One of the most crucial things for the healthcare sector during the ongoing global pandemic, amidst many other competing priorities, is keeping a check on its cybersecurity measures. During the first half of 2020, HHS or the Department of Health and Human Services recorded a 50% increase in cybersecurity breaches in the field of healthcare itself.
Such a massive outburst of data breaches not only puts the safety of patient data at risk but also openly highlights the vulnerabilities within hospitals and healthcare service providers exploited by cybercriminals in response to COVID-19.
Of all the major drivers, COVID-19 has played the most excruciating role in driving a new wave of threats like ransomware attacks mostly targeted on hospitals and other healthcare entities. The impact of ransomware is expected to outshine as one of the biggest priorities of the cybercriminal's portfolio in the year 2021 also.
That is why it becomes essential for organizations to take up a collective approach towards security and protect their patients as well as their own business.
Healthcare Cybersecurity Challenges in India
From healthcare, banking and shopping to studying and exploring the world, Indians use the internet massively. And as a result, the associated cyber crimes in India have also increased in proportion to the level of usage.
Alongside the USA, India has become one of the top 10 spam-sending countries in the world. An online security firm Symantec ranked India among the top five countries to be affected by cybercrime. To our surprise, 75% of the data breaches in India are perpetrated by outsiders and 15% of these breaches are specifically targeted at the healthcare sector alone (Source: NITI Ayog, India).
A variety of devices are used by internet users in India ranging from high-end smartphones to relatively cheaper ones that have little to no infrastructure for cybersecurity. This non-uniform system makes it difficult to provide a uniform security protocol across the nation and leads to widespread data security issues.
Although the private sector in India remains a prominent player, it still fails to report and respond to security breaches in digital networks. Another prominent challenge is the lack of awareness among the users as far as privacy-enhancing technologies are concerned.
Recent Healthcare Cybersecurity Attacks
2020 has been a catastrophic year because of a number of reasons, COVID-19 being the foremost of them. And despite being the sole saviour for humanity in these testing times, the healthcare industry itself has not remained untouched by cyberattacks.
Here are some of the recent cybersecurity attacks which shook the healthcare industry:
1. Ransomware Attack on Blackbaud:
It was in May 2020 that Blackbaud faced a massive ransomware attack wherein an estimated 10 million customer records were compromised. Although the company’s cyber-security team was able to stop the cyber attackers midway, the criminals still had a good chunk of data with them which consisted of name, health details, contact details, etc.
2. Cyberattack on Luxottica:
An eye-care conglomerate, Luxottica, saw one of the worst cyber-attacks in the year 2020 when in August the attackers hacked the web-based appointment scheduling application managed by Luxottica which is used for scheduling appointments.
It was found that the data about prescriptions, health insurance details, date and time of appointments, credit card information, etc. of around 8.3 lakh patients were stolen.
3. Aspen Pointe Data Breach:
The cyberattack on Aspen Pointe was detected and revealed in the month of September 2020. The behavioural and mental health provider issued a statement that said that the data of approximately 3 lakh of its patients was compromised because of the attack.
The company had to stop a majority of its operations as a result of the cyberattack for a number of days. A thorough investigation into this matter revealed that the hackers had gathered important information like bank account details, date of birth, contact details etc. from the targeted server.
4. Ransomware Attack on Magellan Health:
The servers of Magellan Health were hit by a ransomware attack in the month of April 2020. Nearly 3.65 lakh patients and employees got impacted because of this cyberattack. Hackers had got access to security systems by leveraging a social engineering phishing scheme that impersonated a Magellan Health client and all of this was planned and done 5 days before the attack.
Employee information such as confidential credentials, passwords, etc. and patient data like contact details, treatment information, health insurance account information, etc. was stolen.
Strategies for Improving Healthcare Cybersecurity
Healthcare systems are one of the major custodians of PHI or Protected Health Information. This serves as a valuable resource that can be used by threat actors to enable identity theft. Staying ahead on such a high level of threat requires a concentrated and proactive approach. Here we have listed a few measures of paramount importance that can enhance cybersecurity within your organization.
1. Make use of big data and analytics for making informed and strategic security decisions.
The first step towards securing healthcare information is to discard obsolete technology of managing patient data and replacing it with latest technologies, which have higher resistance to fight cyber crimes.
Security Information Event Management (SIEM) has been the traditional solution used in data centers. However, SIEMs cannot handle large volumes of data which makes it inefficient after a certain point. There is a tremendous need to employ intelligent analytics to automate mountains of data in a secure manner.
Cybercriminals are continually devising better intelligence on security solutions, so they can assume less-visible behavioral patterns to better conceal their actions. Therefore, data must be analyzed quickly to identify actionable insights and keep attackers at bay.
