Healthcare Cyber Security Solutions
ACID Technologies helps healthcare providers protect themselves by detecting the first signs of an impending cyberattack – as early as in its planning stage, and providing real-time, detailed alerts that enable the targeted providers to implement effective preventive measures
Cybersecurity for the healthcare sector is critical
The healthcare sector is a prime target for cybercriminals and cyberterrorists due to the huge amount of sensitive PII (personal identifiable information) that this sector holds – cybercriminals can make up to US$ 1,000 per medical record sold on the dark web (Forbes, 2020) – and well as the critical need for constant availability of updated patient data in order to provide medical care.
The use of web-connected devices increases healthcare institutions’ vulnerability. In the specific case of this sector, cyberattacks can place lives at risk, in addition to severely disrupting routine operation and exposing patients’ most sensitive personal information. Moreover, while passwords can be changed and credit cards can be reset, health data remains valid forever, and can be used for identity theft, insurance and health care fraud and other criminal activities.
Healthcare systems are vulnerable also because not enough resources are placed at their disposal to detect and address cyberthreats. Only 5% of hospital IT budgets is allocated to cybersecurity, as reported by Becker’s Health IT. Only 22% of IT managers in the healthcare sector feel that they are given adequate funds to secure their systems, as revealed by Black Box Research and reported by Newswire. The same source also states that 86% of IT professionals in this sector believe that data attackers are outpacing their medical enterprises.
A Check Point Software Mid-Year Report released in 2022 revealed a 69% increase in cyber-attacks targeting the health care sector as compared to 2021. Cybersecurity Magazine claimed in 2020 that the health industry suffered twice to triple the number of cyberattacks than the financial sector. Forbes added that in the USA alone, attacks on US healthcare facilities in 2020 affected 17.3 million people, and resulted in 436 data breaches.
Cybercrime Magazine reported in 2020 that the global healthcare cybersecurity market is set to grow by 15% annually through 2025, reaching US$125 billion.
It is important to note that cybercriminals do not hesitate to exploit crises to their advantage. As early as in April 2020, the World Health Organization reported a five-fold increase in cyberattacks since the start of Covid-19 pandemic. A case in point is an attack that took place in March 2020, at the height of the Covid-19 pandemic, which targeted the Brno University Hospital in the Czech Republic – home to one of the country’s largest COVID-19 testing laboratories (ZDNet).
Rick Pollack, President and CEO of the American Hospital Association, wrote in an article published in October 2022: “The health care field continues to be a top target for cybercriminals. According to data from the Department of Health and Human Services (HHS), there has been an 84% increase in the number of data breaches against health care organizations from 2018-2021… In some cases, cybercriminals steal Social Security numbers and other personal data. Other breaches pose a direct threat to patient safety by shutting down or compromising medical equipment and systems that are critical to patient care.”
Fortified Health Security’s mid-year report for the first half of 2022 stated that the healthcare sector suffered 337 breaches in this six-month period alone, in which more than 19 million records were affected. HIPAA Journal revealed in November 2022 that the previous month was the worst month of the year to date for healthcare data breaches, with 71 breaches reported and more than 6 million records breached.
Insider threats are result in data breaches that can be extremely harmful to the healthcare organization, its patients and staff, even if they result from negligence and are unintentional – according to Ponemon’s 2020 Insider Threats Report, 61% of data breaches involving an insider can be classified as such.
Failure to implement the necessary measures to keep data safe can also cost healthcare organizations heavy penalties for noncompliance with HIPAA and GDPR requirements, in addition to the possible expense of replacing and/or upgrading their IT systems.
What are the Benefits of Healthcare Cybersecurity Solutions?
Cybersecurity solutions protect data
Cybersecurity for Healthcare providers allows you to safeguard data and prevent malicious parties from accessing it, ensuring that only authorized individuals can do so. It also helps
identify security gaps and systems requiring enhanced protection. Safeguarding medical data first and foremost enables healthcare organizations to operate smoothly and best serve their patients, while preserving their reputation and avoiding financial loss.
Safeguard your organization 365 days a year
Cyberattacks can occur at any moment, as cybercriminals are active 24/7/365. Adopting robust healthcare cybersecurity solutions protects your organization’s data and systems year-round, including after work hours and on weekends and holidays: 365 days a year of medical cybersecurity with comprehensive data and systems protection.
Medical cybersecurity helps your organization detect threats targeting your system or network from remote devices or systems. Many healthcare organizations work with individuals using IoT devices, through which a hacker can potentially access the central or host server.
Protection for your executives, staff, and patients
To supplement technological cybersecurity solutions, healthcare organizations would be well-advised to provide their employees with cybersecurity awareness training also covering common cyber threats, such as ransomware, DoS attacks, and phishing.
Dedicated cybersecurity solutions reduce risks associated with data storage on the cloud, third-party providers, and remote devices, to ensure compliance with HIPAA and GDPR requirements.
