Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/26/2018
10:30 AM
Allan Alford
Allan Alford
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Why Hackers Love Healthcare

The migration of valuable data to the cloud is piquing the interest of cybercrimimals. But there are ways to fight back.

Much like the rest of the world, healthcare organizations are shifting work to cloud services in order to improve accessibility and patient care. However, the migration of these workloads and moving valuable information such as PHI (personal health information) and PII (personally identifiable information) to the cloud has also led to cybercriminals taking a particular interest in the industry.

The number of ransomware  and other malware attacks is rising incredibly fast in the healthcare industry, putting human lives as well as critical data at risk. From 2011 through 2014, the sector — including hospitals, labs, pharmacies, drug companies and outpatient clinics — experienced the highest number of data breaches of all industries. What makes these organizations such a popular target?

1. Highly Valuable Data
One of the key aspects making healthcare organizations a top target is the value of their data. Commonly, a single stolen credit card number yields an average $2,000 profit and quickly becomes worthless. Healthcare data, however, such as PHI or PII, is extremely valuable on the black market.

A single PHI file, for example, can yield a profit of up to $20,000. This is mainly because it can take weeks or months for a healthcare data breach to be discovered, enabling cybercriminals to extract much more valuable data. Moreover, because healthcare data can contain dates of birth and Social Security numbers, it is much more difficult or even impossible to change, so thieves can take advantage of it for a longer period of time.

2. Lack of IT Investment and Training
Another reason the healthcare industry is popular among cybercriminals is its systematic underinvestment in IT security. Most healthcare organizations spend just 3% of their IT budgets on security, while the SANS Institute — the largest provider of cybersecurity training and certifications — recommends spending at least 10%.

For most healthcare organizations, security is often an afterthought. They don't provide regular cybersecurity training for their employees, which could help reduce insider threats. For example, 18% of healthcare employees say they're willing to sell their login credentials for between $500 and $1,000. And about one-quarter of healthcare employees know someone in their organization who has engaged in this practice.

To address employee-related cyber vulnerabilities, it's important to note that while training is essential, it won't magically protect patients’ digital data. Although some hospitals struggle to deploy the most basic IT security measures, such as intrusion detection and the ability to wipe lost or stolen devices, it is imperative that basic cyber hygiene practices are coupled with ongoing training to both protect well-intended employees and mitigate future data loss from those seeking to profit.

3. Highly Connected Systems
Having shifted workloads to the cloud, healthcare organizations have highly connected systems that run the risk of being deeply affected even if the attack takes place on smaller, partial systems. In other words, a cyberattack in one place could bring down the entire system. In May 2017, the WannaCry ransomware attack forced multiple hospitals across the United Kingdom to turn away ambulances transporting patients and cancel surgeries that were within minutes of starting. Even basic processes like admitting patients and printing wrist bands were compromised.

The impact of WannaCry illustrates how important it is for healthcare organizations to be able to function and provide patient care during a cyberattack. After all, lives are at risk, meaning there's a general urgency to get back to business as soon as possible. For attackers, this urgency makes it extra tempting to target healthcare organizations, because they assume it will make them more likely to pay the ransom to reverse the infection.

Fighting Back
What can the healthcare industry do to mitigate cyber threats? To begin with, the industry must realize that cybersecurity is human-centric. Gaining insight into the normal rhythm of users' behavior, for example, or the flow of data in and out of the organization improves risk response. Additionally, the industry should be aware that cybersecurity isn't just the responsibility of the IT department: everyone should be aware of the risks, from management down to brand-new contract staff.

Healthcare security professionals need to understand the threats they face and the regulations they must comply with, and they must be provided with best practices for strengthening cybersecurity defenses. This means implementing comprehensive security awareness training that educates all personnel on current threats, red flags to look for in an email message or web link, how to avoid infection, and what to do in case of an active exploit. And since the threat landscape is constantly changing, training should be repeated and updated on a regular basis.

Additionally, implementing the right cybersecurity measures, such data loss prevention, user behavior analytics, and endpoint security technologies, will further protect an organization's infrastructure and patient data from ransomware attacks. By creating a system that guards the human point — where people interact with critical business data and intellectual property — and takes into account the intersection of users, data, and networks, the healthcare industry can improve its cyber threat protection.

Yes, reaching 100% security against cyberattacks won't happen. But with a few steps, healthcare organizations can make sure that it's too complex or unprofitable for threat actors to attack them, which will result in them moving on to another target.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry's most knowledgeable IT security experts. Check out the Interop ITX 2018 agenda here.

Allan Alford is Chief Information Security Officer (CISO) at Forcepoint. In this role he leads Forcepoint's corporate security and governance program, including the implementation of the company's internal user and data protection program for 2,700 employees worldwide. As ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/30/2018 | 11:24:05 PM
spend just 3% of their IT budgets on security
Working in healthcare I can validate how true this statement is. Every budgetary item plays second fiddle to patient related technologies (as it should). But because this ideology of security could affect patient care has been so heavily ingrained in this sector it makes it very difficult to push the security agenda even if you had the dollars to allocate.
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-0324
PUBLISHED: 2021-06-14
Product: AndroidVersions: Android SoCAndroid ID: A-175402462
CVE-2021-0467
PUBLISHED: 2021-06-14
In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andr...
CVE-2021-21554
PUBLISHED: 2021-06-14
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit t...
CVE-2021-21555
PUBLISHED: 2021-06-14
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, a...
CVE-2021-21556
PUBLISHED: 2021-06-14
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, ...