Over the past 10 years, the healthcare industry has experienced a drastic rise in cyberattacks and data breaches. The number of reported healthcare-related data breaches has consistently grown every year since the Department of Health and Human Services began tracking breaches in 2009—and 2018 was no different. In fact, it was a record-breaking year, with a total of 365 reported breaches exposing almost 195 million healthcare records.
In Part 1 of our healthcare breach crisis blog series exploring the top threat actions that cause data breaches, we discussed social engineering attacks, such as phishing schemes. In this next installment of our four-part series, we will explore malware attacks and what an Identity and Access Management (IAM) solution can do to protect your organization from such threats.
Malware—The Diverse Cybersecurity Infiltrator
Malware is malicious software that cyberattackers use to gain access and cause damage to a computer or network. A shocking 89 percent of healthcare organizations have experienced some type of cybersecurity breach, and the majority (78 percent) of these attacks were facilitated through malware. Larger organizations are typically at higher risk, with 46 percent reporting over 15 malware attacks per year. But how exactly does malware penetrate a network?
Before the internet became so widely used, malware was delivered manually, in physical form, via floppy disk or CD-ROM. However, as technology and networking have evolved, so too have criminals and their methods. Hackers can now use remote attack vectors, like email phishing schemes, which are the most common method of malware delivery.
Since personal healthcare information (PHI) is worth significantly more than other types of information on the dark web, including credit card information, cybercriminals are highly motivated to execute malware attacks to gain access to employee and patient data.
A recent example of a malware breach involves LifeBridge Health, in Baltimore. Malware infected LifeBridge’s EHR, patient registration, and billing systems, and went undetected for 18 months—potentially exposing the private information of about 500,000 patients. However, malware takes many different forms, from Trojan horses to spyware to macro viruses, and many of these can be divided into a variety of subcategories. However, one form is more prevalent in healthcare than all other types of malware combined: ransomware.
Why Ransomware is the King of Healthcare Cybersecurity Threats
When it comes to malware targeting the healthcare industry, ransomware is king. In fact, over 70 percent of all malware incidents in healthcare are ransomware attacks, and 88 percent of all ransomware attacks target healthcare organizations. This malicious and invasive variety of malware encrypts the victim's data or computing resources, blocking access to systems and data in order to coerce the victim to pay a “ransom” in order to regain access to the data held hostage.
So, why is the healthcare industry such a big target when it comes to ransomware attacks?
The answer is: because it pays—or rather, they pay. As continuity of service and brand reputation are crucial in healthcare, it is not uncommon for hospitals to just pay the ransom for the decryption key in order to regain access to their patient data. Surprisingly, one recent study found that 70 percent of businesses that have been infected with ransomware have paid to have their data decrypted.
Unfortunately, the costs to an organization go well-beyond the initial breach. A study by the Ponemon Institute found that the average cost per healthcare data breach was $402 per record! So, why so high? On average, it costs $610,000 in compliance and auditing related expenses and another $440,000 on post-breach clean-up. Additionally, healthcare organizations lose an average of $3.7 million in revenue following a data breach.
Aside from the financial cost to organizations, ransomware can affect organizational efficiency and even patient safety. Last year, Missouri-based Cass Regional Medical Center fell victim to a ransomware attack that forced it to shut down its electronic health record (EHR) application and divert trauma and stroke victims to other medical facilities for an entire week.
How Modern IAM Solutions Enhance Cybersecurity
While strong perimeter defenses and ad-blockers are an important part of defense against malware, they alone are not enough. Additional precautions must be taken to limit exposure and to stop its spread in the event your organization is infected.
One significant step that your organization can take to minimize its attack surface and prevent access to critical systems is to utilize an advanced IAM solution. An IAM solution helps stop attackers in their tracks by enforcing least privileged access and ensuring each user account has proper access controls in place.
Comprehensive identity governance capabilities ensure proper identity and access controls are automatically maintained and stay up-to-date across the organization. An organization can configure and enforce fine-grained access controls for both user and privileged accounts that automatically add and remove access rights according to each user’s specific attributes or role. As a result, users don’t collect unneeded entitlements over time and receive only the access needed to do their day-to-day jobs.
Robust automated lifecycle management further enforces least privilege access by allowing organizations to automatically manage the full account lifecycle of all users, including external users, such as contractors, vendors, and partners.
Users are automatically provisioned with the appropriate access based on their role, and access rights are automatically updated when their role changes, including deprovisioning access when the user is no longer with the organization. Automating these processes prevents vulnerabilities, such as users being over-assigned permissions, assigned incorrect permissions, accumulating too many entitlements over time, or worse, accounts being left open when a user leaves the organization.
Last, but certainly not least, a modern IAM solution utilizes multi-factor authentication to add an extra layer of security that can be implemented across privileged users, business-critical systems and applications, VPNs, and servers. Two-factor authentication, for example, requires two modes of authentication, typically something you know (password) and something you have (one time password, proximity badge, push notification, etc). So, even if a cybercriminal has acquired a user’s credentials, they’d still need the second form of authentication to breach the network.
Up Next, a Closer Look at Hacking in Healthcare
Fortunately, when it comes to the threat of malware, there are steps an organization can take to protect itself and minimize the damage an attacker can do in the course of a breach. While putting a modern IAM solution in place isn’t the only step an organization should take to mitigate the risk of malware attacks, it is a critical one in securing your organization.
However, malware and social attacks aren’t the only threats health systems face. Up next in our cybersecurity risk series, we’ll take a closer look at another top threat action that leads to healthcare breaches: hacking—and how putting modern IAM at the core of your security program can also minimize this cybersecurity risk.