The main threats that cybersecurity for the healthcare sector must effectively address
Cybercriminals launch a diverse range of attacks against the healthcare sector. The main ones are described below:
As hospitals, health insurers and other healthcare organizations hold an immense amount of protected health information (PHI), payment information and other sensitive data, they are a particularly attractive target for ransomware attacks. Indeed, according to Black Book research, 73% of IT managers in the healthcare sector stated that their organization had suffered a ransomware attack. In such attacks, the cybercriminals gain access to the data, encrypt them and make them inaccessible to the medical staff. They can also gain access to medical devices and render them inoperable, severely disrupting, or even stopping the provision of services altogether. The data remains inaccessible until the ransom payment is transferred, with often within a tight deadline. A relatively new and concerning phenomenon is RaaS – Ransom as a Service – which is defined by Kaspersky as a business model whereby malware developers lease out ransomware and its control infrastructure to other cybercriminals; this means that the criminals no longer need to be experts to launch attacks.
It is not only the amount and nature of the data stored in healthcare institutions’ systems that draw cyber attackers to them; it is also the fact that these data breaches can result in harm to patients, and even loss of human life. Cybercriminals recognize that this could encourage the targeted organizations to quickly pay, despite the FBI’s strict directive not to do so. However, even when the ransom is paid, in many cases the cybercriminals fail to release the data (some of all) even after receiving payment, which means that the ransom payment itself is added to all other costs that the organization must spend in order to resume normal operation.
Cyber attacks on healthcare devices using unmanned aerial vehicles
This new, perhaps unexpected threat, was the topic of an article published in The Journal of Medical Systems in December 2019. Authors Sethuraman et al. state that the growing use of wireless technology in healthcare systems and devices makes them particularly vulnerable to cyber-based attacks, including denial of service and information theft via sniffing (eavesdropping) and phishing attacks. They add that evolving technology enables wireless healthcare systems to communicate over longer ranges, which exposes them to additional potential threats. Unmanned aerial vehicles (UAV) or drones present a new and evolving attack surface for compromising wireless healthcare systems. They specifically mention two new types of cyber threats: a steppingstone attack and a cloud-enabled attack. In a test conducted, the UAV successfully attacked a simulated smart hospital environment and also a small collection of wearable healthcare sensors
In a Structured Query Language injection attack a piece of SQL code is used to manipulate a database, with the aim of gaining access to data, and then modify, transfer or delete it. As most web applications and websites use SQL-based databases, this type of attack is particularly prevalent.
A 2021 Healthcare Information and Management Systems Society report stated that 71% of healthcare breaches originate in phishing attacks. These are most often launched via email, with messages increasingly appearing genuine to the common user. Once the link is clicked, the cybercriminal can easily gain access to sensitive and confidential information. One such phishing email was designed as a letter sent by the World Health Organization during the Covid-19 pandemic, with an attachment titled “My Health E-book.” One reason that phishing attacks via email are so successful is because cybercriminals invest efforts to make them, and the sites they direct to, very convincing, in view of the potential financial reward they can gain.
In Distributed Denial of Service (DDoS) attacks, the cybercriminals aim to overwhelm a network by sending more requests to the website than it can handled. By exceeding its capacity, it prevents the website from functioning properly, or at all. Although DDoS attacks do not involve data exfiltration, the disturbance they cause is harmful to healthcare organizations, and cybercriminals have been known to demand ransom in exchange for terminating the attack.
While healthcare organizations tend to direct their attention outward when taking action to protect themselves from cyberattacks and prevent data theft, insiders threats, which they often overlook, present a real threat as well. Verizon reported in 2020 that 48% of data breaches in healthcare facilities are committed by internal actors. With respect to HIPAA violations, insider threats can be classified into two main categories: negligent and/or insufficiently trained employees, and employees bearing a grudge against the organization and intending to cause harm. An analysis of past event shows, as reported in the 2020 Insider Threats Report released by Ponemon Institute, in 61% of data breaches attributed to insiders, negligent employees are the culprit despite having no ill will. That said, insiders will a malicious intent can be highly dangerous to the healthcare organization, when they have already been granted some access to networks and system, or are familiar with system configurations and vulnerabilities.
This is the abbreviated term for medical device hijack, in which the cybercriminals direct their attention and efforts at medical devices which are integrated with applications. If the integrations are not secure, they can be exploited to steal data until the breach is detected.
Recent cyberattacks that demonstrate the importance of effective cybersecurity for the healthcare sector
- Hospital websites: The websites of hospital across the USA were targeted in February 2023, resulting in disruptions. The pro-Russian hacktivist group KillNet, which had previously targeted healthcare organizations of countries supporting Ukraine, claimed credit.
- Sharp Healthcare: In February 2023, the largest healthcare provider in San Diego, sustained an attack in which the social security numbers, health records and health insurance data of close to 63,000 patients had been compromised.
