As if healthcare didn’t have enough to worry about, with overpacked facilities and overworked staff during the COVID-19 pandemic, cyberattacks on healthcare systems and medical devices are rapidly growing in number and sophistication. Further, ransomware is making its way into healthcare, with attacks locking out IT systems and medical devices. All this means the state of cybersecurity preparedness in healthcare is at an all time low.
Ransomware is a particularly nefarious activity in healthcare, as often lives and critical treatments are at stake. Over 500 providers were victims of ransomware attacks in 2020, with at least one death that is attributed to the resulting lockouts.
Fully two-thirds of healthcare organizations have been hit by at least one ransomware attack, with one-third being attacked multiple times, according to the Ponemon Research Report: “The Impact of Ransomware on Healthcare During COVID-19 and Beyond.”
More than 40 million patient records have been compromised in 2021 according to the U.S. Department of Health and Human Services’ Office of Civil Rights. This is obviously a massive problem facing all healthcare organizations. Healthcare boards of directors are increasing cybersecurity spending by 15% in 2022, because ransomware and other breaches represent a stumbling block in delivering effective healthcare.
The Analytics Keep Changing
While IT staff and SOC analysts often use analytics to collect data on and analyze network activity, COVID-19 has thrown a monkey wrench into many analytical approaches. Analytics typically looks for unusual activities on systems and networks, but COVID-19 has effectively redefined what is normal and what is unusual. Traffic and data patterns are different, and some systems have significantly increased their activity and range of use.
This pattern of activity can serve to hide bad actors and malicious code. And as we battle COVID-19, hopefully with some success, traffic patterns and activity on healthcare systems is very dynamic and constantly changing, based on infections, hospitalizations, and deaths. These dynamics make it difficult to identify what is normal versus abnormal activity.
The Challenges of Cybersecurity in Healthcare
Despite ongoing calls for patient privacy, which is not a part of HIPAA, cybersecurity in the field tends to be weak. Yet the threats remain the same, or in many cases even worse, than other enterprises. Healthcare systems face special challenges that make it more difficult for traditional IT staffs to cope.
IoT and medical devices in general remain a strong area of concern. Many medical devices are now connected on networks to be able to automatically collect and analyze their data, and to immediately make it available to healthcare professionals, especially with regard to other patient information. These devices often don’t have the same security protections as the rest of the network, and are a potential attack vector into the entire facility.
Insiders Remain the Biggest Threat
Healthcare workers are human, and have motivations similar to those in other industries. In fact, in some cases, there is more motivation for some healthcare workers to violate security protocols. If, for example, a hospital or practice has famous patients, it may entice insiders to look up and make public their medical records.
Insiders may also use private information for blackmail, or even simply to demonstrate to friends their level of access. Whatever the motivation, insiders are in the best position to execute a breach and data theft. Healthcare organizations have to be cognizant of the insider threat and use automated approaches to combat it. This includes User and Entity Behavior Analytics (UEBA) to examine behaviors of insiders to determine if patterns have suddenly changed in a risky manner.
Ransomware is An Ongoing (and Growing) Threat
Healthcare systems are also subject to ransomware demands. Locking personnel out of systems that provide essential information and care for patients usually requires an immediate capitulation, no matter what the price.
Healthcare providers routinely find themselves under attack, at least in part because of the sensitive and critical nature of their data. These characteristics make organizations ripe for ransomware attacks; it’s simply not feasible to delay. At least one death has been attributed to the inability to access critical patient data and that is one too many.
Selling Patient Information Can Also be a Motive
Patient information itself is also valuable to hackers. Like most personal information, it can be sold to those who want to steal from them, or want to have others’ identities for phishing or other purposes.
But patient data holds special significance, in that it often includes medical information that makes patients subject to blackmail based on health conditions. It can also be used to scam patients based on an intimate knowledge of their health conditions.
Addressing Cybersecurity Preparedness in Healthcare
Healthcare is subject to the same threats as other enterprises. However, the consequences can be more severe than in other organizations. Therefore, healthcare organizations have to be more vigilant in protecting user data. The fact that patients can die in the pursuit of ransomware makes it impossible to ignore this consequence. In addition to extorting large sums of money, attackers can be charged with homicide.
Gurucul provides cybersecurity security products with prepackaged machine learning models to detect and remediate the most common healthcare cyber risks. They encompass Gurucul Analytics-Driven SIEM, Gurucul UEBA, Gurucul Risk-Driven SOAR, and Gurucul XDR. These products are essential for monitoring and protecting patient information on healthcare platforms.
Legacy SIEMs generate a lot of false positive alerts; that is, results that look like an attack might be occurring, but it really isn’t. False positives can end up making a lot of work for healthcare SOC analysts and IT staff, who have to investigate every possible attack.
Gurucul’s modern cloud-native cybersecurity products deliver over 2500 machine learning (ML) models, which have the ability to “learn” normal activities and better recognize potential breaches and threats. By using algorithms to better spot risk, Gurucul can help SOC analysts figure out where real threats may be coming from.
Hear How Gurucul Can Help – Directly From our Healthcare Customers
Gurucul is taking a lead in enabling cybersecurity preparedness in healthcare. Our healthcare customer testimonials below detail how Gurucul has been able to address some of their most complex cybersecurity risks.
Allina Health: Securing Medical Devices with Gurucul
This customer testimonial video shows how Allina Health used Gurucul’s security analytics platform to maintain the security of the medical devices throughout its hospital network. With Gurucul, Allina is ensuring that patients are not placed in harm’s way due to a medical device’s faulty behavior.
Aetna: Automating Front Line Security Controls with Model Driven Security
This customer testimonial video shows how a Fortune 100 Health Insurance Provider uses Gurucul Risk Analytics (GRA) to automate front line security controls. Gurucul helps Aetna detect and respond at machine speed to meet the demands of current attacks.
Allina Health: Protecting Patient Records
This customer testimonial video shows how Allina Health used Gurucul UEBA to protect Players’ and VIP medical records at the Super Bowl in Minneapolis. Gurucul helped them answer questions like: “Are you snooping on other employees? Are you looking at VIP records?” UEBA can tie different events together and trigger them combined as an alert to say – we have a VIP event here in combination with data exfiltration. This might be something we seriously need to look at.