Healthcare-Based Cybercrime Is On The Rise

If you’ve been working in the healthcare sector for more than a decade at least, then you know how much technology has changed the world over that time.

The way you store and access health care information, the use of interconnected medical devices, etc. – it has all contributed to a higher quality of care, benefitting both the healthcare professional and the patient.

However, just as technology helps the healthcare industry through the convenience of data storage and access, it also presents serious cybersecurity risks.

To put it simply: the easier it is for you to access Protected Health Information (PHI), the easier it is for cybercriminals to do so as well. Don’t make the mistake of assuming that just because you’re not a major hospital or more active medical practice that you aren’t a potential victim – data is data. If you’re an easy target, cybercriminals will find you.

If you want to take advantage of the benefits that modern healthcare technology has to offer, then you have a responsibility to make sure it’s properly secured against today’s more common cybercrime threats.

Unfortunately, throughout the industry, that doesn’t appear to be the case…

The Rise Of Cybercrime In The Healthcare Sector

FireEye researchers have noticed an increase in targeted attacks against healthcare organizations that house large amounts of valuable patient data. This is opposed to the conventional “wide-net” approach to cybercrime attacks, which are more opportunistic, targeting as many organizations as possible and hoping for the best.

These hackers are using credential theft malware, ransomware, extortion campaigns, and cryptomining to execute these attacks. Over the past two years, many databases associated with healthcare have been put up for sale on the dark web, as well as the sale of access to healthcare systems in these markets.

“On Feb. 6, 2019, on a popular Russian-language forum, ‘Jendely’ advertised access to a U.S.-based medical institution,” noted FireEye in their report. “According to the advertisement, the actor obtained the domain administrator’s access to the network consisting of 3,000 hosts. The access is being auctioned for $9,000–$20,000.”

Not long after that, a US healthcare organization was hit with malware, an attack that is suspected to have originated in China. FireEye determined that this was not the first time that the victim was targeted by that group.

This all confirms the suspicions of cybersecurity experts watching the healthcare industry – attacks are on the rise, and they’re becoming more targeted and more likely to reoccur. In fact, organizations in the healthcare industry are the third most likely to be hit again after an original cyber-attack.

How Can You Protect Your Practice?

1. Anti-virus Software

Antivirus software is used in conjunction with a firewall to provide defense against malware, adware, and spyware. Each of these cybercriminal tactics has the potential to do immense damage to internal processes and a company’s reputation. The job of antivirus software is to spot, block, and isolate intrusive, malicious applications so they can’t do damage to your data and legitimate software.

Antivirus is installed to protect at the user level, known as endpoint protection, and is designed to detect and block a virus or malware from taking root on a user’s computer, or worse, accessing a network to which the user is connected.

If a user encounters a threat, the antivirus software detects the threat and blocks it using a string of text – an algorithm – that recognizes it as a known virus. The virus file tries to take one action or sequence of actions, known to the antivirus software, and the algorithm recognizes this behavior and prompts the user to take action against suspicious behavior.

2. Firewalls

Your firewall is your first line of defense for keeping your information safe.

A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.

A firewall inspects and filters incoming and outgoing data in the following ways:

    • With Packet Filtering that filters incoming and outgoing data and accepts or rejects it depending on your predefined rules.
    • Via an Application Gateway that applies security to applications like Telnet (a software program that can access remote computers and terminals over the Internet, or a TCP/IP computer network) and File Transfer Protocol Servers.
    • By using a Circuit-Level Gateway when a connection such as a Transmission Control Protocol is made, and small pieces called packets are transported.
    • With Proxy Servers: Proxy servers mask your true network address and capture every message that enters or leaves your network.
    • Using Stateful Inspection or Dynamic Packet Filtering to compare a packet’s critical data parts. These are compared to a trusted information database to decide if the information is authorized.

3. Two-Factor Authentication

Two-Factor Authentication is a great way to add an extra layer of protection to the existing system and account logins. 45% of polled businesses began using 2FA in 2018, compared to 25% the year prior.

By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re better able to make sure that the person using your employee’s login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.

There are three categories of information that can be used in this process:

    • Something you have: Includes a mobile phone, app, or generated code
    • Something you know: A family member’s name, city of birth, pin, or phrase
    • Something you are: Includes fingerprints and facial recognition

So what are the benefits of a Two-Factor Authentication solution?

    • Bring Your Own Device: In today’s modern business world, more and more employees prefer to do at least some of their work through their mobile devices, which can present a serious security risk. However, with an MFA solution, you can enroll new employee devices in minutes, given that there’s no need to install an endpoint agent.
    • Convenient Flexibility: A Two-Factor Authentication solution won’t force you to apply the same security policies to every user in the company. Instead, you are given the capability to specify policies person by person or group by group.

4. Data Backup

Do you have a data backup policy in place?

If not, then you’re vulnerable, right now, to ransomware.

Ransomware has quickly become one of the biggest cyber threats to businesses today – remember the Wanna Cry epidemic that infected hundreds of thousands of IT systems in more 150 countries?

That was ransomware, and it could happen to you too. Unless that is, you get a data backup solution put in place.

If you have you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.

That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.

Be sure to:

    • Back up data on a regular basis (at least daily).
    • Inspect your backups to verify that they maintain their integrity.
    • Secure your backups and keep them independent from the networks and computers they are backing up.

5. Encryption

In layman’s terms, encrypted data is formatted in a secret code that would be meaningless if intercepted. It is one of the most efficient ways to secure a database given that decryption can only occur through a key, which is essentially a “secret password”. In this case, there is a need for updated encryption software to ensure that private information is only accessible through the database program.

Encryption technology is a great way to protect important data. By making data unreadable to anyone who isn’t supposed to have access to it, you can secure files stored on your systems, servers, and mobile devices, as well as files sent via email or through file-sharing services.

6. Virtual Private Network

One of the most proven techniques to make sure your data is safe is to use a virtual private network (VPN), which will give you back control over how you’re identified online. A VPN creates a secure tunnel for your data to transit the Internet, using a network of private servers.

When you use a VPN, your data is encrypted, or hidden, as it moves from your device to the VPN and then continues onto the Internet through what’s called an exit node. A VPN creates the appearance that your data is coming from the VPN server, not from your device.

That makes it harder for an attacker to identify you as the source of the data – no matter whether you’re on your mobile device’s data connection, or using an unsecured retail Wi-Fi network while you’re in line for coffee. Even if attackers can intercept your data, the encryption means the attackers can’t understand your data or use it to their advantage.

When you put your data out to the VPN server, it exits back out to the public internet. If the site you’re visiting has HTTPS to keep the connection safe, you are still secure.

Don’t make the mistake of assuming your healthcare organization is low-profile enough to avoid a cybercriminal’s crosshairs. As explored above, your practice is a high-value target because of the data you store, no matter your size. If you’re an easy target, they will find you.

Like this article? Check out the following blogs to learn more:

What You Need to Know About Moving Your Health IT System to the Cloud?

Intuitive Scheduling: The Missing Link for a Happy Office

3 Stories of Healthcare Business Associate Data Breaches Will Shock You