Cybersecurity breaches continue to plague healthcare organizations. Every month, new horror stories about patient data being compromised hit the headlines. Despite this, and the evolving regulations in healthcare, the fact remains that the industry is still behind the curve when it comes to cybersecurity.
We’ve decided to take a closer look at the top threat actions that are causing these healthcare data breaches and how a modern identity and access management (IAM) solution can help. So far in our series, we’ve covered social engineering and malware attacks.
This installment is all about hacking. While social engineering tricks users into giving up their credentials and malware attacks leverage malicious software to gain access and inflict damage, hacking is a broader term that describes incidents wherein a threat actor uses various tactics to gain unauthorized access to a victim’s device or system.
Hacking—What Is It and How Does It Work?
While other breaches may occur due to an insider threat or an attacker’s close proximity to the intended target, hacking is done remotely—hence that classic image of the shadowy hacker sitting behind a keyboard, gaining access to a victim’s data from afar. Despite this stereotype, hackers come in many forms with a wide range of motives.
Hacking incidents make up a little less than 25 percent of all healthcare data breaches, but their effects are more far-reaching. In fact, hacking is responsible for 85 percent of all patient records exposed by data breaches.
There are many hacking techniques, but the two most common are geared toward obtaining a user’s legitimate username and password in order to gain access—albeit through very different approaches. Let’s take a closer look at these hacking varieties—the use of stolen credentials and brute-force attacks, as well as some other common methods.
When you think of hacking, a hacker breaking through sophisticated corporate firewalls and complex security protocols might come to mind. However, it’s much easier to steal a set of keys and waltz through the front door than having to break down a back door. The same is true for hacking; obtaining and using a set of stolen user credentials is often the easiest route for a hacker to gain access. In fact, the use of stolen credentials is responsible for about 50 percent of healthcare-related hacking incidents.
One of the easiest ways for a hacker to obtain stolen credentials is by hijacking a user’s static password. Not only are they widely in use, but as the name implies, they remain “static” or unchanged for set lengths of time, giving hackers more time to steal them.
Hackers use a variety of methods to get their hands on passwords, including installing spyware that records keystrokes (keylogging), infecting frequently visited sites (waterhole attacks), gaining access to a free or public Wi-Fi using a fake wireless access point (WAP), or even buying them on the dark web for as little as 55 cents.
It’s important to note that breach causes aren’t mutually exclusive, so it’s very common for an attacker to use a combination of threat actions to obtain a single set of credentials. For example, social attacks, such as phishing schemes, are frequently used to trick users into giving up their credentials. The stolen credentials are then used by a hacker to gain unauthorized access.
Brute-force attacks account for roughly 21 percent of healthcare hacking incidents, leveraging various tools and techniques to “crack” user or network credentials. During these attacks, all possible passwords are systematically checked until the correct one has been guessed.
Although the “brute” in brute-force refers to the fact that access is gained via exhaustive effort versus intellectual strategy, these attacks often aren’t nearly as draining or time-consuming as you might think. Although it would take an average computer roughly 5.88 years to crack an eight-character password that uses mixed cases and numbers, a strong botnet made up of multiple devices with ample computing resources would only need about 30 minutes to get the job done.
Backdoor and C2 Hacking
Backdoor and C2 hacking accounts for 17.9 percent of hacking incidents in healthcare. The use of a backdoor protocol in programs is a practice that allows an administrator to enter a system, bypassing the program’s usual credentials and governances, to troubleshoot or perform upkeep. However, backdoor protocols can be exploited by those with more malicious intent. By using an organization’s command and control (C2) server, cybercriminals can gain access to sensitive data. Backdoor hacking goes beyond benign root access to perform a malicious attack of a hidden exploit that is intentionally written into the code.
Another common hacking method in healthcare is denial-of-service (DoS). DoS attacks account for 4.5 percent of the industry’s hacking incidents and are characterized by the cyberattacker seeking to make a machine or network resource unavailable to users by temporarily or indefinitely disrupting the services of a host that is connected to the internet. This is achieved by flooding an organization’s servers with a cavalcade of traffic that ends up crashing the system.
How Can Healthcare Organizations Prevent Hacking?
On an individual level, physicians and other healthcare providers must follow good data hygiene and cyber security best practices. This includes creating, updating, and protecting strong passwords, as well as remaining vigilant against cybersecurity threats, like email phishing attacks.
Similarly, at the organizational level, institutions must have sufficient IT resources to implement strong data encryption, solid perimeter defenses, and frequent software updates for technologies, ranging from EMRs to operating systems.
However, adopting a true, zero-trust security mindset starts with putting a modern identity and access management (IAM) solution at the core of your organization’s security program.
For starters, a modern IAM solution facilitates secure, centralized password management for both user and privileged accounts. This helps organizations eliminate poor password practices (e.g., static passwords, stagnant update policies) and implement complex password policies that can be customized on both a broad and individual level. Furthermore, all associated self-service, delegation, sync, and provisioning tasks for users, applications, and systems have a full audit trail for increased visibility and control.
However, even the best password management policies and practices aren’t enough on their own. This is why implementing an IAM solution that also offers comprehensive multi-factor authentication (MFA) capabilities is critical.
MFA protects your organization from unauthorized access due to compromised credentials by augmenting traditional passwords with a second or third user verification method. So even in the event a user’s password is stolen, the attack would be unsuccessful, as the hacker would not have the other form/s of verification required. Even better, a robust MFA solution can replace passwords altogether, eliminating the security weaknesses associated with static passwords.
Implementing identity lifecycle management (ILM) also helps minimize risk by automatically deprovisioning users when they leave the organization and preventing users from accumulating unnecessary privileges as their roles change over time. These processes help enforce the principle of least privilege, as well as eliminate the risk of unmonitored orphan accounts being left open.
Up Next: The No. 1 Cause of Healthcare Breaches
Hacking can be difficult to keep up with, given the continuing evolution of its methods and the rise of new threats, like hackers as a service. Fortunately, when it comes to the threat of hacking, whether it’s through the use of brute-force attacks with a strong botnet or use of stolen credentials, there are steps an organization can take to protect itself. One critical piece is implementing comprehensive IAM as foundation for your organization’s cybersecurity.
So far in this series, we’ve covered social attacks, malware, and hacking. We’ve focused on the challenges and risks these threats pose, as well as how a modern IAM solution can help protect your organization. However, there is still an even greater threat that remains.
Keep an eye out for our next installment, in which we’ll cover the leading cause of healthcare cybersecurity breaches: insider threats.