COVID-19 Not the Only Epidemic of Epic Proportions
As America’s frontline doctors, nurses, and healthcare staff continue the fight against COVID-19, hospital and medical center IT teams are waging a battle against a different kind of epidemic – the exploitation and compromise of sensitive data and systems.
While cyberattacks against healthcare providers have surged in 2020 amidst the pandemic, the struggle to counter increasingly sophisticated cyber threats is nothing new. Last year, for example, the healthcare sector was the most popular target of ransomware in the United States, with more than 760 healthcare providers affected.
Often these attacks have serious, sometimes life or death, consequences. When Campbell County Health in Wyoming was hit with ransomware in September, it had to cancel surgeries, transfer patients to other facilities, and put a temporary stay on taking new patients. It took more than a month for the provider to get all systems and services back up-and-running. In even more extreme cases, like that of Wood Ranch Medical in California and Brookside ENT and Hearing in Michigan, targeted institutions were forced to close down for good in the wake of such attacks.
Healthcare providers also proved the most prevalent target of data breaches within the United States last year, accounting for 43% of all such compromises and costing the industry nearly $18 billion. For reference, the next most targeted industry (the banking, insurance, and finance sector) clocked in well behind at 12%.
Fast forward to this year. As the number of COVID-19 cases first began to climb, some hacker groups vowed to refrain from attacking medical facilities involved in the response to the virus. To no one’s surprise, that promise did not last long. Shortly after declaring the so-called “ceasefire,” one of the groups that had called for the stay attacked a UK-based coronavirus testing lab.
As cybercriminals continue to exploit surges in telehealth, related health apps, and insecure endpoints across the medical field, the healthcare industry has widened its piece of the data breach pie, accounting now for 51% of such incidents across the country. Coronavirus-related phishing attempts and counterfeit webpages targeting both healthcare facilities and the general public have also skyrocketed. In the first three months of 2020, the number of such attempts and pages jumped more than 165%. In March alone, one company studying the trend tallied more than 100,000 medical scam webpages.
Though the reasons cybercriminals attack healthcare providers abound, one factor looms larger than the rest: the sensitive, urgent, and often life-or-death nature of the medical field leaves little room for downtime or data compromise.
Think of it from the cybercriminals’ perspective. Would you rather extort an institution you know needs 24/7 access to its data to save lives or target any old business operating at far lower stakes? In a similar vein, would you rather hack a hospital for patient information or sensitive research files that will earn you six times the going rate of other data or settle for a smaller payout? Such answers are not hard to predict.
As America continues to grapple with the uncertainty of the ongoing pandemic, the target on the healthcare industry’s back has only widened. Not only are hospitals and other medical providers being hit by cyberattacks at higher rates – institutions working on vaccines and conducting coronavirus-related research are feeling the heat as well. Take the recent cyber intrusion at the University of California at San Francisco, which is conducting anti-body testing and clinical trials for COVID-19 treatment, as just one example.
Strengthening Healthcare’s Cyber Immune System
With critical patient care on the line, there is little doubt hospitals and medical providers need to strengthen their cyber resiliency. Much like the model used to prevent and treat illnesses, the healthcare industry must adopt a dynamic cyber protection plan which considers the inevitability of attack and identifies what policies and practices are needed to recover.
Prevention – Like vaccines that proactively prevent illness, things like vulnerability assessment, patch management, regular backup schedules, continuous data protection, and a zero trust architecture are key for helping healthcare providers maintain cyber hygiene and prevent critical downtime and data loss.
Detection – Similar to the testing that takes place in the medical field, healthcare IT teams must employ AI-based threat detection and behavioral analysis (like URL filtering) on all endpoints and systems, so abnormalities can be easily and quickly identified.
Response – Once an illness is discovered, doctors can administer medication in response. Similar steps must be taken when an attack, hardware failure, or human error occurs on the cyber front. IT teams should streamline the response process by employing automated alert and remediation tools that allow for real-time reactions and triage.
Recovery – When illnesses or injuries become serious, doctors may perform surgery to help a patient recover. Similarly, once a cyber incident occurs, IT teams must focus on quickly restoring systems and avoiding the deadly downtime and data loss that could spell disaster for hospitals.
Forensics – After an illness or injury is discovered, the medical community conducts extensive research to better understand the ailment and what can be done to treat it more effectively moving forward. Such post-incident investigation and analysis are equally as critical in the cyber realm. After a cyberattack, hardware failure, or human error occurs (an inevitability for every institution, no matter how good its prevention methods are), IT teams and end users alike must understand the causes of the incident – and how to avoid something similar in the future.
No Time to Waste
With patient lives and critical medical data hanging in the balance, there is little time to waste in building and strengthening the healthcare industry’s cyber resiliency. The good news is a tailored, cost-effective endpoint protection software with backup exists to help implement the above framework and make the transition to comprehensive cyber protection as easy as possible. The question remains though – will healthcare grab the lifeline?