[BreachExchange] Nine reasons healthcare is the biggest cyberattack target

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 29 18:58:10 EDT 2018


The healthcare industry is at risk. Organisations are becoming increasingly
susceptible to online attacks - threatening day-to-day work and
compromising confidential patient data.

Long, busy days mean healthcare staff don’t have the time and resources to
educate themselves about online risks. The potential disruption caused by a
complete overhaul in online security is just too big for a lot of
organisations to even consider.

Healthcare leaders are ready to increase spending on cybersecurity. But
with new threats uncovered every day, it’s difficult to know where an
organisation would be better off investing their budget. High demand for
patient information and often-outdated systems are among the nine reasons
healthcare is now the biggest target for online attacks.

1. Private patient information is worth a lot of money to attackers

Hospitals store an incredible amount of patient data. Confidential data
that’s worth a lot of money to hackers who can sell it on easily – making
the industry a growing target.

These organisations have a duty to protect their patients’ personal
records. With GDPR coming into play this year, it’s becoming increasingly
important for hospitals to keep their information secure.

Financial penalties - whether they be fines for not cooperating with GDPR
or paying to retrieve their data from ransomware - are a real and alarming
thought for a healthcare industry that’s already struggling with financing
daily work demands.

IT professionals are realising that the cost of securing their data with
solutions like multi-factor authentication (MFA) is far less than the
pay-out from ransomware or similar attacks. MFA is a solution that requires
more than one piece of information to identify a user and then generates a
one-time password on each login session. This makes it a lot harder for
hackers to steal passwords and other information.

2. Medical devices are an easy entry point for attackers

There aren’t many downsides to innovations in healthcare technology these
days. Medical devices like
x-rays, insulin pumps and defibrillators play a critical role in modern
healthcare. But for those in charge of online security and patient data
protection, these new devices open-up more entry points for attacks.

Medical devices are designed for one purpose – like monitoring heart rates
or dispensing drugs. They’re not made with security in mind. Although the
devices themselves may not store the patient data that attackers pursue,
they can be used to launch an attack on a server that does hold valuable
information. In a worst-case scenario, a medical device can be completely
taken over by hackers, preventing healthcare organisations from providing
vital life-saving treatment to patients.

Hackers know that medical devices don’t contain any patient data
themselves. But they see them as an easy target, lacking the security found
on other network devices like laptops and computers. Threats against
medical devices can cause problems for healthcare organisations – giving
hackers access to other network devices, or letting them install costly
ransomware. Keeping network devices secure wherever possible, helps to
limit the damage that could be caused by an attack on medical devices.

3. Staff need to access data remotely, opening-up more opportunities for

Collaborative working is key in the healthcare industry, with units working
together to provide the best solution for every patient. Those who need to
access information aren’t always sat at their desk – often working remotely
from different devices.

Connecting to a network remotely from new devices is risky, as not all
devices will be secure. Additionally, healthcare staff aren’t often
educated in cybersecurity best practises. It’s crucial that compromised
devices don’t get access to the network, as just one hacked device can
leave a whole organisation wide open.

One option for organisations that have staff working across devices is
risk-based authentication (RBA). This solution makes risk analysis simpler
by letting IT staff set up policies that determine the risk of a given
device based on factors like the user, their location and more. Any unusual
activity is then flagged to make sure that sensitive patient data is never
exposed to unsafe devices.

4. Workers don’t want to disrupt convenient working practises with the
introduction of new technology

Healthcare staff are some of the busiest and most in-demand in the country.
They work long hours and to tight deadlines – which means they simply don’t
have the time or resources to add online security processes to their
workload. Medical professionals need slick working practises with minimal

Any cybersecurity measures placed on healthcare organisations need to
consider the impact they may have on current working practises. IT staff
should try to align security measures with existing software. There are
plenty of authentication solutions available that work seamlessly with
software like Office 365, meaning medical staff can perform their daily
tasks without distraction.

Using Single Sign-On (SSO) solutions means authorised users can access
multiple applications using just one single set of login information –
keeping their working routines quick and simple, without compromising
security. Frictionless solutions like SSO and RBA offer effective
protection against online threats without disrupting the way people work.

