Over the entire month of March of 2020 it has been reported that breaches related to healthcare have increased and this has affected millions of users, with many of the medical files of patients getting exposed. The HIPAA journals have exposed many such breaches towards healthcare organization. The motive is clear as to why it is happening one after another as per the reports, the vast amount of data can be used to obtain expensive medical services and prescription medications.
It is also important to remind that smart digital technologies such as IoT can make life easier and improve efficiency and IoT devices have been adopted across all industries to improve efficiency.
The proliferation of IoT medical devices (IoMT) will increase security vulnerability in hospitals and clinics in a proportionate manner. This means that a new paradigm is required in order to provide full threat prevention to these organizations. New checkpoint research revealed that Cloud, Mobile and IoT platforms, IoT devices were recently identified as one of the weakest links in an IT network.
The healthcare industry has adopted Internet of Medical things (IoMT) in a big way which is 87%. IoT devices are connected to many devices and increasingly collect huge amount of data, storing such data and are attractive targets for cyber criminals. Threat actors can move laterally across the network once they find east entry through IoT devices.
Check Point Research also highlighted the dangers this could pose by getting their hands on an ultrasound machine and investigating what takes place under the hood. They discovered the machine’s operating system was Windows 2000, a platform that, like most other IoMT devices, no longer receives patches or updates and thus leaves the entire ultrasound machine and the information it captures vulnerable to attack.
Highlights of Recent Healthcare Breaches
Cyber-attacks on hospitals occur on an almost weekly basis that’s what the research highlightened mostly for financial motive. The latest example being that of a ransomware attack on the Melbourne Heart Group which saw the hospital’s data scrambled by hackers and held to ransom. Other significant attacks seen last year include Singapore’s health service, SingHealth, suffering a massive data breach that saw the Prime Minister’s health records stolen followed by 1.4 million patient records stolen from UnityPoint a few weeks later.
As per HIPAA journal there were 39 reported healthcare data breaches of 500 or more records in February and 1,531,855 records were breached, which represents a 21.9% month-over-month increase in data breaches and a 231% increase in breached records. More records were breached in February than in the past three months combined. In February, the average breach size was 39,278 records and the mean breach size was 3,335 records.
The second largest breach was a ransomware attack on the accounting firm BST & Co. CPAs which saw client records encrypted, including those of the New York medical group, Community Care Physicians. Aside from the network server breach at SOLO Laboratories, the cause of which has not been determined, the remaining 7 breaches in the top 10 were all email security incidents.
The Minnesota-based senior care provider LifeSprk is notifying 9,000 of its clients that some of their protected health information was potentially compromised as a result of a November 2019 phishing attack. On January 17, 2020, Lifesprk discovered an unauthorized individual had gained access to the email account of one of its employees. The account was immediately secured and a third-party cybersecurity firm was engaged to investigate the breach.
AffordaCare Urgent Care Clinic, a network of walk-in clinics in Texas, has been attacked by the Maze ransomware gang. According to a recent report on DataBreaches.net, the hackers stole 40GB of data prior to encrypting files. Some of the stolen data was published online when AffordaCare refused to pay the ransom. The published data included patient contact details, medical histories, diagnoses, billing information, health insurance information, and employee payroll data.
The University of Kentucky (UK) has been battling to remove malware that was downloaded on its network in February 2020. Cybercriminals gained access to the UK Healthcare network and installed cryptocurrency mining malware that used the processing capabilities of UK computers to mine Bitcoin and other cryptocurrencies. The malware caused a considerable slowdown of the network, with temporary failures of its computer system causing repeated daily interruptions to day to day functions, in particular at UK healthcare.
Hospital Sisters Health System has recently discovered an email security breach in August 2019 potentially resulted in unauthorized individuals gaining access to access emails and email attachments containing the protected health information of 16,167 patients. Hospital Sisters Health System is a 15-hospital health system serving patients in Illinois and Wisconsin. Between August 6, 2019 and August 9, 2019, unauthorized individuals gained access to the email accounts of several employees. Prompt action was taken to secure the affected email accounts by changing passwords
The risk of a cyber attack on healthcare organizations is huge and could lead to loss and sharing of personal data, altering a patient’s medical information regarding medicine, dosages, etc and hacking of MRI, ultrasound and x-ray machines in hospitals. The critical nature of healthcare environments also means that many of those involved in the healthcare process often require immediate access to patients’ data across a large range of devices and applications.
Secure the Solution & Maintain Cyber Hygiene
The above mentioned security breaches highlights the importance of security posture adopted by health care organizations and there is still much that healthcare organizations can do to protect their patients’ data.
- Healthcare organizations must remain alert to the multiple entry points that exist across their network. There can often be hundreds of devices that are connected to the IT network and have security vulnerabilities in either the hardware of software used by such devices. Having essential and advanced prevention security solution in place to catch the inevitable attacks that will attempt to exploit these vulnerabilities. May be all vulnerabilities will be difficult to catch.
- Separating patient data from the rest of the IT network gives healthcare IT professionals a clearer view of network traffic to detect unusual movement that might indicate a breach or compromised IoMT device. Segmentation in this way would enable organizations to prevent data stealing or encrypting malware from propagating further across the network and instead isolating the threat.
- Finally, for healthcare personnel within the organization, access should be given to those personal who actually require systems to carry out their roles.
(Image Courtesy: www.cyberneticgi.com)