The healthcare industry was reported as the second most targeted industry for cyberattacks. After the enterprise sector, healthcare sees the most threats designed to specifically target their data.
Why? The answer combines target-rich opportunities, due to the large number of Internet-connected devices in use, and a significant number of endpoints that remain insufficiently secure. This combination provides fertile ground for malicious actors to exploit vulnerabilities to profit from ransomware attacks or by selling patient health information (PHI) obtained through a data breach.
According to a research report on Cyber Trends in Healthcare, there were 521 major IT/hacking data breaches in 2021, an increase of over 25% since 2020.
Still not convinced that cybersecurity is an integral part of the healthcare landscape?
43,096,956. This is the number of patient records impacted by cyber threats against US healthcare organizations in 2021 alone.
As a regulated industry, HIPAA ensures that the confidentiality and integrity of patient data is maintained and sufficiently preserves patient privacy. Serious consequences, not limited to penalties involving fines and/or criminal liability, await any organization that violates these regulations.
Despite dire numbers and a high-risk ranking, several resources are available to help healthcare organizations:
- secure their terminals
- back up patient data
- mitigate risks from threats targeting their systems
Additionally, guidance from government agencies, such as the Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA), helps organizations meet these security needs.
Before we dive into endpoint protection, we first need some information:
- What needs protection?
- What does he need to be protected from?
While a complete risk assessment guide is beyond the scope of this article, the above two questions will provide the essential information regarding the types of devices they own as well as a tally of how many devices they use. They also provide insight into the types of threats that exist with respect to each of the device types within an organization.
For example, an on-premises web server hosting a web application that allows healthcare providers to access patient admission data will typically be at risk from SQL injection attacks, insider threats, and unpatched vulnerabilities. , to name a few common forms of risk. Compared to a laptop used by a doctor making house calls, the risk assessments in this case would yield different results, such as unencrypted data on the storage drive, weak passwords, misconfigured settings, and unpatched vulnerabilities.
Some risks will overlap with other endpoints, while others may be unique to a specific device type. This is why it is essential to carry out a thorough risk assessment and identify each type of device and each use case. With a better understanding of the threats most likely to affect endpoints, organizations are able to build a threat protection plan. before they are exposed to an attack or data breach.
Common threats affecting health care
Once the risk assessment has been completed, IT and security teams can begin developing a cybersecurity plan to mitigate the risk posed to identified endpoints.
Again, some mitigation strategies may seem universal or applicable to all endpoints, while others will be specific to a particular device type. Unfortunately, there are no real silver bullets or blueprints that can address all concerns with just one type of solution. Organizational needs are unique, as is their risk appetite.
That said, here are the 10 most common security threats affecting healthcare organizations:
- Malicious software (ransomware)
- Internal threats
- Phishing campaigns
- Bad device configurations
- Denial of Service (DoS)/Distributed DoS (DDoS)
- Internet of Things (IoT)
- Data leaks
- Insufficient employee training
- Unsecured network connections
- Compliance monitoring
Combined with your organization’s own risk assessment, this list should serve as the basis for developing your mitigation plan.
Cyber Threat Mitigation
Armed with risk assessment data and aware of the threats that affect your unique work environment, the next step in developing your cybersecurity plan is to implement controls to: strengthen security, protect patient data and maintain privacy while building an iterative protection process that incorporates regular training and real-life learnings. Along with these benefits, constant endpoint health monitoring leverages the defense-in-depth paradigm to mitigate existing risks while helping to protect against future threats.
The word “iterative” is essential here, as it relates to the miracle statement made earlier. There is no single solution for comprehensive security or holistic support for all types of operating systems on your endpoints. An iterative approach requires continuous effort, building on what came before and strengthening your device’s security posture. Organizations must reject a “set and forget” mentality, which only causes concern if a threat is detected.
Security, like advances in healthcare, never stands still. Both are dynamic and evolving. Your IT and security practices must also continually evolve to protect against attacks without sacrificing productivity or privacy.
Threat mitigation measures based on best practices and recommended by the FBI, CISA and the United States Department of the Treasury with consideration for the security of the healthcare organization are as follows:
- Maintain offline backups of critical/sensitive data and perform regular backup and restore functionality tests to verify processes are working properly and data is recoverable.
- Follow the principle of least privilege and assign access permissions to users based only on the minimum rights necessary to perform their role or task, nothing more.
- Implement network threat defense solutions, such as content filtering, which blocks phishing domains and other malicious URLs, preventing users from accessing risky content.
- Harden device configurations based on established security frameworks, such as those from the National Institute of Standards and Technology (NIST) or the Center for Internet Security (CIS) that provide guidance and references for securely configuring or locking down devices .
- Partner with upstream network providers and organizations that provide response assistance to mitigate network-based attacks, such as DoS/DDoS attacks.
- Deploy public key infrastructure (PKI) and digital certificates to authenticate connections accessing data on the network, such as IoT-based medical devices.
- Use technologies to encrypt data at rest on storage devices that work with critical, sensitive, and/or PHI data to ensure it cannot be read by unauthorized parties, even if the data itself is lost or stolen.
- Invest in educating stakeholders on an ongoing basis, regarding security issues and concerns, including new threat developments based on the assessment of threat intelligence and trends.
- Institute network management principles to segment network traffic into smaller, more manageable networks based on access needs, similar to least privilege. Additionally, deploy secure remote access technology, such as Zero Trust Network Access (ZTNA), that ensures data is secure in transit, regardless of the network or connection being used.
- Implement endpoint monitoring with real-time alerts and granular reporting capability to determine device status at any time while receiving alerts about any changes, allowing IT and security teams to troubleshoot issues and maintain device compliance.
Don’t wait until a data breach has occurred. There’s never a bad time to develop or strengthen security procedures and cybersecurity practices to meet the needs of your healthcare facility or protect your patient’s healthcare data. The only mistake is to wait.
Photo: traffic_analyzer, Getty Images