Here are the most common cyber security threats that occur in the healthcare sector
Apply these security tips to learn how to better protect patients’ personal information
Cyber attacks are growing at alarming rates with no signs of slowing down. Actually, a new attack can unfold right now, as we write this article.
What’s worrying is that these types of threats target almost everything and everyone from large and small organizations, to home users, various industries and sectors.
The worst part is the impact and the damages caused. Recovering after a major cyber attack – whether it’s an organization, institution, or home user – it requires a mix of resources: time, money, qualified people, to get back on track.
The healthcare sector is no exception.
Last year, when the devastating WannaCry ransomware happened, healthcare was among the most affected sectors. The National Health Service (NHS) in England and Scotland was a prime target for cybercriminals with more than 40 NHS medical organizations and practices having their services disrupted.
Recently, the same institution unveiled details about a data breach in which confidential and sensitive data of 150,000 NHS patients have been disclosed. The incident was a result of a coding error by healthcare software supplier TPP.
According to a study from IBM Security, “healthcare organizations had the highest costs associated with data breaches – costing them $408 per lost or stolen record – nearly three times higher than the cross-industry average”.
The 2018 Thales Data Threat Report (Healthcare edition) stated that 77% of healthcare organizations have been breached, with some of the most valuable personal data about their patients and customers being exposed.
These numbers show only a part of the reality, but there’s more to discover. If these statistics and findings didn’t raise your blood pressure, let’s see find out:
Why cybercriminals target the healthcare system
Money isn’t the prime motivator for malicious actors to target patients’ records, and manipulate data in ways that will determine doctors and other medical professionals to provide wrong diagnostics for different diseases.
All the protected healthcare information is valuable and attractive for cybercriminals knowing that these sensitive data is a matter of “life and death” and they can create chaos in institutions.
In many cases, the IT infrastructure used in hospitals and other medical institutions is vulnerable, because most of the medical devices used by doctors and nurses don’t have the latest updates. Cybercriminals take advantage of software vulnerabilities, exploit them and hack hospitals, wreaking havoc.
The human nature is also vulnerable (and untrained) to spot such attacks, which lead to people getting easily lured into clicked on a malicious link or attachment send via email. Key findings from the 2018 Annual Healthcare Cybersecurity Report by Proofpoint pointed out that malicious actors “trick healthcare workers into opening an unsafe attachment, impersonate members of the executive team, instructing staff to wire money or send sensitive information.”
As we all know, in many countries, the healthcare system is viewed as critical and vital for the entire population along with electricity or transportation which makes it even more attractive to cybercriminals.
The growing number of healthcare IoT devices used by medical personnel to diagnose, monitor, and treat complicated disease cases represent another attractive target for malicious actors to exploit. After these devices are installed in a hospital, doctors and nurses don’t focus on the security and privacy aspects, but on its main purpose: to provide a better experience for patients and improve the medical workflow.
While cybersecurity, in general, isn’t a top priority for medical institutions, if all the products used are built to be “secure by default”, there will be less cyber threats to expose and compromise personal information.
Here are the main cybersecurity threats in healthcare
Any type of cyber threats can occur on a small or large scale for the healthcare sector, but what are the most frequent ones? And how can we prevent them from exposing our most valuable data?
Ransomware and advanced malware attacks
These popular cyber threats remain lucrative for malicious actors which will continue to use it during their campaigns. Malware is a serious issue for all industries, but “ransomware exploded between Q2 and Q4 of 2017, dwarfing all other types of cyber attacks against healthcare companies combined”, said the report from Proofpoint. Also, the WannaCry ransomware is one of the best examples.
According to Verizon’s 2018 Breach Investigations report, 92 percent of malware is still delivered by email. Of all the malware attacks out there, phishing emails will continue to be a persistent threat and “plague the healthcare sector”, say security experts.
There are a few reasons why this will not be going away. One is the evolving nature of the types of emails the hackers are sending, and another is not keeping the [warnings] to employees fresh,
added Susan Lucci, Senior privacy and security consultant.
Cybercriminals will not stop turning their attention to healthcare, but they will evolve their tactics with more sophisticated and targeted attacks to steal and compromise sensitive information.
How to protect yourself:
- Train your employees about security awareness and teach them how to easily spot phishing emails, so they are not tempted to click on suspicious links or attachments received on the email.
- Periodically check if your main email address shows up in Have I Been Pwned or Firefox Monitor to find out if your account is part of a data breach.
- Don’t forget to secure every login on your online accounts with the two-factor authentication system.
- We put together this actionable guide in which you will find the safety checklist to follow and prevent ransomware attacks.
- Carefully consider how much personal information you share on social media, and consider revise your privacy settings for each social account.
According to the 2018 Protected Information Data Breach Report by Verizon, healthcare is the only industry in which internal actors represent the biggest risk to an organization. Moreover, key findings show that 58% of all healthcare data breaches and security threats are caused by insiders, people who have access to healthcare resources and important data.
