Healthcare attacks as a whole are increasingly on the rise. Medical records and patient data tend to hold more worth on the black market than credit card information. This is primarily due to the increase in abuse of insurance fraud that compromised medicals records can provide. Strictly speaking, from an attackers' perspective, there is a greater rate of return on your medical information now than there is on your credit card information or specific financial data.
The rise of telemedicine, along with the demand to shift to a remote workforce during the pandemic, has open new doors for cybercriminals seeking to target hospitals and the healthcare industry.
In late September of 2020, one of the most significant recorded healthcare breaches occurred in U.S. history. Universal Health Services was forced to move its entire network offline after succumbing to a cyber-attack. The results were near-catastrophic and even forced several hospitals to use pen and paper to record information.
With the increase in technology and cybersecurity as a whole, many attackers resort to compromising the human element over a direct network attack. With the added chaos that COVID-19 has introduced into our lives, many of these attacks simply start with some form of a phishing campaign that lures an individual into acting. This could be as simple as clicking a malicious link or downloading an infected document. These items could be masquerading as anything from fake patient notes to a phony website containing updated guidelines or policy information. The options are limitless.
The reality is that hackers are capitalizing on the pandemic. They understand that healthcare systems have experienced profound organizational changes that have created additional holes within their security. Organizations are currently more focused on providing the necessary and quality healthcare needed, especially during COVID-19, than anything else. Additionally, healthcare systems have been setting up temporary facilities and triages and allowing employees to work remotely. In a rush to implement these changes, healthcare organizations understandably put their patient's and staff's health and safety first. In doing so, this also opened new avenues of exploitation for potential attackers.
Mounting regulatory concerns along with new requirements also impose additional pressure on healthcare. The threat of losing funding due to non-compliance could be the very thing that dooms an organization. There are huge incentives to speed up processes and potentially cut corners on anything that slows down the organizations' ability to comply with regulations and to meet patient needs, including security. These accelerated processes create additional gaps that attackers can target and exploit on a network that is already more vulnerable due to the increase of a remote workforce.
As seen with healthcare breaches in the past, an attacker could force a healthcare system to take its network offline, forcing pens and note pad use. Every day a facility is offline poses severe consequences in maintaining compliance, continuity of care, and patient safety. The financial losses incurred ultimately become detrimental.
The first step in your Cybersecurity plan is to identify any vulnerabilities or Indicators of Compromise. External and internal network penetration testing should be performed to identify any vulnerable or potentially vulnerable assets. This will help reveal any flaws in your infrastructure that are susceptible to attackers.
You also need to ensure your employees are following good security practices with social engineering testing. With a remote workforce, your employees' role in your organization's security is more crucial than it ever has been. Employees need to be informed and vigilant against phishing and vishing schemes. Routine social engineering tests should be an integral part of your organization's security program.
Essential cybersecurity best practices should be implemented as well. Using a simple checklist for standard security practices can help as well. Your checklist should attempt to cover all facets of security, ranging from personnel to cybersecurity. It should contain items such as verifying that the latest patches are applied to devices, the antivirus software use is enforced, home networks are secured, and multi-factor authentication is in use when applicable. This will all help add layers of security to the overall environment.
The software and tools you use also need to be secure. They should eliminate or reduce risky or compromising behaviors, like downloading attachments and allowing users to click unknown links. If your organization doesn't already use one, you may also want to implement a VPN that enables remote employees to securely connect to your network.
Unfortunately, the question is not if they will ever occur when it comes to data breaches, but when. Every organization needs to have a process in place if a breach occurs (an Incident Response Plan). The Incident Response Plan and associated processes should be updated regularly, tested periodically, and employees should be trained to understand their role in the process.
The task of managing security in a healthcare setting can be daunting. The pandemic has put healthcare systems at a disadvantage in so many ways. However, the last thing any organization needs during this time is to have compromised data put their patients' safety at risk.
RedTeam Security can help your organization achieve its security goals and maintain the highest-level security posture needed during these trying times. Our team of certified professionals has expertise spanning all facets of Cybersecurity. Whether it's helping your organization maintain compliance, identifying risk and vulnerabilities within your environment, or providing security awareness and training, we are here to be your trusted partner.
Contact one of our experts to learn more about how we can benefit your organization.