Coker Connection Newsletter
Healthcare Cybersecurity Threats and Trends for 2018
- June 6, 2018
With cybersecurity attacks growing at an increasing rate, and new network and computer system vulnerabilities frequently being discovered, it is evident that healthcare cybersecurity threats are not going away. Regrettably, we saw more successful data breaches in 2017 than ever before, causing detrimental financial loss and legal consequences to the victims. The estimated total payouts and accumulated financial losses cost organizations over $5 billion, which is up from $1 billion in 2016. As information technology (IT) leaders it is beneficial to review in detail these past cases of successful data breaches to evaluate how the attacks occurred and, more importantly, how the organization could have prevented it. A critical element in defense against cybersecurity threats is to stay informed on the different types of attacks and the risks associated with them. As cyber-attacks continue to increase, it is also crucial that organizations stay current on the advancements in security standards and the tools that are available to protect their data and assets.
One major takeaway is to understand the role that the healthcare industry has in information security. Unfortunately, as cyber-attacks spread, the healthcare industry is a primary target. The Office of Civil Rights (OCR) reported that in 2017 healthcare organizations experienced over 300 breaches resulting in millions of individuals’ sensitive patient data being exposed or stolen. Technology has advanced the healthcare arena in so many ways to improve the efficiency of how practitioners and organizations share information and deliver treatments. However, because of the nature of the healthcare industry that hosts enormous amounts of sensitive patient data and their dependence on electronic medical records and systems, hospitals and health systems are highly susceptible targets with numerous risks. In 2017, of the top ten most massive cyber-attacks on healthcare organizations, 60% were a direct result of malicious software called Ransomware (https://www.hipaajournal.com/largest-healthcare-data-breaches-2017/). Over the past few years, ransomware has become a top priority and concern within the information security community, as the number of file-encryption malware that makes ransomware possible has risen significantly.
Ransomware is nothing new in the cybersecurity field; however, it has quickly become a leading threat. This type of malicious software works by encrypting all the system files that a computer relies on to work properly. Once infected, Ransomware can spread throughout an entire network to lock every single computer. This means that no computer on this network work, which can cause damaging financial consequences and operational downtime for any organization affected. This downtime consists of a complete halt to all business operations that require computer systems, which for the healthcare industry means no access to EHR systems. Moreover, as indicated by its name, the affected system can only be unlocked, or decrypted, by paying the “hacker” a specified ransom, typically paid in Bitcoin. The sole intent is to hold hostage an organization’s data. Typical methods of Ransomware deployment are sent through unsolicited email attachments or links and embedded within applications files that would be passed on through a network. It is helpful for IT professionals and leaders in any organization to review case studies of previous ransomware incidents to discover what errors occurred and how the affected company could have prevented it, how they reacted after the breach was known, and what type of proactive planning should be implemented in their organization to handle these situations.
As the severe threats of cybersecurity continuously evolve and expand, the security methods and tools we use to protect our data must adapt. In 2018, the global network security market has begun making progressive advancements in technology and regulations to empower organizations to obstruct data breaches before they occur. Today most technology and services are provided in the cloud, and over half of employees use mobile devices or non-managed home computers to access their organization’s network. Security solutions are being created to use the cloud as an advantage by protecting a personal network connection no matter where it is. One example of automating a line of defense before it reaches a network is a service called Cisco Umbrella™, which is a cloud-based security platform built into the foundation of the Internet to stop phishing and malware and to identify infected devices. This technology extends beyond merely detecting malicious content. It adapts to changes by processing millions of Internet connections requests a day to identify patterns that allow it to uncover potential threats automatically before their initiation and block connections before hitting the first victim. This idea of autonomous and intelligent network security protocols is a significant trend that paves the future of cybersecurity.
Despite the growing investments in cybersecurity, one of the most effective approaches an organization can take is to educate employees on security policies and awareness. Since human errors are still the leading cause of data breaches today, it is essential that an organization actively informs its employees that security is everyone’s responsibility. Network security can also benefit massively from effective communications and relationships between a company’s IT staff and employees. If employees are trained to spot suspicious content and emails on any of their devices, it is vital that they also share the information with their IT staff to investigate and quarantine, if needed. This communication should not be a burden for either party if they understand that it is their responsibility to the company. The predictions are that security awareness training grows exponentially over the next few years. Other than providing reference guides on common attacks and what they may look like, some policies that are important for employees to understand are authentication, access, and reporting procedures. Concerning authentications, users need to understand that passwords must be complex and confidential. If employees access the network on other non-managed devices, such as a work computer, they should implement password protection on every device. For important services, a company needs to implement two-factor authentication to ensure access is given to whom they say they are by knowing their password and providing another form of proof, such as a code sent to their cell phone.
In summary, it is essential always to remain vigilant and continue to layer new forms of cyber security protection to prevent your network from exposure to cybersecurity threats.
 Bitcoin is a digital asset and a payment system, using peer-to-peer technology to operate with no central authority or banks. Managing transactions and the issuing of bitcoins is carried out collectively by the network, without an intermediary. Bitcoin is open-source; its design is public, and nobody owns or controls it.
 The cloud is a network of remote servers hosted on the Internet and used to store, manage, and process data in place of local servers or personal computers.