As the number of cyber attacks directed at healthcare facilities and providers continues to grow, many are struggling to ensure the security of critical systems and data. High-profile ransomware attacks such as WannaCry and incidents of patient records theft have served to push the issue to the top of priority lists for senior managers.
Of all the threats facing healthcare providers, ransomware is clearly the most pressing. A 2017 Verizon Data Breach analysis report found 72% of all healthcare malware attacks during the previous year had been ransomware attacks. Only the financial services sector is targeted more than healthcare.
The healthcare sector is known for making significant leaps in the quality of patient care, but the same cannot be said when it comes to IT security. It appears that, while medicine may be making science fiction-level advances, the systems that house its day-to-day information have yet to receive the same 21st century boost.
Healthcare providers also face increasingly stringent regulatory compliance requirements. Designed to reduce risks and increase patient confidence, standards such as HIPPA and GDPR need to be met, and providers need to deploy tools and technologies that can help them achieve this goal.
In Australia, the mandatory data breach reporting requirements are adding another layer of pressure. As well as needing to be able to spot illegal intrusions into IT systems, providers must be certain of exactly what data is being collected and where it is being stored. They must also have the mechanisms in place to alert patients should their personal details be compromised.
Why is healthcare a target?
Healthcare facilities are an attractive target for cybercriminals as data is critical for their day-to-day function. Patient care relies on data and, if this cannot be accessed when required, that care can be compromised.
This makes ransomware a particularly effective means of mounting an attack. It works by infecting a computer, locking users out of the system, and then holding the data hostage until payment is made.Typically, employees within healthcare organisations are highly trained in their particular medical areas but may be less well informed when it comes to issues relating to IT security. This, in turn, can make them more susceptible falling victim to a hacking attempt.
Diagnosing the problem
IT security problems can occur for a variety of reasons. Employees may click on phishing emails thinking they are legitimate, which then downloads key logging software that allows a criminal to steal log-in credentials.
Employees may also download sensitive data onto a laptop of USB drive only to have it lost or stolen. Alternatively, they may inadvertently send data to an incorrect email address or make it available through an insecure website or data store.
Within facilities, infrastructure expansion projects may be undertaken without adequate thought being given to security. This could include adding new insecure devices to a network or making electronic medical records available to remote sites without sufficient consideration being given to the security of the network links used.
Increasingly projects involving the roll out of an Internet of Medical Things (IoMT) network are also happening. This involves deploying large numbers of connected devices that generate and share data across a network.
All too often, existing IT security tools are not kept up to date or are no longer suitable for the types and volumes of data being handled. This can result in a facility falling victim to a virus or zero-day threat that can cause significant disruption.
Problems can also arise if rogue Wi-Fi access points are deployed that snoop on data sent over wireless networks. Employees can inadvertently connect to these APs thinking they are legitimate parts of their organisation's network.
Treating the problem
There are a range of steps that can be taken to improve security and reduce the likelihood that a healthcare facility or provider will fall victim to an attack. These steps include:
- Education and training programs: Ensuring all staff are aware of the security threats being faced is a critical first step. Training programs should be regularly run that outline the current threat landscape and the basic steps that everyone should be taking to minimise their risks of becoming a victim.
- Deployment of multi-factor authentication: This technique helps to overcome the widespread problem of user credentials being stolen and misused. Multi-factor authentication can involve combining a user name and password (something you know) with a hardware or software token (something you have). Both are required before access is granted to networks and systems, significantly increasing overall security. This solution is simple to use and inexpensive to deploy.
- Sandboxing: This involves protecting IT systems and data by quarantining suspicious email attachments and files. These items are then allowed to run in a secure environment and examined before being allowed into the wider infrastructure. In this way, rogue code can be identified and neutralised before it can do any harm.
- Traffic monitoring: Attackers can use various tactics to extract data from a network. Providers should deploy tools that give visibility, analytics and reporting capabilities to identify and distil key network security threats, issues and trends. This will improve the ability to set meaningful security policies across the network.
- Data loss prevention: This approach uses close inspection of all outbound data from an organisation's IT infrastructure. If the data matches pre-determined patterns, the connection is blocked and the IT administrator is notified. Patterns that trigger such a flag might relate to sensitive patient records or financial data relating to operations.
- Segmentation and VPNs: Taking advantage of this technique involves dividing a network into discrete parts. This means that, should an attacker gain access to one part of an infrastructure, they have no easy way of then moving into other areas to compromise data or cause disruption.
By taking these steps, healthcare service providers can ensure their IT infrastructures are better prepared and able to withstand the growing range and number of security threats.
Thorough preparation now will ensure the activities of cyber criminals won't have a detrimental impact on the quality of care provided to patients in the future.