Data breach is a pressing concern in the healthcare industry because their size and frequency are expanding rapidly. PII ( Personally Identifiable Information) and PHI (Protected Health Information) are managed by almost every unit in the hospitals and are a treasure trove for hackers as it carries confidential information about the patients. Most hospitals and healthcare facilities are focused on providing patients services but pay less attention on handling these data securely. Cybercriminals take advantage of this and exploit hospitals’ data by targeting their billing systems, hospital equipment, pharmacies, insurance systems, laboratories, health portals, and even ambulance services. As per World Economic Forum, healthcare cyber attacks are on the rise, experiencing an average of 1684 attacks per week.
On top of it, hospitals are undergoing a massive transformation in their operations due to the digital revolution, but along with it, the cyber-threats are also evolving, which is a completely new challenge for the hospital industry. Data theft in hospitals and healthcare organizations has become pervasive, and it is essential that experts take a proactive approach to stop them.
This news story reflects the latest events of cyber attacks in the healthcare industry, techniques used by hackers for data breaches, and the best approach to control the cyber-attacks, including the latest technologies and solutions like hospital management software.
Current Cyber Attacks Trends In HealthCare Industry
- Email phishing: It is a form of social engineering where hackers impersonate legitimate organizations to steal information via emails.
- Automated hacking: In automated hacking, cybercriminals use automation tools to find the vulnerability in the network or system, and once identified, they exploit the system. For instance, a tool called Shodan indexes data from any device connected to the internet, like webcams, mobile phones, IoT devices, etc. This data give details on whether the devices or servers connected to the network are protected or not. Likewise, there are other automation tools that work differently and retrieve information that could be beneficial for hackers, such as the number of open ports, outdated server software, flaws in the network, reading or writing data over unsecured networks, etc.
- Ransomware and Cryptojacking: Ransomware is a type of malware where the victim's information is encrypted, and hackers demand ransom to decrypt this information. The most popular ransomware was WannaCry, which affected 200,000 computers in at least 100 countries. In Cryptojacking, cybercriminals take control of the host computer to mine cryptocurrency.
- AI-based hacking: Cyber criminals are taking advantage of AI’s capabilities to self-learn and identify data patterns. These capabilities can be used by hackers to study the weakness in the system, design intelligent malware, conceal malicious codes, password guessing or password generative adversarial network, create deepfake data, captcha cracking, etc. Recent development in AI-based tool like ChatGPT provides a new gateway for bad actors to exploit victims’ system. They use ChatGPT to perform cryptographic operations (signing, encryption, or decryption function) and recreate malware strain. As per Statista, hackers might use ChatGPT to craft more legitimate phishing emails and could help less experienced hackers to improve their technical knowledge.
- Malware: Malware encrypts computers, mobile devices, or other medical devices where patients' data are stored and demands payment to release the data.
- Lost or theft of equipment: Lost or theft of equipment is a common threat in the healthcare industry. Hackers can retrieve data from this equipment and use them for monetary gain.
- Hack PGHD (Patient-Generated Health Data) apps: The use of PGHD (patient-generated health data) has become a common practice in the healthcare sector with the increasing demand for mobile apps. Mobile health apps and wearable devices generate the majority of PGHD, so health apps always remain on the hackers’ radar. They usually target the app’s API to hack the patients’ data.
- Insider or intentional data loss: These types of attacks are usually executed by internal staff members, partners, or contractors to steal data, also known as turncloaks.
- Attacks against connected (IoT) devices: Unprotected IoT devices are easy prey for hackers, which includes VoIP devices, medicine dispensers, MRI machines, IV pumps, security cameras, etc.
- As per the “The Health Insurance Portability and Accountability Act” - HIPAA journal, hacking/IT incidents are the major cause of PHI data theft in HIPAA-regulated entities, and it also states that network server is the top target for cybercriminals to steal data, followed by email, electronic medical record, desktop computer, paper/films, and other portable electronic devices.
- The healthcare industry remains a top target for cybercriminals. Growing digitization of the patient and medical records is equally contributing to the growth of the criminal exploitation of healthcare data.
- The healthcare sector has recorded three times more data breaches than any other sectors, including education, finance, retail, and government.
- It has been estimated that lost or stolen PHI ( Protected Health Information) may cost the US healthcare industry upto $7 billion dollars annually.
- More than 4 million individuals were affected during the data breach of the Miami-based healthcare system and reported as the largest data breach so far.
- A California-based medical group revealed that their data had been exposed to a ransomware attack affecting over 3.3 million individuals.
- IBM’s report on data breaches indicates that the cost of a data breach in the healthcare industry is around $10.10 million dollars becoming the most costly of any industry.
- To prevent hackers from data theft or disclosing individually identifiable health information, OCR enforced monetary fines for HIPAA policy violations that range from $100 to $50,000 per violation or per record. The maximum penalty is $1.5 million.
- The federal record stated that around 385 million patient records exposed 385 million patients from 2010 to 2022.
- Reportedly, the largest data breach incident in the United States was the Accellion FTA Hack, where nearly 3.51 patients’ records were hacked.
- In its report, HIPAA stated that hackers are increasingly using cloud-based apps to bypass security standards and deliver malware.
