Every day, millions of people across the world seek some form of healthcare. In the vast majority of cases, there is documentation in the patient’s medical file to help the doctor or nurse treat the patient next time there is need for medical care. Massive quantities of this documentation are stored digitally, allowing care providers to communicate with patients and each other easily. This increases the efficiency of sharing data and getting accurate information and images to all the necessary medical personnel.
Unfortunately, if this data is not adequately protected, it can leave sensitive electronic Protected Health Information (ePHI) vulnerable to malicious actors.
Breach Risks
Healthcare facilities and adjacent organizations, such as pharmacies and insurance companies, are prime targets for breach attempts due to the type of information they store. A data breach, as outlined in HIPAA, is “an impermissible use or disclosure […] that compromises the security or privacy of the protected health information.”
Per a 2021 survey by the Healthcare Information and Management Systems Society (HIMSS), 67% of the respondents said their healthcare organizations had at least one “significant” security event within the year. In the same report, phishing and ransomware attacks were mentioned as the most common “significant” incidents. It was also noted that companies often do not have a good system in place to manage insider threats, so breaches from disgruntled employees or human error may be under-reported.
Phishing is a form of social engineering where a malicious actor posing as an individual from a legitimate organization sends an email requesting sensitive information such as passwords, pins, and personal credentials. These emails often contain corrupted hyperlinks and convey a sense of urgency to encourage immediate action. Phishing can also occur through SMS and other instant messaging services.
Ransomware is a form of malicious encryption software designed to prevent organizations from accessing their digital data and networks until they pay the attacker. It is not advised to pay the ransom, as this reinforces the success and appeal of ransomware attacks, encouraging their continued prevalence.
What Motivates Attacks?
Attacks like this can be purely for monetary gain. Medical information is valuable and marketable on the dark web.
However, not all cybersecurity incidents are motivated by greed. International tensions can encourage state-sanctioned attacks on organizations within sectors like the medical field purely to create chaos and destabilize adversaries.
Ideology and monetary considerations are not mutually exclusive, and both contribute to attacks on healthcare facilities.
The Attack
Cyber criminals will first attempt to locate weaknesses in the company’s defensive posture. These vulnerabilities vary widely, from unencrypted servers, to physical security gaps, to human error within the organization.
Once a vulnerability is identified, it can be exploited by the cybercriminal. Some vulnerabilities, such as a lack of cybersecurity training, can be exploited by creating phishing e-mails or gaining physical access to mobile phones or laptops connected to the healthcare organization’s network.
Certain vulnerabilities must be exploited fast; for instance, an employee might report a missing work tablet and trigger a remote wipe, destroying any marketable data on the machine. Others do not necessitate the same urgency on the part of the cybercriminal. If he or she has found a network or system vulnerability, access can be retained through a backdoor. The attacker may then be able to exploit the system over time without being noticed before locking the company out of their own servers and machines to demand a ransom.
This why it is important to back up data regularly and keep systems patched and up to date.
Even if a healthcare company pays the ransom to regain access to their data, there is no reason to assume that the malicious actors are not going to sell the information on the dark web. It is best to assume there has been a breach in the case of a ransomware attack, since many times this is the case.
Protecting Against Cyber Attacks
Seconds matter in a cyberattack. Every moment that a healthcare organization can save in responding to threats is a moment less for the attacker to cause harm. The best way to protect a healthcare organization is a strong, organization-wide security program. This should include a clear Mobile Device Management Policy.
Train employees in cybersecurity best practices such as zero-trust and how to identify phishing communication. Healthcare organizations’ IT Departments should also use a powerful endpoint protection service that will allow the organization to manage device encryption, lock devices remotely, and wipe all data from them in the event the devices are stolen or breached.
An ounce of prevention is worth a pound of cure. Taking the proper preventative steps to protect patient data is the difference between a tragic data breach and a flourishing healthcare organization.
About DriveStrike
DriveStrike is an endpoint protection, compliance, and mobile device management software that protects servers, computers, tablets, and cell phones. Manage your devices from an intuitive and streamlined online console. DriveStrike offers a HIPAA-compliant solution for encryption management, device tracking, and remote lock and wipe features to defend organizations of any size. Contact us if you have any questions and start your free 30 day trial today. Your security is our priority.