- NextGen Healthcare: In January 2023, the electronic medical records company was the target of an apparent ransomware attack. The suspected attackers were the Russian group BlackCat. NexGen Healthcare reported that it had immediately contained the threat, secured its network, and returned to normal operations. Furthermore, it claimed that it had not uncovered any evidence of access to or exfiltration of client or patient data.
- André Mignot Hospital: A ransomware attack perpetrated in December 2022 against the hospital, located in a suburb of Paris, affecting its computer and phone systems. As a result, the hospital was forced to partially cancel operations, transfer some patients from its ICU and neonatal units to other healthcare centers, and to only accept consultations and walk-in patients.
- Medibank: In October 2022, Medibank, one of Australia’s largest private health insurers, detected unusual activity in its network, and confirmed it had been targeted in a ransomware attack. The stolen information included names, addresses, telephone numbers and claims data of about half a million customers. The attack, which was blamed on Russian cybercriminals, affected 9.7 million customers, both present and past, including 1.8 million international ones. CNN reported that the hackers initially demanded US$ 10 million, and later reduced the sum to US$ 1 for each customer, or a total of US$ 9.7 million, which Medibank refused to pay. Several weeks after the suspicious activity was first detected, the stolen information began appearing on the dark web, classified into categories, including, among others, abortions and “boozy”, which included persons who had sought help for alcohol dependency.
- Advocate Aurora Health: HIPAA Journal reported a data breach that occurred in October 2022, due to the use of Meta Pixel code on the website and patient portal of Advocate Aurora Health, a non-profit health care system which operates 26 hospitals and more than 500 sites of care. The breach resulted in the impermissible disclosure of the PHI of up to 3 million patients to Meta/Facebook.
- CommonSpirit: In late 2022, CommonSpirit, the second largest non-profit hospital chain in the USA, was targeted in a ransomware attack, forcing it to cancel appointment for medical procedures and take some of its computer system offline. Cyber Talk provided an example of the effect of this attack, in which a child brought to Des Moines Medical Center was mistakenly given five times the prescribed dose of pain medication as a result of the system being offline. This was but one example of the effect of the cyberattack on patients, in a system of 140 hospitals and more than 1,000 care sites in 21 states.
- Goodman Campbell: In May 2022, Goodman Campbell Brain and Spine, with 7 locations in the state of Indiana, USA, suffered a data breach. It revealed that the personal health information (PHI) of nearly 363,000 of its patients was posted on the dark web, where it remained accessible for 10 days.
- Aveanna Healthcare: In November 2022, Aveanna Healthcare, which provides home healthcare in 33 US states, agreed to pay US$ 425,000 to settle a lawsuit filed in connection with phishing attacks that were perpetrated in 2019. According to the Massachusetts Attorney General, Aveanna Healthcare failed to keep its data secure, and as a result, the protected health information (PHI) of more than 4,000 patients was compromised, including diagnoses, treatment records and medications prescribed, as well as financial account numbers, driver’s license numbers and social security numbers.
ACID’s cost-effective cybersecurity for the healthcare sector
In its annual Cost of Data Breach Report covering the period March 2021 to March 2022, IBM reported that the average cost of a data breach for a healthcare organization is more than US$ 10 million – a 9.4% increase from the corresponding period the previous year. The healthcare sector continues to suffer highest breach-related damages for the last 12 years.
ACID offers an exceptionally cost-effective solution that helps healthcare organizations protect themselves from cyberattacks, keep the sensitive data stored in their databases safe, their services and medical devices running smoothly, their patients safe from the effects of compromised data and unlawful access to systems, and potentially avoid serious financial and reputational harm.
ACID deploys clusters of bots and implements advanced AI algorithms in order to detect the first signs of an attack in the clear, deep and dark web, as well as in multiple other sources, as early as in its initial planning phase. Once such signs are detected, ACID alerts the targeted organization in real time, providing all the available information – including screenshots of threats detected on the dark web, which clients may be reluctant or incapable of accessing themselves. ACID continues to monitor the sources, using client-specific keywords in several languages, and provides updates with any additional data as it becomes available. While ACID regularly scans a very large number of sources, if the client wishes to add additional ones that are particularly relevant for it, this possibility is offered as well.
Additionally, ACID conducts widespread monitoring activities to detect any stolen data that may be offered for sale, indicating that the organization has already been breached, to enable it to take appropriate action.
ACID detects cybercriminals’ plans to attack healthcare organizations, most often to steal confidential PII data and hold them for ransom. By providing advance warning of impending attacks, we allow the targeted institutions to take appropriate action in order to continue their important, lifesaving work uninterruptedly or mitigate disruption. The detection of indications that a breach that has already taken place enable the targeted organization to plug the breach and mitigate the harm.
ACID helps healthcare organizations avoid the theft of patients’ PII and the associated regulatory fines, ransom payments, and often, the heavy recovery costs required to resume normal operation and improve IT system protection, and also to avoid costly class-action lawsuits.