The HIPAA Journal is reporting that in March of 2021, we saw a 38.8% increase in reported healthcare data breaches from the previous month. Hacking incidents are the dominant breach method. And apparently the higher number of breaches is due to an increase in data breaches at business associates. Here’s the breach breakdown of hacking/IT incidents:
The number of breached records also rose 135.89% with 2,913,084 healthcare records exposed across 62 incidents. That’s a lot of breached healthcare records. Do you think your healthcare data is safe?
The Verizon 2021 Data Breach Investigations Report just came out. Most everyone in the cybersecurity industry knows about this report since it’s an annual event. How did the healthcare industry fare this year? Well, not great. In the healthcare industry, Verizon analyzed 472 data breaches. Here are the key takeaways:
So now do you think your healthcare data is safe?
The story line for these cyberattacks are similar. An external threat actor uses extremely sophisticated technical means to break these seemingly impenetrable systems. Yes, there could have been purpose-written malware that was used in the reconnaissance phase of the kill chain that evaded technical controls at the perimeter. But far more likely is the fact that criminals used a compromised identity to gain access past perimeter defenses. First, to discover the valuable data. Second, to install malware. Then to external servers, and finally, to send the data out encrypted to the thieves.
The problem is that stealing a logon credential is not necessarily a cybersecurity breach activity. It can be a phone call, or a borrowed password from a new “friend” who can be a contractor. It can also be an insider who has plans to gain access and exfiltrate data. That is what makes these breaches of compromised accounts so difficult – human factors.
To deal with human factors as a risk variable, cybersecurity practitioners are wrapping User and Entity Behavior Analytics (UEBA) around identities. Meta data from these identities can be cross-correlated to other defense-in-depth security data sets to provide a 360° context of who was doing what, when, and where. So, even if you do have users that hit a drive-by download or a watering hole attack via email using a spear phishing campaign, their identity will be tracked. This is to see anomalous or unusual behavior that is exhibited and unknown even to them. You can start to predict bad behavior (even if unintentional) to prevent data loss. This is better than a call from your friendly FBI agent, or former third party supplier of business, about their data being lost from your IP address ranges.
No matter how sophisticated an attack is from an outsider, a compromised identity is likely invoked to do the real damage. UEBA can provide the insight and predictive analysis to get ahead of these breaches before the real damage is done. Then healthcare organizations can be confident that your healthcare data is truly safe.
External attacks can be identified and stopped without significant loss of sensitive data. Gurucul UEBA would have triggered on the following events which are typical stages of a cyberattack:
It is never too late to deploy the right technology to safeguard your future assets and prevent account compromise. But it is always better to do it before your identity is compromised. Hear directly from our customer, Allina Health, to understand how Gurucul’s solution for cybersecurity in healthcare helps them protect their healthcare data!