Healthcare Data: The New Prize for Hackers

February 14, 2018//SecureLink

Last Updated: June 27, 2018

Why is Healthcare Data so Valuable?

Healthcare data breaches are increasing exponentially year after year. In order for IT healthcare professionals to take steps to safeguard their systems, it’s critical for them to understand why healthcare data holds so much value for hackers.

Healthcare data is valuable on the black market because it often contains all of an individual’s personally identifiable information, as opposed to a single marker that may be found in a financial breach. Often these attacks see hundreds of thousands of patient data compromised or stolen by those with malicious intent. According to a recent Trustwave report a healthcare record may be valued at up to $250 per record on the black market, compared to $5.40 for the next highest value record (a payment card). Because of the desirability of the data and the lure of monetary gain, it is important that this security threat is not underestimated by the Healthcare Industry IT professionals and that steps are taken to safeguard this data.

The same Trustwave reports indicates that businesses and healthcare organizations made up the bulk of hacking targets in 2016, accounting for 45% and 34% of breaches respectively, with healthcare breaches specifically jumping 151% in the last 10 years. There looks to be no sign of attacks slowing. According to a Protenus report, the healthcare industry was on pace for a breach a day in 2017. Most of which can be attributable to hackers, or access through third party vendors. Most research suggests the attack vectors are most likely to be ransomware, or malicious SQL injection attacks that can occur when malicious emails, websites, or software is installed or accessed within a network, often by a an unwitting user.

Seeing this should be a wake-up call, and believe me, it’s easy to see frightening information like this and want to duck and cover. But we all know that duck and cover practices are ineffective and wouln’t save anyone, it only makes an actual issue less frightening. Instead we’re going to impart some real actionable advice in this post.

The First Breach of 2018

The vulnerabilities the industry faces were exposed in a particularly malicious ransomware attack against Hancock Health not even halfway through January 2018. According to Healthcare IT News, the first reported attack of 2018 was sophisticated, calculating, and motivated by financial gain. The attack forced the hospital’s IT staff to shut down their systems while their patient’s personally identifiable information was held hostage. It’d be nice to imagine a Nakatomi situation, where a heroic everyman could have saved the DAY and the data. However, in this situation, an after-the-fact solution just wasn’t possible.

The most recent breach of Hancock Health was traced to the hacker using a vendor’s remote access portal and credentials. And as many industry professionals agree a network is only as strong as its weakest credentials, so when access was opened up to third parties it added a layer of risk that should have been entirely avoidable. The hospital was later compelled by the attacker to pay $55,000 using the cryptocurrency bitcoin in order to release the data. The only preventative measures to prevent similar attacks against your institution are practical defensive solutions. There’s no John McClane type that can thwart the invaders from within. The IT healthcare professional needs to be prepared and know who is accessing their company resources from third-party vendors up.

Why is the IT Healthcare Industry Vulnerable?

Because of the number of interconnected devices in healthcare, opportunistic attacks are becoming more and more commonplace because there is a need for an organization to share information across devices and with third-party vendors. A network’s integrity is weakened by these vendors, who may have access to a site’s data through a VPN or multiple shared credentials. Email is another vector for attack via third-party access. Attackers are aware that email is often a weak spot and will use this to take advantage and will use phishing attempts to gain entry to a third party vendor’s vetted, yet still un-secure, network access.

What can you do?

First of all, no we’re not descending into Mad Max times. It’s not yet a lawless wasteland. While there is an undeniable proliferation of attacks and an increase in data breaches, a number that only seems to be rising, it is certainly possible for IT professionals to defend against any rampaging apocalyptic marauders.

Healthcare IT departments need to act as if a threat to their network and PII is imminent and respond as such. Ultimately a network is more secure when all individuals accessing the network can be identified and tracked. It is important to know who is on your network, when they’re on your network, why they are on your network, and what they did while they were on your network. As an IT professional it behooves you to establish a praxis where all of your access points are monitored and secure, as well as each client, vendor, or end user only has the minimum amount of access required to do business. You need to secure the vault before the first robbery.

Doing the above allows you to assess your current company policies, and identify areas of weakness. However, simply looking within the organization isn’t enough. As a healthcare IT support professional it falls on you to look at external relationships and work to shore up all potential weaknesses in these third-party relationships.

It is important to be aware that the best defense against a data breach or attack is to be prepared for an attack from multiple vectors and assailants. The reputation of a disgruntled youth in a basement may have origins in truth; however, it is far more likely that attacks are sophisticated, coordinated, and orchestrated by criminal organizations, or foreign state in addition to the motivated criminal individual.

With most networks possessing multiple unsecured entry points, a proliferation of cloud-based services, and multiple connected devices inherent to reality of conducting business in the Healthcare Industry makes for an increased “attack surface,” where a single vulnerability invites an attack.

Mapping this attack surface and notating all points of entry and high-risk points can make it easier to continually assess, reassess, and reveal weaknesses. Mapping offers an opportunity to take a close look at how data is accessed on your network. You’re likely to discover that many access points (e.g. remote desktop, messaging applications, or VPN) are ad-hoc and not designed for the level of usage their deployment often demands.

The goal here is to make your business a harder target. Most breaches are opportunistic in nature. Employing rigid standards of security and reinforcing your access portals goes a long way to closing down dangerous opportunities without sacrificing business-necessary access.

About SecureLink

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

Leave a Comment

close close