloud-based has grown by 12 percent. Unfortunately, their IT teams might not have enough resources to properly protect this sensitive data in the cloud, as 85 percent of them did not see an increase in their cloud security budgets in 2019.
Other findings revealed by the research
and shown in the infographic include:
26 percent of healthcare organizations had at least one security incident in the cloud during the past 12 months. These organizations have two things in common: None of them classified all the data they stored in the cloud, and all of them store all their sensitive data in the cloud.
The majority of IT teams at healthcare organizations plan to strengthen data security in the cloud by encrypting data (70 percent) and monitoring activities around data (50 percent). However, one third of them do not receive any financial support from their management, which makes it more difficult for them to improve security in the cloud.
18 percent of healthcare organizations would consider moving their data from the cloud back on premises. Their main reasons include security concerns (56 percent), reliability and performance issues (22 percent), and high costs (22 percent) for the cloud. If they decide to make this move, they will start by migrating healthcare data (33 percent), customer data (33%) and employee data (11 percent).
“Prioritizing security efforts is the key to ensuring data security in the cloud, especially if budgets are tight, as is common at healthcare organizations. When organizations know exactly what data they have in the cloud and have classified it according to its value and level of sensitivity, they are in a better position to choose appropriate controls within their budgetary constraints and protect sensitive data more effectively,” said Steve Dickson, CEO of Netwrix.
“By 2022, more than 30 percent of the hospital data centers will be based in the cloud. Healthcare systems have been skeptical about adoption of cloud, but cost pressures and the need to reduce capital expenditure have been changing that mindset. After enduring several high-profile breaches and realizing the maturity of various cloud providers (both in expertise and scalability), healthcare systems are finally less skeptical than they used to be about the cloud.” — Gartner, “Forecast Overview: Healthcare Provider Market, Worldwide, 2018,” by Anurag Gupta, July 13, 2018.
By Ilia Sotnikov, vice president of product management, Netwrix.
On February 21, UConn Health reported that personally identifiable information (PII) from 326,000 patients was compromised. A malicious third party illegally gained access to several employee email accounts that contained patient names, dates of birth, Social Security numbers, addresses, and limited medical information, such as billing and appointment information.
What is most important about this data breach is that the hackers were not necessarily looking for patient medical records — they seem to have been looking for any personal information they could steal. That vividly illustrates the importance of having stringent policies to protect PII, supported by employee training on best security practices. Specifically, there are three lessons to learn from this event if you want to mitigate your risk of suffering a similar breach.
Lesson #1. Classify your sensitive data
The 2018 Netwrix IT Risks Report shows that healthcare organizations generally lack proper data governance practices and rarely check what data they store and how sensitive it is. The majority of respondents classify data based on its sensitivity (61 percent) and clear up unnecessary data (67 percent) only once a year or even less often.
It’s estimated that by 2020, each person will generate 1.7 MB of data every second. However, not all of that data needs special protection. Therefore, an effective strategy is to develop a data classification policy to discover all the data you have and classify it according to your organization’s needs. That way, you can prioritize your security efforts on the data that deserves it the most. At the same time, you can eliminate duplicate and unneeded files, which will reduce your attack surface area and lower your storage and backup costs.
Health IT’s most pressing issues may be so prevalent that they can’t be contained to a single post, as is obvious here, the second installment in the series detailing some of the biggest IT issues. There are differing opinions as to what the most important issues are, but there are many clear and overwhelming problems for the sector. Data, security, interoperability and compliance are some of the more obvious, according to the following experts, but those are not all, as you likely know and we’ll continue to see.
Here, we continue to offer the perspective of some of healthcare’s insiders who offer their opinions on health IT’s greatest problems and where we should be spending a good deal, if not most, of our focus. If you’d like to read the first installment in the series, go here: Health IT’s Most Pressing Issues. Also, feel free to let us know if you agree with the following, or add what you think are some of the sector’s biggest boondoggles.
Michael Fimin, CEO and co-founder, Netwrix
The largest concern of any healthcare organization is protecting patient personal data. Every year healthcare entities of all sizes become victims of data leaks, fresh examples are both Anthem and Premera Blue Cross, and lose thousands of dollars mainly because of employee misbehave or human error. Being not an easy one to prevent, human factor sets IT pros a number of challenges to cope with:
1. Insider threat. Unfortunately, privilege abuse is a primary root cause for many data breaches. No matter if an employee is breaking bad or his credentials were stolen, sensitive data is put at risk. The only way to prevent insider threats is to have visibility into the IT infrastructure and be able to track any changes made to both security configurations and data. Monitor user activity and establish rigorous control over accounts with extended privileges. Regularly review all access rights to ensure that permissions are granted adequately to employees’ business needs.
2. Security of devices. In 2014 healthcare organizations suffered from physical theft or loss of electronic devices more than any other industry, said the Verizon 2014 DBIR. Without proper identity and authentication management personal data stored on these devices can be easily accessed by adversaries, leading to financial and reputational losses. If your employees’ laptop or tablets end up in the wrong hands, encryption, two-factor authentication and ability to manage the device remotely will protect your data, or at least will make hacker’s job much harder.
3. Employees’ negligence. Deliberate or accidental mistakes pose more danger to data integrity than you might think. A simple email with confidential data sent to the wrong address may lead to a huge data leak. Make sure that your employees are familiar with the company’s security policy and are aware of what they should do to maintain security each person in the company should clearly understand that integrity of information assets is their personal responsibility.
Dr. Barry Chaiken, chief medical information officer, Infor Healthcare providers organizations invested billions of dollars purchasing and implementing electronic medical records with this investment driven by the economic incentives provided by the HITECH Act. Now that these systems are installed an up and running, organizations struggle to obtain real value from these investments. These systems were implemented with speed in mind rather than clinical transformation that improved quality and reduced costs. Now, organizations must embrace clinical transformation and change management to redo workflows and processes to effectively impact care. Organizations cannot justify their investment in EMRs unless they rework their EMR implementations to obtain true value from their deployment.”