Sachin Nayyar discusses how attackers are drawn to healthcare sector due to the value of the vast amounts of personal health information (PHI) these organisations manage
The monetary value of PHI can be enormous. As a result, attackers are employing increasingly sophisticated techniques to gain access to patient health records.
Healthcare organisations are aware of the extremely sensitive nature of patient data, and consequently the importance of protecting it.
The introduction of complex regulatory requirements, such as HIPAA and HITECH, and the significant penalties these regulatory authorities are issuing for negligent or malicious mishandling of patient data, is forcing healthcare organisation to reassess and secure their cybersecurity.
However, there remain numerous challenges that effect the capacity of organisations to protect sensitive patient data.
The challenge in healthcare: Innovation alongside outdated security
The healthcare industry is continuously evolving, demonstrated by the adoption of electronic health records to a growing reliance on increasingly sophisticated internet-connected medical devices. All of which makes securing healthcare infrastructure an ongoing challenge.
The security technologies currently used by many healthcare organisations are out of date and cannot cope with the rapidly growing innovations in medical technology along with the increasingly sophisticated cyber-attacks.
Many organisations currently run signature – and rule-based security information and event management (SIEM) tools, which are incapable of detecting complicated attacks. These programs often drown security teams in a flood of noise, producing a torrent of alerts, missed indicators and false positives. As a result, security teams spend their time investigating irrelevant alerts, and the real ones are buried by the noise. These outdated security technologies have a major impact on the effectiveness of healthcare security programs and leave organisations vulnerable to attack.
Bad actors: Sophisticated and persistent
Attackers have realised the monetary value of targeting healthcare organisations with patient records fetching a high price on the black market. In instances, stolen healthcare records have been worth ten times more than credit card numbers on the black market. As a result, attackers have begun using numerous nefarious techniques to infiltrate healthcare organisation and steal data.
• Ransomware Attacks
• Exploiting vulnerabilities in Internet of Things (IoT) technologies
• Leveraging malicious insiders, including bribing employees
• Targeting employees through social engineered social media or phishing attacks
The changing threat landscapes means that organisations need to reassess their security programs and educate staff about the threats.
Solving the problem: Security and privacy
The changing threat landscape alongside an increasing reliance on medical software, hardware and digital data within the healthcare industry has introduced new cyber security challenges. Solving these challenges and protecting the privacy of patient data can be made easier by implementing specific cybersecurity strategies. For example, replacing signature – and rule-based security information and event management (SIEM) tools with Next-Gen SIEM solutions.
Leveraging machine Learning and artificial intelligences techniques can help to stop organisations failing victim to the common techniques used by attackers. In addition, machine learning based systems can quickly detect and adapt to tackle sophisticated and previously unknown threats.
The problem of insider threats can be tackled through implementing a behavioural analytics program, which can maintain a list of users and access privileges. This ensures that users are not accessing health records they shouldn’t. Not only does this prevent unauthorised access but can also help to detect anomalies through providing an understanding of user behaviour at an individual and group level. Anomalies can be indicative of an inside threat, picking up on users that are abusing access privileges to perform activity outside their authorized domain.
It is crucial that organisations react quickly to remediate and mitigate when a cyberattack is detected. If left undetected a cyber incident can cause serious damage. To reduce the impact, healthcare organisations need to implement mitigation strategies and train staff in the correct procedure in case of an attack.
Protecting patient privacy
Patient privacy is a requirement to ensure compliance with HIPAA, HITRUST, GDPR and other regulations. However, detecting suspicious activity involves monitoring EMR applications, which contains patient data information. Therefore, when monitoring for threats healthcare organisations need to ensure they maintain the confidentiality of this data. A next-gen SIEM solution allows organisations to maintain the confidentiality of sensitive data by anonymising the data, implementing role-based access control and completing an audit trail.
Healthcare organisations are extremely vulnerable to cyber attacks as cybercriminals become more intent and persistent in gaining unauthorised access.
However, if organisations take the necessary steps to update and improve their cybersecurity posture, including using machine learning and artificial intelligence to detect anomalies, applying behavioural analytics to identify insider threat and teaching staff the correct procedure in the event of a cyber incident, then they can start fighting back against the attackers.
Chief Executive Officer
Editor's Recommended Articles
Must Read >> 10 reasons to become an ethical hacker