Skip to main content

Unique Challenges to Cyber-Security in Healthcare and How to Address Them.


Cyber-Security in Healthcare

No business is out of danger of cyberattacks today. However, specific industries are particularly at risk and a favorite of attackers. For years, the healthcare industry has taken the brunt of ransomware attacks, data breaches, and other cyberattacks.


Why is the healthcare industry particularly at risk for a cyberattack? What are the unique challenges to cybersecurity in healthcare, and how can healthcare organizations address these?


Healthcare at risk

Attackers are targeting various industries across the board. However, attackers seem to have a particular affinity for healthcare organizations. For eleven consecutive years, in the IBM Cost of a Data Breach Report 2021, healthcare had the highest industry cost of a breach. Additionally, Healthcare data breach costs increased from an average total cost of $7.13 million in 2020 to $9.23 million in 2021, a 29.5% increase.


However, the tremendous cost sustained by healthcare organizations for data breach events is not only due to the number of incidents. It is also due to the type and sensitivity of data related to healthcare organizations. Generally, the more sensitive and confidential the information, it is worth more on the dark web. It has been noted that healthcare data is more valuable on the dark web than credit card data.


Healthcare organizations have particularly been a target of ransomware attacks, which have prompted several special warnings from the FBI and others to help protect healthcare organizations, including hospitals, from attacks. Note the following:


October 28, 2020 - A joint cybersecurity advisory coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS), issued a warning to healthcare providers to protect against TrickBot malware leading to ransomware attacks using the Ryuk ransomware.

May 20, 2021 - The FBI released a bulletin warning of Conti ransomware attacks impacting healthcare and first responder networks. The FBI had identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks in the bulletin.

August 25, 2021 - The FBI warned healthcare organizations of the threat of the Hive ransomware, first observed in June 2021, and likely operating as affiliate-based ransomware that both encrypts and exfiltrates data.

Ransomware poses an extremely dangerous risk for healthcare organizations. Due to the sensitive nature of the data maintained by healthcare organizations, ransomware provides a perfect storm of "worst case" outcomes for hospitals and other healthcare-related businesses. Not only does modern ransomware encrypt the victim's data, often it leaks the data to the dark web, the worst possible outcome for sensitive patient records.


Factors leading up to the compromise of healthcare organizations

So, what other factors lead to the high risk of attack on healthcare institutions? Let's consider the following:


High-risk networked medical devices

Insecure interconnected medical networks

Lack of cybersecurity training

Weak or breached passwords

Outdated legacy technologies

1 — High-risk networked medical devices

Often, we hear about the risks of IoT devices. These are essentially simple networked devices that perform a specific function. For example, many networked medical devices in healthcare organizations such as hospitals transmit health statistics, data, charting, records, and many other data types. The sheer number of devices used in a hospital setting dramatically increases the attack surface.


Medical devices may not be patched with the latest security devices for the underlying operating systems, firmware, drivers, etc. In addition, medical devices may be logged in and left unattended. All of these factors and others lead to an increased cybersecurity risk for healthcare organizations.


Organizations must ensure they have a proper inventory of any connected medical devices and adequate monitoring and patching schedules as needed to remediate security vulnerabilities.


2 — Insecure interconnected medical networks

The networks of large hospitals may be connected with smaller and less secure physician's offices. While interconnected networks allow information to be exchanged quickly and easily, it can provide an easier way for hackers to compromise the target they generally are after, hospital networks, and the data these contain.


Doctor's offices may use legacy and antiquated network and end-user devices running old and outdated security protocols. Endpoints may not be patched appropriately and regularly logged into using administrator credentials. Visiting a single malicious website could provide the door for malware, ransomware, or another compromise to first infiltrate the smaller network and then pivot to the connected hospital network via open ports and other allowed communications.


Implementing zero-trust network connectivity between all connected networks and ensuring least privilege access to resources across the board will help bolster the security of sensitive patient records.


3 — Lack of cybersecurity training

While medical professionals have some of the most extensive training globally, unfortunately, cybersecurity training is not one of them. As a result, many medical professionals, like other business professionals, are not adequately trained to recognize phishing emails, malicious websites, or other malicious software. On top of the risks associated with medical devices and interconnected medical networks, this adds to the threat to healthcare organizations.


Healthcare organizations must mandate regular and systematic cybersecurity training for all healthcare employees to ensure the end-users are trained in scrutinizing all network communications, emails, and other tactics attackers use for social engineering and phishing attacks.


4 — Weak or breached passwords

According to the IBM Cost of a Data Breach Report 2021, several alarming statistics are related to compromised credentials. These include:


Compromised credentials account for 20% of total breach events

Breaches caused by stolen/compromised credentials took the longest number of days to identify

The average cost of a data breach caused by compromised credentials - $4.37 million

Healthcare organizations can undoubtedly fall victim to attacks resulting from compromised credentials as they can be challenging to detect and allow an attacker to masquerade as someone with legitimate credentials. Additionally, even if passwords are complex, they are known to an attacker if they are on a breached password list. It can give quick entry to attackers who use the breached lists in password spraying or other credential attacks.


Organizations must implement strong password policies to prevent weak passwords and use breached password protection to protect against breached passwords in the environment.