When these individuals perform current medical tasks in a way that negatively affect an organization or institution, a lot of damage is caused: bad image for the organization, loss of patients’ trust, possible lawsuits and others.
How to mitigate them:
- Educate and train your employees and other persons with access to critical medical resources about the top risks associated with certain behaviors, data protection of patients, or privacy. Focus on improving employees’ cyber resilience and learn them to adopt the mindset of working with security in mind.
- Teach employees and medical personnel to use browser add-ons and extensions and always keep them enabled on browsers.
- Rely on technology and implement solutions that allow decision-makers to detect healthcare data breaches quickly or even prevent them.
- When data breaches are detected, the authorized persons need to respond effectively by initiating an investigation to reduce or limit the impact.
These cyber threats have been one of the most popular attacks in 2018, almost surpassing ransomware, and they’re constantly evolving. The healthcare sector is also targeted by crypto jacking attacks, as malicious actors can target a vulnerable website and inject a script. Then, unprotected visitors on that website had their computers enslaved in order to mine cryptocurrency.
Mining software can be also installed on IoT medical devices and networks, and the rule is simple: the longer your computer runs, the more cybercriminals can use it to secretly mine cryptocurrencies.
How to stay safe:
- Use a reputable antivirus product, coupled with an anti-malware solution that periodically scans your online traffic and blocks infected websites you could access.
- Scan your system and see if you observe unusual activities at your computer, especially an increase at the CPU usage.
- On any browser, use an Adblocker that has can stop cryptocurrency-mining scripts. One example is uBlock but you can also use an Adblock extension for your browser.
- Remember to always keep your systems, networks, and software patched, especially your browser which is the direct target for some malicious actors.
IoT healthcare attacks
IoT continues to evolve and still be a hot topic. The adoption of the Internet-connected medical devices has proven to have great benefits for hospitals focused on improving infrastructure and keeping employees and patients’ data secure.
However, keep in mind that there’s no such thing as 100% secure software, so the medical personnel needs to practice precaution.
New research demonstrated that “hackers can <trick> or induce medical devices into sharing detailed information about the device’s inner workings.” Moreover, malicious actors can target specific devices to get error messages, gather information to customize a potential attack to be tailored to the target device.
Most of the IoT devices and software used in hospitals aren’t checked for updates and existing vulnerabilities are immediately exploited by cybercriminals. And from here we can unfold a scenario in which an upcoming cyber attack happens.
This is why more attention to the safety aspect is required, in order to protect patients’ personal information stored on these devices.
How to protect IoT medical devices:
- Make sure you check for updates and apply them immediately, to prevent exposing your IoT medical devices to cyber attacks;
- Remember to always use a secure Internet network and protect this network with a unique and strong password.
- Medical institutions need to demand from manufacturers that software products are “secure by default” or/and improve devices security.
- To reduce the impact of these attacks, manufacturers SHOULD take security seriously and work on providing transparency about devices security.
- Decision-makers need to be aware of the importance of protecting these devices after deployment and put all efforts into keeping patients’ personal data secure.
Healthcare supply chain attacks
The supply-chain attack involves exploiting vulnerabilities in a supply network used by specific organizations. It could be a medical institution, such as a private or public hospital which is targeted by this type of attack.
These attacks happen when cybercriminals intercept a delivery from a supplier and inject malicious code directly into the medical devices delivered, without anyone being aware of the risks. Basically, hackers look for backdoors in the systems of a trusted partner/business that provide software for medical devices.
The worst part is that these products (considered legitimate) from medical devices makers “arrive at the destination” after being injected with malware and can compromise patients personal information.
How to mitigate supply chain attacks
- To avoid such attacks and ensure the protection of medical records, medical institutions should require all third-parties to have certification (HIPAA) and meet the standards they need to meed and be compliant.
- Have clear terms and conditions of established business agreements with suppliers and make sure they are fully met.
- Limit employees access to specific data which is absolutely needed to perform their daily tasks.
- As the old saying goes, prevention is the best medicine, so it’s for the best to have a crisis management plan in place and use it accordingly.
- In case of a supply chain attack, ensure employees are trained to follow the company’s policy and procedure and lower the impact of data breaches.
These main cybersecurity threats will challenge healthcare organizations/institutions to find the best defense and protect patients and employees the most valuable data.
It’s worth reminding that the costs of these cyber threats in healthcare are too expensive to be ignored, so organizations need to allocate wisely budget for cybersecurity, educate employees with security in mind, and know the importance of securing health data.
During an interview for DefCamp 2018, Jelena Milosevic, Pediatric nurse and Independent researcher, emphasizes the importance of building a safe and secure environment in healthcare:
“Healthcare without (basic) security is like surgery without sterile instruments / The operation was (technically) a success, but the patient died from sepsis.”
Have you applied any of these security measures? Do you have others we should add? What about the security threats targeting healthcare? What else should we include in the list? Let us know, we’d love to know your thoughts!