Healthcare Attacks on the Rise

12400551497?profile=RESIZE_400xThere seems to be a very disturbing cyber-attack trend that is targeting our Healthcare sector.  This should be of a huge concern for everyone.  There used to be certain sectors that state sponsoredaccount access and criminal hackers would shy away.  Those days are gone.  The healthcare industry is an increasingly appealing target for cybercriminals from around the world.  The reason is simple: The healthcare value chain encompasses a large, complex network of connected entities that warehouse exactly the kind of high-value, confidential data that thieves want.  This includes electronic health records, social security numbers, credit card numbers and banking information.[1]

Cyberattacks disproportionately affect healthcare organizations.  In 2023, the average data breach cost to a healthcare company was $10.93 million, an 8% increase from the previous year, according to IBM’s Cost of a Data Breach Report.  By comparison, compromises at financial companies (which ranked second in terms of cost per breach) totaled $5.9 million.  Healthcare data breach costs have skyrocketed 53% since 2020, and the industry has ranked No. 1 in cost-per-breach for 13 consecutive years.

The cost extends beyond dollars. Each compromise damages a healthcare organization’s reputation with its customers, supply chain partners and other stakeholders, and most breaches must be publicly disclosed.  The Federal Trade Commission’s Health Breach Notification Rule mandates that “vendors of personal health records and related entities notify customers” and that “if a service provider to one of these entities has a breach, it must notify the entity, which in turn must notify consumers.”

Cybersecurity professionals can empathize with healthcare organizations that have suffered a data breach, and the resulting reputational damage, because even with robust protections in place, determined and skilled cybercriminals can potentially penetrate an organization’s data fortress.  Healthcare organizations must, however, constantly review and improve their cybersecurity strategies to stay ahead of hackers and minimize the risk of a data breach.

Here are four places to start:

  1. Prepare and update disaster recovery plans and incident response playbooks.

It is not a matter of if, but when, a cybersecurity incident will occur.  Organizations must, therefore, have detailed, written contingency plans, such as up-to-date disaster recovery and incident response plans, so your team is well prepared and understands who does what and when.

An organization’s backup strategy, including immutable (read-only) backups, stored offsite, is fundamental to disaster recovery and, for example, is essential for minimizing the effects of a ransomware attack.  Data center resiliency is also an essential component for meeting your recovery point objective and recovery time objective.

Although ransomware is not cybercriminals’ most common attack method, Verizon’s 2023 Data Breach Investigations Report estimates that it accounts for almost 1 in 4 (24%) incidents.  Ransomware attacks have also recently made headlines, specifically in the healthcare industry.

  1. Protect unauthorized access to user accounts.

Stringent controls to protect unauthorized user account access are crucial for minimizing the risk of a data breach.  According to Verizon, stolen credentials are cybercriminals’ most common attack method, with just over 50% of 2023 hacks involving the use of stolen credentials to gain access to applications and data. 

Organizations should use rigorous identity and access management technology to bolster cybersecurity defenses, including multifactor authentication, role-based access controls and passwordless authentication methods such as biometrics, tokens/certificates or FIDO2 (Fast IDentity Online 2).  Organizations should also regularly review and monitor user accounts and activity to identify suspicious activities and always follow the principle of least privilege.

  1. Bolster phishing defenses.

Phishing is cybercriminals’ second most-used attack method, representing 36% of breaches in 2023, according to Verizon.  Phishing technology has become so sophisticated that it can take months before an organization discovers that an employee’s email account has been hacked and intruders have gained access to the company’s confidential information.

Organizations must protect network access by using the latest email filtering and phishing detection technology.  It is also imperative that employees receive regular training in phishing simulations and incident response procedures.

  1. Minimize device vulnerabilities.

The third most frequent way that criminals breach cybersecurity defenses is by exploiting vulnerabilities in software or applications on devices connected to an organization’s network. Devices include desktops, laptops, tablets, smartphones, servers and all other hardware that allows users to connect to an organization’s network.

Organizations can mitigate this type of breach by ensuring that each connected device uses the latest operating system and is protected by up-to-date security software. Just as important, the security software and OS must be updated as soon as possible when new versions or patches are released. Each device should also use up-to-date identity protection and user access control technology.

In addition to protecting devices, organizations should reduce vulnerabilities in software connectors.  Security protocols for Application Programming Interfaces (APIs), for example, are commonly neglected, with organizations misconfiguring the authentication and authorization mechanisms within the API.

The digital transformation that is reshaping the healthcare industry has opened the door for cybercriminals, including adversarial nation states, organized crime groups and terrorists, and they are using cutting-edge technology to exploit the weakest security links.  Prioritizing cybersecurity will help protect your organization, its reputation and, perhaps most importantly, your stakeholders’ data.

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.     For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:

  • Reporting: https://www. redskyalliance. org/
  • Website: https://www. redskyalliance. com/
  • LinkedIn: https://www. linkedin. com/company/64265941 

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

[1] https://www.managedhealthcareexecutive.com/view/4-practical-strategies-healthcare-leaders-can-implement-now-to-repel-cyber-attacks

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!