Healthcare Organizations Under Attack: Strategies for Managing Cyber Threats

Before National Cyber Security Awareness Month (NCSAM) draws to a close, we thought it would be a good idea to dive into cybersecurity as it relates to the healthcare industry, and take a deeper look at some of the trends and challenges that are currently being faced by healthcare organizations. We had a chance to sit down with David LaBrosse, Strategic Partner Manager, Healthcare Data Management Solutions at NetApp, to talk a little bit about cybersecurity within healthcare and what’s being done to prevent these attacks from occurring. Here’s what David had to say:

Shayda Windle: Healthcare data and infrastructure that supports the delivery of healthcare services are some of the biggest targets for attack. What’s driving this interest from cyber attackers?

David LaBrosse (DL): There are multiple factors that are driving cyber criminals to target the healthcare industry. First, Cyber criminals believe that hospitals are soft targets. They know that many institutions have made security improvements, but there are still other hospitals which need to implement basic security tools. A second driver is the growing number of attacks sponsored by organized crime groups — in the U.S. and overseas. These criminal groups are playing a key role in the higher volume and sophistication of cyberattacks. And, a third driver is the value of the medical records themselves on the black market. While some analysts debate how much criminals are paid for each stolen medical record, the emphasis should be on how patients are impacted by each theft. In some cases, a stolen record can expose a patient to insurance fraud, identify theft, and to privacy violations.

SW: What are the most common exploits that healthcare organizations are subjected to?

DL: Each year, reports are released that identify the top threats as it relates to cybersecurity. Some of the reports are from U.S. Fed Government agencies like Health and Human Services (HHS) or the FBI. Other threat reports are created by leading security vendors and network services providers. While I agree that the theft of computers, smart phones, and disk drives are still a top concern, hospitals leaders are making good progress in this area. Their investments in security training, device encryption, and asset tracking tools will continue to minimize the physical threat.

Another common threat or exploit is the growth in “malware” attacks. Ransomware has become a top-of-mind threat for many healthcare leaders. The number of ransomware attacks has increased significantly in the past year. There are now thousands of variations. And, healthcare institutions are struggling to keep up with the flood of malware attacks.

SW: What can healthcare organizations do to protect themselves and their patients?

DL: Having standard security procedures in place to protect from attacks is so important that I’ve created an acronym around it. This is more of a reminder of the standard procedures that everyone should be following.

CUTS stands for combine, update, track, and survive. And here’s a breakdown of it:

Combine security systems. In a hospital setting, security information and event management (SIEM) systems are common tools which are used to monitor an unusual event and to log activities in the IT environment. But some of these SIEM tools are old and need to be upgraded. They need to allow other sources of data to be analyzed from across the enterprise. The SIEM tools should also be combined with other security tools like ‘user behavior’ tracking. By combining the security tools, institutions can identify and respond to threats faster.
Update software and security patches. This may sound like just another task on the security checklist, but you would be surprised how many organizations do not routinely do this, and in turn put themselves at greater risk. By not patching systems, you are basically opening the door for a hacker to come into your environment.
Track your employees. It may sound like Big Brother is watching, but you really do need to know where your employees are logging in, and where they physically enter a building. Everyone knows that there is a ‘human’ element to cyber attacks and unfortunately disgruntled employee attacks do happen. So, it is critical for hospitals to track employee activities on-line and on-premise.
Survive attacks. Despite all of the efforts to maintain security, cyberattacks do still happen. That is why hospitals need to focus on recovering from an attack. Some institutions make good investments in security tools, but they forget about the recovery side of the equation. I urge healthcare organizations to make ‘gold’ copies of their data, operating systems, and mission critical applications. These gold copies should be stored in a separate network to prevent hackers from finding them. And, it is equally important that hospitals test their recovery capabilities at least once a year. That is one way they can be confident that they will survive an attack.

Hospital leaders can also avoid paying a ransom fee to hackers by restoring their systems rapidly. NetApp is proud to provide data management solutions which help customers to accelerate security threat analytics and to recover faster from malware attacks.

SW: It seems that having layers of security is a good approach. What are some of the best strategies for protecting data while it’s at rest/stored and while it’s in motion?

DL: Today, we know encryption has proven to be a good solution. I think some of the challenges organizations face is whether or not encryption is the right fit — or is easy to manage. Encryption has come a long way. At NetApp, we are offer a variety of encryption options to address data at rest and in transit requirements. We have also made it easier for customers to manage the encryption solution. While some customers are still uncomfortable, I believe encryption is worth the investment.

SW: Is there anything else you’d like to share?

DL: Another outstanding security tool which I recommend to customers is called ‘multi-factor authentication.’ There are different types of multi-factor authentication tools available today. Some ask for users to provide replies to “security questions”. Others, utilize a smart phone application which generates a unique pass code during each log-in. The code is a second password which is difficult for hackers to steal. Historically, the healthcare industry has shied away from multi-factor authentication tools. One reason is that it seems to require an extra step in the security process. Many doctors and nurses do not have time to enter additional codes or passwords. They need to focus on patient care. However, I think multi-factor authentication will become more user friendly. And, with the proper security training, the log-in time can be reduced.

Interested in learning more about NetApp’s health IT and cybersecurity solutions? You can find out more here.