5 — Lack of investment in cybersecurity

Healthcare cybersecurity is also weakened due to the lack of investment in proper cybersecurity solutions and technologies to protect sensitive healthcare environments. A study noted that, on average, healthcare organizations spend only around 5% of their IT budget on cybersecurity while the rest is devoted to the adoption of new technologies.


As a result, it leads to a less than desirable outcome of expanding attack surfaces and lacking the tools needed to secure the environment from cyberattacks properly.


A heavy burden of responsibility falls to the CIO and other business stakeholders to evangelize the need to prioritize cybersecurity spending. Risk assessments need to carefully consider the impact of a ransomware attack on sensitive patient data and the repercussions to the organization if data is leaked.


Bolstering password security in healthcare

As stated earlier, password security is a tremendous concern. Attackers often use compromised credentials to gain easy access to business networks, including those of healthcare institutions. As a result, poor password policies and a lack of breached password protection can lead to tremendous vulnerabilities across the board for accounts.


Healthcare organizations using Microsoft's Active Directory password policies as part of Group Policy lack robust tools to implement industry best practice standards of effective password filtering, protecting against incremental passwords, and breached password protection.


Specops Password Policy is a robust password policy solution that adds key features to existing Active Directory password policies, including industry-leading breached password protection. With Specops Password Policy, healthcare organizations can provide continuous breached password protection for user accounts with a push-button approach.


Specops Complete API Breached Password Protection


In addition to the robust breached password protection functionality provided by Specops Password Policy, it provides the following:


Easy implementation of multiple password dictionary lists to block specific passwords customized for your organization

Over 2 billion breached passwords and growing are protected by Breached Password Protection which includes passwords found on known breached lists as well as passwords being used in attacks happening right now

Find and remove breached passwords in your Active Directory environment

Informative client messaging

Real-time, dynamic feedback at password change

Customize password expiration based on password length, known as length-based password expiration

Block usernames, display names, specific words, consecutive characters, incremental passwords, and reusing a part of the current password

Granular, GPO-driven targeting for any GPO level, computer, user, or group population

Passphrase support

Supports over 25 languages

Use Regular Expressions to customize password filtering further.


#THN


#osutayusuf

Comments

Post a Comment

Popular posts from this blog

Vurra Constituency MP Adriko Yovan gets six months imprisonment for failing to repay loan.

📸: Hon Adriko Yovan. Story By Andrew Cohen Amvesi. ARUA . Yovan Adriko, the Vurra County Member of Parliament (MP) in Arua district has been committed to six months civil prison for failing to clear debts amounting to shs55,677,400. Adriko was on Thursday evening sent to Arua government prison to serve six months shortly after his arrest at Slumberland hotel in Arua City. MP Adriko warrant of committal judgement debtor to jail. Paul Mawa of T/A Vitality Associates, the court bailiff assigned to arrest the MP, duped him to come and pick some money for a land transaction at Slumberland hotel where he picked him like a baby after a long hunt. Adriko was immediately arraigned before Her Worship Karungi Leo, the Deputy Registrar of Arua High Court who later committed him to imprisonment not exceeding six months. Part of Adriko’s warrant of arrest issued b court Adriko was sent to the coolers for failing to clear shs48m which is the princip
1 comment
Read more

Arrested Arua City Officials Taken to Kampala this Night.

Wednesday 8-November-2023. 📸: The arrest of Arua City Physical Planner Mr Findru Moses on 6-Nov-2023 at around 2pm. 📸: Mr Jobile Cornelius the City Deputy town clerk who was arrested on 7-Nov-2023 at around 4pm. 📸: Mrs Lillian Aleni (in red cloth) and Mr Edoni Benard being handcuffed by police officer on 6-Nov-2023 at around 6pm. The bail that was to be issued last night 8pm 7-Nov-2023 to release the arrested City Deputy town clerk Mr Jobile Cornelius and CFO Mr Sam Adriko over mismanagement of government properties and monies was canceled, and by this time of the night 11pm, highly placed sources leaked that, all the arrested suspects (Mr Findru Moses the Arua City Physical Planner, Mr Jobile Cornelius the Deputy City clerk, Mr Adriko Sam the CFO, Mr Edoni Benard the PDM BOG Chairperson for Pangisa ward and Mrs Lillian Aleni the parish chief for Pangisa ward) are being transported by State House Anti-corruption Unit officers who will soon be reac
Post a Comment
Read more

Wedded Ayivu West MP Lematia John Fights Over Another Woman.

  📸: Hon Lematia John. By URN. Police in Arua district are investigating a case of assault and threatening violence involving the Member of Parliament for Ayivu West Constituency John Lematia and James Ariko, a DSTV technician in Arua city. Drama ensued on Easter Sunday 31-3-2024 at Dream Land Hotel located at Kuluva trading center along Arua-Nebbi highway in Arua district when the legislator and the technician engaged in a fight reportedly over a woman identified as Faith Eyotaru 25, a relationship officer at Victoria University Kampala. The scuffle started after Ayivu West Mp John Lematia went to swim at Dreamland Hotel with Faith Eyotaru only to find Ariko, who had gone to the same hotel earlier. However, upon seeing the duo coming out of the vehicle, Ariko confronted Lematia with both men claiming to be having a relationship with the lady. It took the intervention of the staff at the hotel who intervened and separated the fight between the men. Josephine Angucia, the West Nile re
Post a Comment
Read more