Target Acquired: How to Face Growing Cyber Attacks Aimed at the Healthcare Industry

The stats on healthcare security are sobering. The Identity Threat Resource Center (ITRC) reports 30% of all U.S. data breaches are aimed at healthcare targets. McAfee Labs pegs the number at 26%, making it the most impacted North American sector in the second quarter of 2017.

Another study — the Protenus Breach Barometer Mid Year Review — found that between January and June, more than 3.15 million patient records were breached during a total of 233 breach incidents. The worst part is that on average, it took 325.6 days to discover a breach, according to the review.

It’s a problem that doesn’t seem to be letting up, according to Protenus cofounder and president Robert Lord, who said, “Healthcare has invested tens of billions of dollars in deploying systems to leverage data to improve patient outcomes — and appropriately so. … But we still have massive problems with the abuse of that data and those systems.” According to the firm, the biggest problem is insiders, but cyber attacks on the sector continue to increase. Hackers are a huge issue, with 1,684,904 patient records impacted this year alone.

Some of the largest attacks this year have come from ransomware. These attacks — which hit a network, encrypting resources and files until someone pays up — have various entry points into the network. One recent report by Crowd Resource Partners found that of those hit by malware, infections had three sources. Nearly three-quarters (73%) of respondents said ransomware took hold after users opened malicious email attachments. More than half (54%) cited ransomware infection happened when users responded to phishing emails. About one-quarter (28%) were infected when users visited compromised websites.

While there was no disclosure about how much hackers were looking for, a number recently published by CSO puts the ransomware problem into perspective. “Ransomware cybercriminals took in about $1 billion [in 2016], based on money coming into ransomware-related Bitcoin wallets.”

With the use of electronic healthcare records at an all-time high, and the number of connected devices in hospitals on the rise, the risk can only get worse, according to ECRI Institute research. “These connected devices could serve as entry points into a hospital’s network, placing hospital operations, medical information, patient identity and patient financial information at risk,” writes Anthony J. Montagnolo, M.S., executive vice-president and chief operating officer at ECRI Institute. There are approximately 15 to 17 devices per bed, and about one out of four of those devices are networked.

Making the Right Choices

While experts agree there is no way to completely stanch the flow of ransomware or phishing that comes into IT infrastructure, a highly secure network with the right hardware, software, and policies in place can mitigate risk and stop hackers in their tracks, even if users are duped into launching an attack.

As an added benefit, a well-designed and maintained network infrastructure —which includes a traditional network as well as Wi-Fi connectivity — helps improve access to clinical and patient-facing applications, which speeds care; this is an important element in medicine, where seconds truly count. Combined, these elements may be why 81% of U.S. healthcare executives and 76% of global executives surveyed, respectively, said they would increase security spending this year. Network security — cited by 69% of respondents — still is the top U.S. IT healthcare expense.

“Cybersecurity continues to be top of mind for IT managers, and networking is right smack in the middle, since the network is like the nervous system that connects all the elements of IT infrastructure,” writes Dan Conde, an analyst at Enterprise Strategy Group. Networks and network security are in flux. Network infrastructures are becoming more software-defined while at the same time, many organizations are tapping a cloud-based model to augment what they’re doing on premises. ESG’s Conde explains why these strategies are gaining traction. “As fast LTE and 5G speeds offer viable alternatives in bandwidth and latency, and as fixed-line providers deliver more flexibility in network function virtualization, the line between traditional IT networking and service providers starts to blur.”

This new network paradigm means IT executives can tap both on-premises and cloud-based web security services that provide near-real-time protection against viruses, malware, and hackers. It also means the once-standard firewall and secure web gateways aren’t enough to handle an organization’s security needs. Firewalls still are required, but there are other technologies that must be present as well.

Software-defined security is one such technology, writes Rohit Bhisey of TMR Research. “As software-defined security is a computer embedded network security architecture that syndicates network security and defensive protection, it is increasingly in demand. This architecture leverages both internal and external sources and is designed to be scalable, secure, and modular.”

“Software-defined security helps in automating and placement of network security controls in organizations by making use of software rather than conventional security controls. By implementing specific policies as distinct and tailored as per particular business needs, this SDSec is helping enterprises secure their network,” Bhisey states.

Network monitoring, which lets IT view traffic at the packet level, search for traffic anomalies, and set use policies down to the application and user level, is a significant benefit, too.

Whatever technology you implement, consider this: At the end of the day, it’s up to healthcare IT executives to do whatever it takes to highly secure the network and the associated data and information. While today it may be impossible to hack a person’s implanted device or shut down a hospital’s MRI machines, the potential is there. A highly secure network is the first — and best — way to prevent such calamities.