Lepide Blog: A Guide to IT Security, Compliance and IT Operations

The 5 Biggest Cybersecurity Threats for the Healthcare Industry

Five Biggest Cybersecurity Threats for the Healthcare Industry

The healthcare industry continues to grapple with a myriad of security threats, ranging from insider threats to malware and DDoS attacks. Unlike other industries, healthcare is faced with a unique set of challenges.

Budgetary constraints and a general lack of executive leadership have made it very difficult for service providers to stay ahead of the curve, yet a failure to do so could cost lives. Not only that, but protected health information (PHI) is very valuable, hence why cyber-criminals are so keen to get their hands on it.

Believe it or not, PHI is even more valuable than credit card information (PCI), and other forms of personally identifiable information (PII). To illustrate my point, you can sell PCI and PII on the black market for $1-$2 per record. PHI, on the other hand, can fetch as much as $363 per record, according to research carried out by Infosec.

You may be wandering why this is, as the reasons might not be immediately obvious. Firstly, unlike credit card information and Social Security numbers, health information can’t be cancelled or changed. Cyber-criminals can use health information for a long time and for a variety of fraudulent purposes, such as fake insurance claims, or to gain access to drugs and medical equipment, which they can sell on the black market.

Now that you know why, let’s take a look at how. Below are the 5 biggest cybersecurity threats that healthcare providers need to watch out for to ensure that they are able to keep their valuable health information out of the wrong hands.

1. Ransomware in Healthcare

Ransomware attacks typically arrive in the form of an email attachment. However, they can also be initiated by a user clicking on a malicious link, or by viewing an advertisement containing malware (malvertising).

Once the attack has been initiated, it will encrypt the victim’s files, and then present them with a message asking them to make a Bitcoin payment in exchange for the decryption key. Of course, until either the ransom has been paid, or the system has been wiped and restored, all relevant critical systems and data will be inaccessible.

Most people will remember the WannaCry ransomware attack in May 2017, which disrupted 80 NHS hospitals in Britain, thus preventing clinicians from accessing medical records.

While there haven’t been any attacks as notable as this one in recent times, it’s only a matter of time until another attack unfolds, perhaps of an even greater magnitude.

2. Data Breaches in Healthcare

Healthcare data breaches are a common occurrence, yet few make the headlines, at least not in the way that WannaCry did. According to the following post, healthcare is the most targeted sector. However, it’s worth noting that the reporting requirements of the Health Insurance Portability and Accountability Act (HIPPA) are both well-defined and very stringent, which will attract attention and may lead to exaggerated figures. Data breaches can be caused by many different things, such as malware designed to steal credentials, lost or stolen devices, or by employees who accidentally or purposely disclose patient data.

3. Insider Threats in Healthcare

Insider threats are a blind spot for many organizations. Since employees have legitimate access to network resources, they have the ability to circumnavigate traditional cybersecurity defenses.

They may also a have deeper understanding of the network and any vulnerabilities that exist. Given the valuable nature of health information, a rogue employee may decide to sell the information themselves, or perhaps they will sell access codes to hackers instead.

However, it should be noted that insider threats are not always malicious. Actually, security incidents caused by negligent employees, such as clicking on a malicious link, or losing a device which has access to PHI, are likely to be more common.

4. DDoS Attacks in Healthcare

Back in march this year, a Parisian Hospital, who were “extremely busy taking care of a large number of corona patients”, was hit by a DDoS attack, according to the following post.

A Distributed denial of service (DDoS) attack is designed to flood a network with traffic, thus making it inoperable. As you can imagine, DDoS attacks can be very disruptive, as clinicians will be unable to access critical network resources, such patient records, emails, and so on.

Unlike other attack vectors, which are often motivated by financial gain, DDoS attacks are mainly carried out for the sake of causing disruption, perhaps due to personal, political, or ideological reasons.

5. Business Email Compromise (BEC) in Healthcare

Business Email Compromise (BEC) is a technique used to trick employees into transferring money to a fraudulent bank account. These attacks are highly targeted, and the fraudster may spend a considerable amount of time researching an organization and its employees before initiating the attack.

Naturally, the fraudsters will try to target employees who are able to initiate financial transactions, such as those who work in the accounts department. They will often pretend to be the CEO, CFO or some other known executive. BEC attacks are surprisingly effective.

According to the following article by ZDNet, the FBI have claimed that BEC scams were “the most damaging and effective type of cyber-crime last year” (2019).

How Can Healthcare Providers Defend Against Cybersecurity Threats?

Healthcare providers must do everything they can to prevent any disruption to their service to ensure that they can provide proper patient care to those who need it. First and foremost, they must try to establish a culture of security, which requires frequent training and refreshers.

All employees must understand their responsibility when it comes to protecting the network and the patient information they are entrusted with. Service providers must ensure that they have a strong password policy in place and use multi-factor authentication (MFA) where possible. They must adhere to the “principle of least privilege“, to ensure that employees are only granted access to the data they need to carry out their role.

They must also ensure that they have implemented an adequate suite of technologies to help them detect and respond to anomalous activity. Such technologies include anti-virus software, firewalls and other intrusion prevention solutions, and technologies that provide Data Loss Prevention (DLP) and real-time User Behavior Analytics (UBA), to ensure that they know exactly who has access to what patient data, and when.

If you would like to see how the Lepide Data Security Platform is helping healthcare companies all over the world meet HIPAA compliance and detect and react to threats, schedule a demo with one of our engineers.