5. Healthcare staff aren’t educated in online risks

Medical professionals are trained to deal with a lot – but education in
online threats is not in their schedule. Budget, resources and time
constraints mean it’s simply not possible for all healthcare staff to be
fluent in cybersecurity best practice.

Cybersecurity solutions are complex, but their interface needs to be
simple. Medical staff require a secure network that is quick and easy to
access. And they need the peace of mind of knowing patient data is
protected, so they can focus on their jobs. Solutions like MFA and SSO are
becoming more popular as they simply use a secure one-time code – adding
extra layers of security that don’t require the user to know anything more
than their own login credentials.

6. The number of devices used in hospitals makes it hard to stay on top of

Modern healthcare organisations are responsible for massive amounts of
patient data, plus an extensive network of connected medical devices.
Larger organisations can deal with thousands of medical devices - all
connected to their network, and each one acting as a potential threat for

Healthcare staff are often too busy to stay educated on the latest threats
to devices, leaving IT specialists with the task of protecting an entire
hardware network against attacks. If just one device becomes compromised,
it opens the whole network up to data breaches and medical device hacks.

There is a need for healthcare professionals to be able to manage their own
devices to an extent - freeing up IT specialists to deal with wider IT and
security issues within the network. Some MFA solutions offer a self-service
portal, which allows users to reset security PINs and more by themselves,
helping to lighten the workload on the support desk.

7. Healthcare information needs to be open and shareable

Confidential patient data needs to be accessible to staff, both on-site and
remotely, and on multiple devices. The typically urgent nature of the
medical industry means staff need to be able to share information
immediately - there’s no time to pause and consider the security
implications of the devices they’re using.

The worry for IT staff is that the devices used to share information are
not always protected. They can’t always be there to assess the credentials
of every device, especially in a time-critical environment. Users accessing
data remotely will only need privileges for the tasks they’ll need to
perform. So, if they’re just checking their emails, they won’t need to have
full admin account privileges. Precautions like this limit the chance of
admin accounts becoming compromised.

Any solution that can save time and money by automatically regulating user
permissions, without putting patient data at risk, is a must-have for
healthcare companies. MFA solutions prevent attacks from compromised
credentials or unauthorised users to ensure only the right people can
access sensitive data.

8. Smaller healthcare organisations are also at risk

All healthcare organisations are at risk from online threats. Large
enterprises hold the most amount of data – representing the biggest bounty
for attackers and placing them as common targets. But smaller enterprises
have smaller security budgets. And less complex and up-to-date
cybersecurity solutions mean smaller enterprises are often seen as an easy
target, and as a backdoor-access opportunity to target larger enterprises.

Effective cybersecurity solutions have become a must for all sizes of
healthcare organisation, as they’re all in charge of sensitive patient
data. Healthcare leaders are becoming more aware of the need to increase
spending on cybersecurity – and there are plenty of solutions out there
that are scalable to different business sizes. MFA solutions provide extra
layers of security to your devices, using a combination of user passwords
and one-time information that work for your company, and prevent attackers
from stealing login information.

9. Outdated technology means the healthcare industry is unprepared for

For all the incredible advances in medical technology in recent years, not
every aspect of the healthcare industry has kept pace. Limited budgets and
a hesitancy to learn new systems often mean that a lot of medical
technology is becoming outdated. Hospitals using systems that still release
system updates should keep all software equipped with the most recent
version. These usually contain bug fixes to keep systems fairly secure.

But eventually, software will become end-of-life, and vendors will stop
providing updates. Where it's not possible to upgrade to different, more
secure software – or where medical staff simply don't want the hassle –
it's possible to minimise the risk of cyberattacks by adding extra layers
of security. If one system is compromised then an MFA solution can limit
the lateral movement of an attacker through the network, as they won’t be
able to log-in to other protected systems.

Healthcare organisations have a responsibility to react to the latest
online threats to keep their patient data secure. It’s important to
allocate a budget and invest in the right solution for your enterprise.
Consider how your staff like to work and keep on top of new threats as they
emerge - before your systems become outdated and you struggle to protect
all your devices.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180529/b3a3bec5/attachment.html>

More information about the BreachExchange mailing list