Healthcare organizations remain a popular target for cyberattacks in part because protected health information (PHI) is more valuable than most other types of data. A study from Experian found that medical records sold for up to $1,000 each on the dark web, whereas credit card numbers sold for just $100.
While trying to offer better and more efficient care, healthcare organizations are exposed to greater vulnerability. The growing use of telehealth, connected devices, data sharing and third-party partnerships all increase the number of access points for threat actors. Unfortunately, the expanded use of technology has not corresponded sufficiently to increased investment in cybersecurity. For example, research by Gartner found that healthcare providers only devote about 5% of the IT budget to cybersecurity, even though more than four in five hospitals had experienced a significant cyber incident in the past year.
Inadequate spending on security also increases the likelihood that human error could expose PHI to a breach, as misconfigured databases and cloud architecture can lead to poorly secured medical records. Healthcare organizations, particularly those in public systems, are also more likely to be underfunded, understaffed and undertrained for cybersecurity. Legacy systems running on outdated technology are much more susceptible to cyber threats, particularly if an organization relies on unpatched software that has known vulnerabilities. Unfortunately, deploying technology solutions without robust cybersecurity practices only invites new maladies.
Common Cyber Threat Vectors
According to the U.S. Department of Health and Human Services, their Office for Civil Rights was investigating 306 healthcare provider breaches that were reported between January and October 1, 2020. More than two-thirds of breaches were related to hacking or IT incidents, exposing organizations to significant HIPAA violations. Hackers often use social engineering tactics to get compromised credentials by manipulating a company’s employees to gain unauthorized access to sensitive data and systems.
Healthcare providers are also a common target of ransomware attacks, which use malware to control key systems and databases and then demand payment to restore access. More than two dozen healthcare providers were impacted by ransomware just during the first five months of 2020, and the American Hospital Association noted that ransomware tactics have specifically adapted to exploit vulnerabilities during COVID-19. According to a RiskIQ report, attackers deliberately target smaller organizations that are less likely to have strong cybersecurity practices. One small hospital in Colorado was struck by ransomware and subsequently found that five years of patient records were no longer accessible. Some hospitals affected by ransomware have even resorted to using paper records for tracking and treating patients, increasing the possibility of an error or delay that could directly impact patient safety.
Vishing is another type of cyberattack that has become more common during the COVID-19 pandemic. While phishing email scams have become common, and many organizations train employees to guard against them, vishing uses similar deception via phone calls that impersonate a trusted entity. The threat actor may try to get targets to disclose their login credentials or other sensitive information. The FBI and DHS issued a joint warning in August that remote workers in healthcare have been a top target of vishing scams during the coronavirus pandemic, seeking to exploit security gaps during the industry’s rapid shift to telehealth.
Spoofed login pages are another popular hacking tactic. According to a study by the email security platform IRONSCALES, more than 50,000 login pages and 200 brands were spoofed during the first half of 2020.
Healthcare organizations handle scores of sensitive data and rely on operational systems for care, but they may also have limited budgets for cybersecurity while facing an array of threats. That’s why it’s vital to focus resources on managed detection and response and increasing cyber resilience, which helps protect internal systems and secure the storage and transmission of high-value data.
Cybersecurity for All Industries
Digital tools and increased connectivity offer many benefits, especially as businesses mitigate the impacts of a global pandemic, but security should be top of mind as technology adoption accelerates. This is especially important for the healthcare industry, because the highly sensitive data that they collect, store and process is a high-value target for determined threat actors.
Continuous threat monitoring and coordinated management of security tools help to guard against vulnerabilities, but there are always new risks emerging, and this has been especially true during the COVID-19 pandemic. Many organizations have also tightened budgets during the economic downturn, although it’s foolish to skimp on cybersecurity. That’s why prioritizing specific areas for security resources is so crucial.
As healthcare confronts cyber threats that are increasing in both number and sophistication, it’s critical to prioritize spending on managed detection and rapid response, as well as overall cyber resilience. These are the cybersecurity must-haves in 2020. When supported by routine assessment of the technical infrastructure, alongside firm-wide security training for all employees, even businesses in the most frequently targeted industries can protect against the persistent barrage of cyber threats.
Top Priorities for Cybersecurity
1. Use managed detection and response services: Ensure you have security measures in place to continuously monitor, detect and respond to threats to the email system, network, software applications and all information system endpoints. Use advanced security information event management (SIEM) software, data visualization tools, artificial intelligence tools and security automation as needed to achieve 24/7/365 monitoring and instantaneous response.
2. Confirm information system resilience on a continual basis: Establish and periodically test the comprehensive incident response plan, business continuity plan and disaster recovery plan to minimize the potential damage from cyberattacks and protect operations.
3. Conduct diagnostic assessments of technical architecture: Regularly conduct penetration testing, network and endpoint assessments, vulnerability scanning assessments, email cyberattack assessments and more.