One of the most significant priorities facing healthcare in 2021 is the need for improved security. The rapid move to remote platforms and telehealth has increased the attack surface for cyberattacks targeting healthcare organizations. As a joint alert from the Department of Health and Human Services, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation warns of an imminent wave of new ransomware attacks, what steps can healthcare professionals take to build cyber resilience?
For many hackers, healthcare providers and physician groups look like easy targets. Large volumes of protected health information (PHI) and personal financial data, coupled with outdated and poorly managed network systems, have created a feeding frenzy for hacking groups. In fact, healthcare data has become the most valuable prize for hackers. The figures should be a wakeup call. A recent report shows a healthcare data record is worth $250 for criminals—the next most valuable record is worth $5.40!
The rise of ransomware
Credential theft, spear phishing and other common attacks are all increasing in volume, but there has been a dramatic rise in ransomware attacks. Recent research studies suggest that cyberattacks—many tied to ransomware—focused on healthcare organizations have doubled during the pandemic as attackers take advantage of opportunities created by increased digital access to health data and systems.
The costs for already-stretched healthcare budgets can be substantial. In the case of UHS, an attack that impacted 400 care sites and shut down the electronic medical records (EMR) system for three weeks resulted in an estimated $67 million in lost revenue and recovery costs. This case also highlights the increasing number of attack vectors available: while common health systems like EMR and financials were compromised, the infection also spread to internet-of-things (IoT) devices, imaging machines and phones, making it especially difficult to eradicate.
Ransomware becomes more sophisticated
Cybersecurity is an arms race. And cyberattacks morph and evolve rapidly. This is especially true for ransomware that’s more sophisticated and human directed. Earlier ransomware attacks like WannaCry and NotPetya spread automatically and looked for a catalog of possible exploits based on poor security discipline. Newer, more dangerous tools are human directed and often based on credential theft. And they are much more difficult to detect.
The COVID-19 pandemic has been a huge opportunity for cybercriminal activity, with threat actors quickly pivoting to increase attacks on businesses that are critical to the COVID-19 response effort. The healthcare, life sciences, manufacturing and energy industries have moved into the crosshairs, as the shift to remote work greatly expanded the attack surface for cyberattacks.
In the past, phishing emails have been the primary approach for ransomware attacks. But there’s evidence that system vulnerabilities have now surpassed phishing as the primary route. This is highly significant because basic cyber hygiene, if properly enacted, can almost eliminate the threat from phishing. Users can simply delete suspicious emails and click through or download only from trusted sources. However, the focus on system vulnerabilities—especially as network footprints expand—highlights the importance of properly managing and protecting every endpoint.
Healthcare begins to respond
Healthcare organizations are beginning to react to the threat. The MIT Technology Review recently asked healthcare technology leaders about their planned spending for 2021. According to the study, 58 percent of respondents indicated that investments in cyberattack defense was a high priority, and improved endpoint security was an essential investment. Healthcare organizations need to make improvements in cybersecurity that reflect their current role as critical infrastructure.
Endpoint security is especially important as healthcare continues to move forward with telehealth and digital transformation. The joint cybersecurity advisory from the federal government makes it clear that providers should review patching plans, security policies and endpoint security. As attack complexity increases, healthcare organizations must improve their tools, tactics and training to remain ahead of the criminals.
Building security at every endpoint
Healthcare organizations looking to improve their resilience should consider products like OpenText™ EnCase™ Endpoint Security to help drive improvements in endpoint security. This type of modern security solution incorporates artificial intelligence, automation and machine learning to detect threats and anomalies in near-real time. The MITRE ATT&CK framework provides a robust knowledge base and guide for security that is gaining traction in the healthcare market.
Healthcare organizations need to consider the threat they face and invest appropriately. Security breaches, service interruptions and reputational damage can result in millions of dollars in lost revenue, fines and damage to patients’ personal finances. A proactive approach to improved security at every endpoint is absolutely necessary in the current environment.
OpenText has a range of solutions designed to accelerate digital transformation, enhance mobile patient engagement and deliver highly secure content management. Please visit our website to find out more.