Data security has always been a key concern for healthcare organisations across the world. However, following a dramatic spike in attacks targeting the sector over the last few weeks it has once again risen to the top of the agenda within governments, businesses and the general public.
The most recent healthcare organisation to fall victim to cyber attackers was the Irish health system. The centralised Health Service Executive (HSE) — which provides and manages healthcare services for the Irish population — was targeted by hackers on the 14th May and has seen significant disruption since. In fact, ministers are now calling it ‘possibly the most significant cybercrime attack on the Irish State’. For many in the industry, this incident will have evoked strong memories of the WannaCry attack that spread rapidly through a number of computer networks in May 2017. It’s now believed that this ransomware affected at least 81 of the 236 NHS Trusts across England, either directly or indirectly.
Attacks such as these — that target healthcare data — can be extremely costly. In fact, Infoblox’s 2021 Healthcare Cybertrend Research Report discovered that worldwide data breaches alone cost more than $2 million for almost half (43%) of all healthcare organisations that experience them. Included within this figure is the cost of remediation as well as the significant operational disruptions that were mentioned as the greatest consequence of a cyberattack for around half of all respondents.
However, when it comes to attacks on healthcare organisations, there’s more than money at stake. The ability to put an entire country’s healthcare system on pause could be life threatening. This is why having an effective cyber security strategy in place is more important than ever for the sector, especially given that it is becoming an increasingly attractive target for attackers.
A changing landscape brings new challenges to data protection
It’s unsurprising that the healthcare landscape has had to undergo a drastic transformation over the last year. In order to respond to the COVID-19 pandemic and treat an influx of cases, whilst still continuing to deliver other life-services treatment and care, the delivery of healthcare services has changed at a global level. So too has the digital infrastructure that supports it.
The mass adoption of new technologies and services, such as telehealth, paired with the shift to home working, meant that healthcare organisations were forced to engage with more cloud resources than ever before. Whilst this shift was necessary in order to continue to deliver lifesaving services and treatment, it also exposed serious vulnerabilities in the handling and processing of healthcare data, such as protected health information (PHI).
As well as personal details — such as address, date of birth and contact information — PHI includes medical histories, previous test results and even insurance information. It plays an essential part in helping providers to determine the best course of treatment and effectively care for their patients. However, PHI is also highly prized by attackers, with Experian estimating the value of a healthcare data record at $1,000 on the dark web, compared to a credit card number’s value of $5. This is because healthcare data provides multiple types of monetisable assets, such as financial data, personal data and data that can be used for ransom attacks. PHI data is also highly valued by patients, doctors and healthcare systems alike — in the most serious instances, being able to access it could be the difference between life and death. Therefore victims are far more likely to pay up in the event of a ransomware attack, for example.
Regulatory penalties for failing to protect patient data can also be significant. In fact, the largest fine ever served to an NHS Trust by the Information Commissioner’s Office was around £325,000, after hospital hard drives containing PHI were sold on eBay. Whilst this event was caused by human error, the consequences of falling victim to a successful data breach or ransomware attack can be just as severe.
As cloud technology has become prolific, it has also become a prime target for cyber criminals looking to exploit PHI. This is something that is set to continue, with recent research from Infoblox discovering that healthcare professionals expect cloud vulnerabilities and misconfigurations, IoT attacks and attacks to manipulate data and statistics to be the top cyberthreats they will have to confront in the next 12 months.
Stopping attackers in their tracks
With PHI more valuable than ever before and the new cloud-centric environment expanding the attack surface even further, healthcare organisations need to shore up defenses and strengthen their infrastructure to ensure that they do not fall victim to new attacks from bad actors. A good place to start is with a layer of foundational security — such as that provided by secure DDI (DNS, DHCP and IPAM) solutions.
By augmenting visibility into network activities, no matter where devices are connected from, DDI can help healthcare organisations to take back control. This type of technology can plug the gaps that other tools miss and ensure that network security is extended from the core to the edge. This is particularly useful when you take into consideration just how many devices are used in a medical setting — from employee laptops to implanted medical devices such as pacemakers and telemetry systems to report patient information.
To add to this, 90% of malware touches DNS — the first D in DDI —when entering or leaving the network. This makes it a critical detection tool that can be used to pinpoint threats at the earliest stages and identify compromised machines. Ultimately, DDI enables IT teams at healthcare organisations to quickly detect and fix any vulnerabilities, no matter where they originate.
With cybercrime on the rise, it’s never been more important for healthcare organisations to shore up their digital defenses and strengthen their security strategies. The attack on the HSE is evidence alone that no organisation is immune and in order to avoid the potentially devastating data breaches and ransomware attacks of tomorrow, healthcare organisations need to act today. Failure to adopt a proactive approach to cyber security — which incorporates modern technologies like DDI — could be costly, both in terms of financial repercussions and in terms of human life.
Article by Keith Glancey, Systems Engineering Manager at Infoblox