How did we get here?
#1 How are Hospitals Becoming Top Targets for Hackers, and Why Neutralizing the Attacks Is the Top-priority of Healthcare Organizations?
Hospitals and healthcare sectors are more susceptible to cyber-attacks due to the fact that it carries a high volume of sensitive data, including financial data like credit card numbers, online transactions, and bank account details. Either the computers are taken over by an anonymous attacker from a remote location, or the files in the system are exfiltrated. Besides these, the increasing trend of online consultation, telemedicine, healthcare apps, and digital healthcare services provides more gateways to cybercriminals to hack the system.
Cybercriminals are targeting hospitals’ data servers to steal patients’ personal information for monetary gains, but these intrusions have become more lethal with ransomware. Hackers controlling the servers interrupt the entire care facilities, like ventilators or other life-supporting medical equipment, which in many cases leads to catastrophic incidents, including patient death.
Patient’s data is more valuable on the dark web than their credit card or debit cards. It is sold 10 to 20 times more than credit card data. Unlike credit cards, patients’ data have a much longer lifetime and cannot be blocked. Also, it is evident that hospitals can’t stay long without patients’ data and are ready to pay the ransom. Due to this, it is the primary target for cybercriminals. Certainly, steps can be taken to prevent cyberattacks, but not before addressing some common challenges of it.
#2 Challenges Faced by Hospitals in Preventing Cyber-attacks
#3 Top Strategies to Prevent Cyber-attacks in Hospitals and Healthcare Systems
Proactive data breach response plan: Data breaches often result in patients’ loss of trust, which eventually cost millions of dollars to healthcare providers. In one of the surveys, Statista reported that the average cost of a data breach in the healthcare sector amounted to over 10 million U.S. dollars. It is possible to stop data breach attempts by taking simple precautionary steps. For instance, in the USA, HIPAA exercises a breach notification rule according to which physicians must notify patients and the U.S Department of Health & Human Services (HHS) when their unsecured protected health information (PHI) is disclosed. A comprehensive data breach response plan limits the incidents of cyber-attacks and works well in the most inevitable cyber attack like ransomware.
Document, review and test incident response plan: Dealing with security threats has become a mammoth task for most organizations as they are becoming more advanced and evolving continuously. A single line of defense is not enough to nullify these attacks and requires a comprehensive incident response plan to minimize the loss and destruction. A well-documented incident response plan that is regularly reviewed, tested, and updated can limit the number of incidents. NIST follows the most up-to-date standards and procedures to make organizations' IT infrastructure more secure by suggesting the best incident response plan. It defines the counter measures and security policies to neutralize the cyber attacks. It involves phases like planning and preparation, detection and analysis, prioritizing the incidents, containment and eradication, and recovery.
- Planning and preparation: In this stage, various activities are carried out like, an incident response team is established, security policies are created, communication channels get streamlined, and risk assessment is done.
- Detection: Attack indicators and precursors are identified through review logs and a threat monitoring system.
- Analysis and assessment: On a day-to-day basis, the cyber security team encounters hundreds of attack indicators, and they need to verify the real threat out of it. Once identified, the security team should analyze the threat - how it occurred, the origin of the threat, and the network or system is affected.
- Containment and Eradication: To reduce the impact of cyber attacks, it is necessary to contain the threat and eradicate them. All the infected systems are identified, and a containment decision is taken.
- Recovery: The administrator restores systems and ensures that everything is functioning well. Various steps in the recovery plan involve replacing infected files, installing patches, strengthening networks, backups, etc.
AI-driven endpoint detection and response system (EDR): Modern healthcare systems are interconnected through various devices and computers and work as a single unit. Most of these devices use wireless technology for communication and are susceptible to cyber-attacks. Endpoint security staff often struggle to investigate the cause of cyber attacks, and execute remediation steps, in such a situation, AI-driven EDR solutions can accelerate the threat detection possibility. EDR solution analyzes cyber threats in real time and automatically responds to them.
#4 How Can Hospital Management Software Help the HealthCare Industry Become Resilient Against Security Violations or Data Theft?
Hospitals and healthcare centers dealing with digital records should now follow compliance standards, security measurements, network controls and risk management to smoothly address privacy and cybersecurity issues. It is safe to follow the principle of Zero trust - Never trust, always verify approach, says the Center for Cybersecurity, as defined by Forrester and NST. Hospital management software is a versatile tool that assists healthcare organizations with patient registration to appointments and workforce management in a secured environment. The tool integrates with advanced technologies and automates several tasks that can support hospitals in protecting patients' data from cybersecurity threats.
The healthcare industry and hospitals have gone through unprecedented changes in their operation, but cybercriminals are continuously innovating their strategies and using novel techniques to target hospitals’ data and resources. With the threats continuing to evolve and nearly everything being connected digitally, it is necessary that the healthcare industry strengthen its IT infrastructure and redefine its strategies for cyber securities. Interestingly, the global healthcare cybersecurity market is indicated to touch USD 35.3 Billion by 2028. Along with the regulations and compliances, and having an incident response team, hospitals should invest in advanced technologies and software solutions that can predict, alert and help in combating modern cyber attacks, and build resilience to them.