Healthcare has been one of the leading industries in adopting new technologies. But when it comes to cybersecurity, it has lagged behind the others and has been sluggish in detecting and preventing threats. In 2021, the number of patients and medical-insured people increased exponentially due to Covid 19. As a result, more than 40 million patient records were exposed this year, according to the US Department of Health and Human Services, setting a new high for healthcare data breaches.
The number of data breaches is increasing year over year. According to the HIPPA journal, a total of 59 healthcare data breaches impacting over 3.5 million PHI records were reported in October 2021 alone. While these were just the reported numbers, numerous healthcare data breaches go unreported. Ransomware, malware, and compromised email accounts were the most used cyberattacks to carry out these breaches. This is because the lack of awareness and user training has made it easier for the adversaries to carry out these attacks and lure the victims into clicking on a link or downloading software.
With the rise of IoT-wearables adoption, healthcare providers now have to secure more connected medical devices than ever before. On the other hand, attackers are taking this as an opportunity to use innovative tactics to access sensitive data without being detected. For many devices and the resulting enormous attack surface, adversaries are developing sophisticated tools and techniques to penetrate healthcare systems to gain data access and block it and networks to demand ransom. In the worst case, if the ransom is not paid, the threat actors have released a part or entire data on the dark web.
Amidst spreading awareness for Covid-19, attackers are trying to gain access to email servers by sending phishing emails to employees. A considerable amount of sensitive data is often stored in email accounts. This can be easily stolen if employees fall prey to phishing emails. During analysis, it is found that employees in some companies have stored data in email accounts where no countermeasures are established to secure the email servers. It leads us to believe that we should use an encryption technique to safeguard the environment.
The most talked-about attack at the start of the year was the “Florida Healthy Kids Corporation” website. It affected around 3.5 million pieces of data of numerous website members who have enrolled in children’s health insurance programs since 2013. The attack was conducted by leveraging an unpatched vulnerability. The adversaries stole data including Social Security numbers, dates of birth, names, addresses and financial information of both applicants and enrollees. According to the investigation, the vendor failed to apply and update security patches to its software. Thus, the website was exposed to vulnerabilities ultimately exploited by hackers.
Another major attack occurring in the mid of 2021 was a ransomware attack on St. Joseph’s/Candler Health System. It endangered the information of 1.4 million patients and took the network offline for several days. An investigation found that the incident resulted from a third-party getting unauthorized access to SJ/C’s IT network since December 2020. It also confirms that after gaining access to the network, the attacker initiated a ransomware attack, making the files on the victim’s systems inaccessible.
Also, an Ohio-based DNA testing firm, DNA Diagnostics Center (DDC), suspected and confirmed a cyber-attack at the start of December 2021. The adversaries acquired data files from an archived database between May 24, 2021, and July 28, 2021. After conducting an investigation, it was confirmed that the exfiltrated files comprised data including names, credit/debit card numbers, CVV numbers, financial account numbers, Social Security numbers, and platform account passwords.
How Can You Secure Yourself Against Such Attacks?
- Keep all software patches and the Operating System updated
- Deploy Endpoint Protection software for all devices and update it to map against all recent threat signatures and tactics used by adversaries
- Ensure round-the-clock security monitoring for proactive threat detection and real-time response
- Establish a data backup plan for all systems holding and using critical and sensitive data, and perform a DR (data recovery) drill for the same to ensure it is capable of restoring data
- Provide access on a “need to know” basis to restrict unauthorized access or prevent the download of any unwanted software.
- Enforce multi-factor authentication on all accounts and devices
- Educate employees by providing awareness training about phishing attacks and how to ensure macros are disabled while downloading email attachments
- Ensure your employees are aware of the latest techniques used by threat actors, and they can immediately report malicious behavior
To carry out a ransomware attack, cybercriminals usually hide in a compromised network for an extended period. During this time, they steal files and download them to their server. Once this is finished, they will launch ransomware to encrypt the system. Hence, continuous security monitoring, threat hunting, and incident response are a must to prevent threat actors from hiding in the network and launching an attack. Managed Detection and Response (MDR) services combining Machine Accelerated Human Intelligence-based platforms increase the potential for detecting and preventing a breach at a very early stage. MDR services leverage technologies that include EDR, SIEM, and SOAR.
How Can SharkStriker Help to Secure Your Organization?
Vulnerability Assessment and Penetration Service: As a part of our vulnerability assessment process, we will use assessment tools to identify existing and potential vulnerabilities across your IT infrastructure. These systemic flaws can leave your organization exposed to both known and unknown threats such as ransomware, malware, and more.
On the other hand, a penetration test will identify and detect flaws in the systems and try to exploit them to demonstrate the damage and consequences it could have if a real attacker exploits it.
When done as a combination, VAPT (Vulnerability Assessment and Penetration Test) offers a drill-down view on all potential flaws. It acts as a scanner to scan and find flaws across systems. Thus, you can use the results as key metrics to enhance your organization’s security based on the potential and impact each flaw can have on your IT system.
Firewall Services: SharkStriker offers remote firewall installation services where you can deploy and configure firewalls remotely. This is done by experts who can solve initial setup and configuration challenges and ensure the best setup. By firewall monitoring and assessment service, you will get fully managed, and cloud-hosted SIEM monitored and maintained by 24*7 SOC team, firewall update, and policy management that can help you guard against any ransomware attack. It will also provide a firewall audit.
Managed Services: Managed Detection and Response from SharkStriker covers the entire attack life cycle wherein protection is mapped to the MITRE Att&CK Model. The SOC team can detect ransomware before encryption occurs through continuous monitoring and comprehensive rules. It has a phishing prevention module that can block the execution of malicious documents. By automated response, MDR can detect or quarantine any malicious activity before infecting any system or network.
There’s no denying that the number of attacks on healthcare systems will continue to rise due to the hefty ransom attackers can get with it. This can be controlled, and healthcare data breaches can be prevented only with the help of 24/7 monitoring, machine-accelerated threat detection, and automated response. Utilizing managed cybersecurity services such as Managed Detection and Response, Managed SIEM, VAPT, etc., can offer these capabilities alongside a 24/7 SOC team to protect healthcare institutions.