If you ever want to find out what sorts of data cyber-criminals are targeting, there's a simple rule; follow the money. And some of the most valuable commodities threat actors are looking for comes from the healthcare sector. As hospitals, medical practitioners and allied health professionals digitise more of their systems and workflow, and people use more wearable devices to monitor and improve their health, the amount of data that is being exposed is growing.
In Australia, the Office of the Australian Information Commissioner (OAIC) publishes a report every six months detailing the most common types of data breaches and which sectors are targeted. Health service providers reported the most breaches in the latest report, and that number has risen for every period the report has been issued. Almost half of those breaches were the result of malicious activity or criminal acts, according to the OAIC.
Right across the Asia Pacific region, we are seeing attacks that specifically attack the healthcare sector. There have been several attacks in Singapore, with one even exposing the Prime Minister's health data. The WannaCry malware continues to be an issue and healthcare data is now readily available over the dark web.
Healthcare industry ‘not keeping up’
The old school approach to business IT security – ensuring end-point protection is up to date and there's a firewall in place – is no longer good enough. Cyber incidents, where threat actors are able to bypass security controls account for more than half of the reported breaches in 2019, with the remainder spilt almost evenly between the theft of data storage devices and paperwork, and rogue employees.
Putting all this together, we are seeing the digitisation of healthcare is occurring faster than the sector's ability to protect the valuable information it creates and holds.
At a recent event, Stephan Neumeier, Managing Director for Asia Pacific at Kaspersky, said that, "Data is sick. Confidential medical records being breached and advanced devices turning a human into a bionic man. These ideas have since crossed the bridge between fictional stories and our physical world. They are well within our reality. As rapid digitalisation penetrates the healthcare sector, cybercriminals are seeing more opportunities to attack this lucrative and critical industry."
Stolen medical records openly sold on the dark web
When we follow the money in any industry – and cybercrime is one of the most profitable industries on the planet – we find there are marketplaces where skills and information are traded. Senior Security Researcher from GReAT Korea, Seongsu Park recently presented at a cybersecurity forum and discussed an Australian-based dark web seller called Ausprdie. This platform trades in medical data.
Park said medical records can be considered more valuable than a simple credit card because a hospital generally requires a patient’s personal and financial credentials before a check-up or an admission. Those online forums are even advertising in order to access confidential medical data. And those breaches, like the fallout from a nuclear incident, can have long-term repercussions.
How the industry can better protect itself
With such a well-organised adversary, it's important to take a forward-looking posture when planning a defence. Hoping that a "walls and moats" approach will be sufficient is not enough. Attackers use tactics such as phishing attacks, where a large volume of emails are sent containing fraudulent instructions that seek to dupe people into giving up log in data or other valuable information. Or, they can take a more focussed approach, where they try to trick someone with a higher level of data access to hand over information – a targeted tactic called spear-phishing. As we know from the OAIC's data, malicious insiders are also a major challenge.
Rather than trying to block all the possible attacks it's important to actively seek threats that may already be inside the network. That means having tools that actively seek potential threats that are already inside your firewall. For healthcare providers, this means looking for unusual activity. For example, detecting when something like a blood test report is being sent to an x-ray technician. This could indicate that an email account has been compromised, as that type of data is not usually shared between those two parties.
New methods for breaching systems, often called attack vectors, are constantly being created by criminals. Trying to keep up with the latest types of attacks is not easy, but there are threat feeds and other types of intelligence from external parties that not only keep healthcare providers informed, but help them detect when the risk of a new type of attack is rising so that appropriate counter-measures can be put in place.
Rather than waiting to become a victim, hospitals, doctor's offices and other healthcare facilities can get on the front foot and hunt for threats before they escalate and become cyber incidents.
Protecting healthcare data is about more than ensuring data is as well-protected as possible when it's at rest and when it's in transit. It's about proactively looking for where the risks are, then taking active steps to mitigate those potential losses and any unauthorised access.
As it stands today, the healthcare sector is lagging as security pays catch up with the digital transformation effort. By taking a forward-looking approach, where risks are constantly assessed and mitigation strategies are put in place, the sector can move forward.
Kaspersky is a global leader in cybersecurity for both consumer and business users. To discover how it’s helping healthcare providers protect their critical data, click here.
