The healthcare industry is one of the most targeted industries for cyberattacks. This is because attackers know that healthcare organizations store a wealth of valuable data, including patients’ personal information, health records, and credit card details. In this blog post, we will explore the top cybersecurity risks threatening healthcare organizations, from data breach and ransomware attacks to denial-of-service attacks, and how they can improve their cybersecurity against these threats.
Top healthcare cyber threats
The healthcare sector has been particularly susceptible to data breaches in recent years. In 2018, there were over 500 healthcare data breaches, exposing over 15 million patient records. The most common type of healthcare data breach is a phishing attack, where attackers send fraudulent emails to healthcare staff in an attempt to gain access to sensitive data. Other common types of healthcare data breaches include malicious insiders, lost or stolen devices, and third-party vendor vulnerabilities.
Ransomware attacks are one of the most serious cybersecurity threats faced by healthcare organizations. Ransomware is a type of malware that encrypts a victim’s files and demands a ransom be paid for the files to be decrypted. Healthcare organizations are appealing targets for ransomware attacks because they often cannot afford to lose access to their data. In 2017, the WannaCry ransomware attack hit healthcare organizations around the world, causing over $140 million in damages.
Denial-of-Service (DoS) attacks are a type of cyberattack that seeks to make a website or online service unavailable by overwhelming it with traffic from multiple sources. DoS attacks can be particularly damaging to healthcare organizations as they can prevent patients from accessing vital medical services. In 2016, the Mirai botnet was used to launch a DoS attack against healthcare provider Dyn, which caused major disruptions to several healthcare websites and applications, including the Mayo Clinic and Boston Children’s Hospital.
Business Email Compromise (BEC)
Spear phishing or Business Email Compromise (BEC) involves an attacker compromising a legitimate email account and using it to send malicious emails to other employees in an attempt to gain access to sensitive data. BEC attacks are difficult to detect because they are from legitimate email accounts that have been compromised by the attacker. In 2017, healthcare provider Allscripts was the victim of a spear-phishing attack that resulted in the theft of over 600,000 patient records.
A phishing attack is an attempt to trick users into sharing passwords or personal information by clicking on a malicious email link or attachment that will install malware on their device. Phishing emails often look like they come from a legitimate source, such as a healthcare provider, a financial institution, or a recognized agency such as the World Health Organization. These attacks can result in healthcare organizations unintentionally violating HIPAA compliance rules or getting sued by the patient whose data was exposed.
Improving cybersecurity in healthcare
Several measures can help healthcare organizations improve their cybersecurity posture against these attacks, including the following:
Increase employee cybersecurity awareness
To prevent staff from falling victim to phishing attacks and other types of cyberattacks, it is important to increase their cybersecurity awareness. Employees should be trained on how to spot malicious emails and told not to click on links or attachments from unknown sources. They should also be encouraged to report any suspicious emails they receive. Cybersecurity awareness and phishing test training will not only raise your employees’ cybersecurity awareness, but also put it to the test with real-world phishing attack simulations.
Implement two-factor authentication
Multi-Factor Authentication (MFA) is one of the leading ways to prevent cyberattacks. Two-factor authentication, or 2FA, is an extra layer of security that helps protect your online accounts from unauthorized access. When you enable 2FA, you’re adding a second authentication factor or step to your usual login process, thus improving your online account security. Microsoft Security states that MFA can successfully block most of the account compromise attacks, thus significantly reducing your risks of being the target of an attack.
Maintain good password hygiene
Another simple way to improve your cybersecurity is to apply some of the top password security best practices, which will help you craft “unpredictable” and therefore “uncrackable” passwords. Among these best practices are making longer, more complex passwords (8+ characters, mix of uppercase/lowercase/numbers/special characters), using a password manager, turning off AutoFill, accepting automated passwords only from reputable sources or your own password manager, and avoiding the saving of your passwords in your browser.
Perform regular penetration tests
The threat landscape is constantly evolving and requires your organization to stay proactive in improving the cybersecurity of your systems and data. Among the most effective ways to ensure that your cybersecurity is as good as it can be is by having them tested with real-world attack simulations. Improving your entire network security, namely through external penetration testing, internal penetration testing, and wireless penetration testing, will allow you to identify vulnerabilities and exploits that internal and external threat actors could leverage to gain access to sensitive data and mission-critical systems.
Control network access to health data
Implement a least-privilege access to your systems, granting only the minimum required privileges for any user to adequately perform their tasks. Any sensitive data such as patient information should only be accessible to those who absolutely need it to do their work. Network access control tools, such as firewalls, can also help you monitor and control who has access to your network.
Improve vendor or partner security
According to a study, 60% of all data breaches happen via third-party vendors, which means your providers, partners, or any other of your security stakeholders must be part of your security improvement effort. To that end, a vendor risk assessment will help you identify and assess risks associated with your vendors. After that, you can work with them to mitigate those risks.