Vulnerabilities / Threats

3/5/2018
06:30 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Insider Threat Seriously Undermining Healthcare Cybersecurity

Two separate reports suggest insiders - of the malicious and careless variety - pose more of a problem in healthcare than any other sector.

The healthcare industry's ability to defend against cyberthreats is being seriously undermined by its own workforce, according to two separate reports released this week.

In an analysis of 1,368 security incidents at healthcare organizations in 27 countries, Verizon found that nearly six out of 10 (58%) security incidents involve insiders. That figure, according to Verizon, makes healthcare the only sector where internal actors pose the biggest threat to an organization's cybersecurity posture than external actors.

The primary driver in many cases is financial gain, with insiders often stealing data to commit tax fraud, to open lines of credit, and to commit other fraud. Fun and curiosity are other factors as well: 31% of the security incidents involved insiders looking up personal records of celebrities and family members, Verizon found.

In an Accenture report based on a survey of 912 healthcare employees in the US and Canada, some 18% of the respondents — or nearly 1 in 5 — professed their willingness to sell confidential data to unauthorized thirds parties for as little as between $500 and $1,000. Among the malicious activity they were willing to peform: sell login credentials, download data to portable drives, and install tracking software on business systems.

Twenty-four percent actually know someone in their organization who had sold their access credentials to an unauthorized third-party. The willingness to sell confidential data was more pronounced among respondents from provider organizations (21%), compared to those in payer organizations (12%), Accenture found.

"Healthcare is a veritable treasure trove of valuable information," says John Schoew, lead of Accenture's health & public service security practice in North America. The adoption of electronic medical records (EMRs), wearables, and other healthcare technologies has created a wealth of data, making healthcare organizations an attractive target for data thieves, he says.

"Employees are often a weak link in an organization's cyber defenses - across many industries," Schoew says. But as with most other industries, the bad actors in the healthcare sector are the exception and not the rule. Often, breaches result from employee error caused by a failure to comply with or understand policies.

"When it comes to healthcare cybersecurity, however, the stakes are higher," Schoew cautions. A healthcare data breach could have a significant impact on patient care, cause reputation damage, and hurt enormously from a financial standpoint. Accenture's research has shown that cyber breaches cost individual healthcare providers on average of more than $12 million, and individual victims, an average of $2,500, he says.

There are multiple short-term improvements organizations can make to address some of security threats posed by insiders, says Suzanne Widup, senior analyst with Verizon Security Research. They include measures like implementing full disk encryption; conducting a comprehensive review and ongoing audits of access rights to sensitive PHI and other data; establishing a proactive policy of building security into technology updates; and developing and testing incident response plans ahead of an issue. 

"The healthcare sector houses unique and sensitive protected health information," Widup says. The most important takeaway for organizations and IT leaders is to prioritize the security of that data. "Healthcare organizations should develop longer-term strategic actions to keep this information private for future stability and success in the digital world," she says. 

Employees need to be made aware through training and awareness campaigns that improper access to patient data could lead to corrective actions being taken against them, according to Verizon's report.

More Sick Data

The Verizon and Accenture reports are among several new reports that paint an especially bleak picture of healthcare cybersecurity against the backdrop of the Healthcare Information and Management Systems Society's (HIMSS) conference in Las Vegas this week. US organizations in particular appear to be struggling more with security issues than counterparts in other regions of the world.

One of the reports, from Thales, for instance, found that healthcare organizations in the US experience substantially more breaches than organizations in other regions of the world. 

Thales surveyed 100 senior healthcare IT managers in the US and 135 professionals from nine other countries and found 48% of the US respondents reporting a breach in the last 12 months, compared to an average of 36% elsewhere.

More than three-quarters (77%) of US healthcare entities say they have experienced at least one data breach in the past, and nearly six in 10 (56%) confess to feeling either "very vulnerable" or "extremely vulnerable" to potential data security incidents. In comparison, just 34% of the respondents from other countries felt the same way, the Thales study shows.

On a positive note, Thales found that more US healthcare organizations plan to increase spending on cybersecurity than organizations in any other sector. Eighty-four percent of healthcare entities in the US indicate they will spend more on security, with 46% saying their spending would be "much higher" than present.

"Data breaches have become the new reality for healthcare organizations," says Peter Galvin, chief strategy officer at Thales. Healthcare records, which can include full names, social security numbers, birth dates, banking information, and credit card data, are the most valuable pieces of information on the Dark Web, he says.

"Given the value of the information, the breaches are coming from cyber gangs, insiders, and even nation states mostly for monetary advantage," Galvin notes.

Unfortunately, too many healthcare organizations continue to use compliance with regulations such as HIPAA as their sole benchmark for security and are therefore spending on the wrong controls. "While organizations have found that encryption, tokenization, and data masking are the most effective techniques for preventing data breaches, they are spending the majority of their budgets on 10-year-old perimeter security solutions," Gavin says.

Encouragingly, while the number of attacks has kept increasing, there is some data to suggest that healthcare organizations are getting somewhat better at mitigating the fallout.

Security vendor BitGlass analyzed breach data from the US Department of Health and Human Services and found that organizations are losing less data records in breaches than previously.

In 2017, the number of records compromised per breach on average, was 16,060 — a 72% decline from 2015 and a 95% decline from 2016 when mega breaches like those at Anthem and Premera were excluded. BitGlass also found that between 2014 and 2017, healthcare organizations reduced the number of breach incidents resulting from lost and stolen devices by 63%.

"More and more, healthcare organizations are turning to proactive security solutions rather than reactive security solutions in order to address breaches," notes Mike Schuricht, vice president of product management at Bitglass. "In other words, instead of focusing on cleanup after the fact, they are deploying tools that actively alert and enable IT to take action on high-risk activities."

Related Content:

 

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
nida anjum
50%
50%
nida anjum,
User Rank: Apprentice
2/27/2019 | 12:42:33 PM
health threats
your blog is just great but some information is missing i have some more important information about health threats here..
https://nidaanjum.blogspot.com/
Julian Assange Arrested in London
Dark Reading Staff 4/11/2019
8 'SOC-as-a-Service' Offerings
Steve Zurier, Freelance Writer,  4/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1840
PUBLISHED: 2019-04-18
A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when...
CVE-2019-1841
PUBLISHED: 2019-04-18
A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vuln...
CVE-2019-1826
PUBLISHED: 2019-04-18
A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi fra...
CVE-2019-1829
PUBLISHED: 2019-04-18
A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due...
CVE-2019-1830
PUBLISHED: 2019-04-18
A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administr...