Healthcare organisations across the globe and in Australia are fighting a losing battle, as insider threats and cyber criminals intent on gaining unauthorised access to patient medical records continue to threaten an industry that is struggling to protect critical patient data.
Recently it was revealed that Eastern Health which manages Box Hill and Maroondah Hospitals in Victoria’s eastern suburbs was a victim of mystery cyberattack.
And earlier this year, the Melbourne Heart Group, a specialist cardiology unit at Melbourne’s Cabrini Hospital was attacked by a cybercrime syndicate. The healthcare provider had the medical files of about 15,000 patients compromised and received a ransom notice to be paid in cryptocurrency before a password would be provided to break the encryption.
Without a doubt, healthcare organisations generate swathes of data that has the potential, if in the right hands, to help patients better control their own health outcomes while enabling health professionals to take better care of their patients. However, in the wrong hands this data can have devastating consequences, putting individuals and healthcare providers at risk. In fact the potential, real-world effect these attacks can have is substantial. You only have to look at both the WannaCry and NotPetya ransomware attacks of 2017 to see the devastating impact as these cyberattacks crippled computers in hospitals across the UK.
Cyberattacks cause chaos and disruption for Australian healthcare organisations
Cyber attackers have the ability to access, steal and sell patient information on the dark web. Beyond that, they have the ability to shut down a hospital’s access to critical systems and patient records, making effective patient care virtually impossible. And, with increased adoption of medical and IoT devices, the surface area for healthcare attacks is becoming even larger. The problem has been further compounded by limited cybersecurity staffing and stagnant cybersecurity budgets in the industry.
An audit by the Victorian Auditor-General’s Office (VAGO) found that patient data stored in Victoria's public health system is highly vulnerable to cyberattacks, and many health agencies have low risk awareness of the security flaws.
The report found deficiencies in how health services manage user access to digital records and weaknesses in users’ physical security and in their logical security, which covers password management and other user access controls.
The silver lining has been that awareness of the problem has never been higher. While the industry has traditionally lagged when compared with, say, finance or retail, the healthcare ransomware attacks of 2017 acted as a stark reminder of the impact such attacks can have.
Healthcare cyber heists in 2019
A recent research report in collaboration with 20 of the industry’s leading healthcare CISOs to investigate the state of cybersecurity in the healthcare industry found that almost all (83%) of surveyed healthcare organisations said they’ve seen an increase in cyberattacks over the past year. And 66% of the respondents said their organisation was targeted by a ransomware attack, with 66% saying that all attacks have become more sophisticated. Nearly half (45%) said they’ve encountered attacks where the primary motivation was destruction of data.
Below are our five key recommendations that for healthcare organisations to help in their fight against such cyberattacks:
- Increase endpoint visibility. With the growing sophistication of attacks, CISOs need to look at any connected asset as a potential target. This includes electronic medical record systems, medical devices, payment processing systems, and more.
- Establish protection from emerging attacks. With the potential attack surface growing and evolving quickly, healthcare organisations need to stop as many attacks as possible before they breach the network perimeter. This means leveraging a variety of technologies from whitelisting to streaming analytics to behavioural prevention.
- Run automated compliance and vulnerability assessments. With the risk of supply chains being attacked and subsequently compromised, CISOs should be auditing systems regularly and establishing remediation steps across all their security infrastructure.
- Work with healthcare-focused MDRs if needed. There are a variety of managed detection and response service providers out there who specialise in the unique challenges faced by healthcare organisations. When resources are short, these shops can quickly improve your security posture.
- As always, backup your data. Destructive attacks, including ransomware, don’t need to destroy your business. Employ best practices for data backup to ensure your data is never at risk.
Prevention is the best cure
In healthcare, prevention often stands to be the best cure. This holds true for both physical and digital health. A person’s digital (and often physical) health can be directly tied to the cybersecurity posture of their healthcare providers. Good posture means patient data and healthcare infrastructure systems are in a robust state and can do their job with low risk of disruption, while poor posture risks interruptions to patient care and loss of critical personal data.
And, for these healthcare providers, it appears some progress is being made. Regular education of employees, greater awareness of modern threats and the prospect of building out larger threat hunting teams can all go a long way in helping to curb attacks. It does not appear that the volume and frequency of attacks will be abating anytime soon. Therefore extreme vigilance among healthcare security teams will be required to help stem the tide in 2019 and beyond.
Rick McElroy is head of security strategy for Carbon Black.