Big data and analytics convert unstructured log and SIEM data to a format that enables informed, strategic decision making, and does away with the ‘false-positives’ that afflict SIEMs. This allows security teams to quickly respond to threats before data leaves the network.
2. Prepare for an Incident Response Plan:
Since cyber-attacks have become inevitable, the development of an effective Cyber Incident Response Plan (CIRP) has become vital for businesses that aim to stay ahead of their respective adversaries. Incident Response Plan (IRP) can enable organizations to prepare for the inevitable security incidents, recover thoroughly when attacks occur, and respond effectively to the evolving threats.
3. Deploy IAM:
Identity and Access Management (IAM) is all about outlining and managing the access privileges and roles of users and devices to a variety of on-premise and cloud applications.
Deploying stringent authentication and authorization capabilities on a centralized platform provides businesses and IT professionals with a consistent method of managing user access during the identity lifecycle and would certainly go a long way in improving cybersecurity.
4. Implement strict measures to tackle BYOD programs
Bring-your-own-device (BYOD) programs are a huge concern for many healthcare organizations that permit their employees to bring their personal laptops, tablets and smartphones. While working, employees install mobile applications and use on their personal devices exposing corporate data to additional risks.
We know as a fact that 98% of the Android applications have security vulnerabilities.
These unsafe practices are widespread in the healthcare industry and IT departments rarely have the bandwidth of time and resources to do anything about it. Many healthcare organizations lack even the most basic mobile device management (MDM) & BYOD tools, policies, and processes.
BYOD and mobile threats change almost constantly due to the proliferation of new mobile applications being written. Healthcare organizations need to implement adaptive technologies to manage identities and to better control the data being accessed.
Appknox is a third-party tool that helps enterprises to tackle such security issues. It detects loophole and vulnerabilities in the mobile apps and report the problems. It also gives a compliant solution for you to fix these issues.
5. Understand HIPAA requirements and Healthcare compliance
As I highlighted in my previous post, HIPAA compliance alone is not sufficient to build a rock solid security system. Though HIPAA is a standard compliance for healthcare industries, its law in itself is not foolproof in keeping the data safe. A good example of this is encryption. Though the law does mention about the Encryption but also leaves an element of uncertainty.
According to the law - Encryption (Addressable) - Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.
Hence, companies should review the HIPAA requirements properly and work on the compliance plan so that every single parameter gets covered to ensure full security.
6. Training your employees about the security risks involved in accessing links and attachments in email
Employees invariably click on emails and other attachments even when they are told the risks involved. This gives an open door to hackers to attack our network and while 75 percent of attacks take only minutes to begin data exfiltration, they take much longer to detect.
Securing email and web gateways will help reduce the instances of network breaches. This includes rewriting or sandboxing suspicious URLs to detect drive-by attacks and by deploying authentication, endpoint, network, and gateway controls that share information for an orchestrated reduction on the attack surface.
Other measures include implementing a solid supply chain and vendor management system, promoting education training awareness (ETA), reducing access control lists (ACLs), and knowing what key intellectual property exists on the network and where it’s located.
7. Monitor your internal systems and logs for evidence of issues
An automated bot or a process that can periodically run through the system to detect loopholes would be a great way to handle a threat. It will help you spot the vulnerability portion of the system in time and rectify it before much damage is done.
If all of this becomes overwhelming for you, there are third-party security tools available to help you detect security loopholes in your system and offer compliance checks. At Appknox, we help healthcare businesses detect vulnerabilities and loopholes in the mobile applications.
8. Perform Regular Security Tests:
Existing security vulnerabilities and other weaker areas of concern within the security infrastructure of your organization can be identified and mitigated by conducting regular security tests. Businesses can avoid costly data breaches and reduce many other detrimental impacts of a data breach by deploying highly innovative testing techniques like SAST, DAST and API testing.
For thorough security scans, it is recommended to rely on highly trusted vendors like Appknox. Appknox is widely known for its advanced vulnerability assessments and penetration tests and with their vast test case coverage, you simply don’t need to worry about vulnerabilities anymore.
The current pandemic has forced healthcare organizations to introduce widespread infrastructural changes to their business. Such a large scale transformation has also created gaps in their existing security systems. These gaps have given cyber criminals an inherent opportunity to exploit flaws and infiltrate within the firewalls of these organizations.
In order to secure sensitive healthcare data and prevent serious security incidents, an “all in” approach in terms of security is required across the organization. A strong strategic commitment and adherence to the established best practices can certainly go a long way in ensuring an all-around security posture within healthcare organizations.