Guest Column | July 22, 2019

Mitigating Healthcare's Most Common Types Of Security Breaches

By Shahrokh Shahidzadeh, Acceptto

broken security lock

In simple terms, a data breach is a security incident where a company's sensitive information is accessed without authorization. However, a data breach is more complex than just a leak or an exposure of sensitive data. The first step of a data breach is usually a targeted attack, with the attacker often seeking a specific data set which could offer financial benefits.

Typically, this is confidential financial information, such as account numbers, transactions histories, and various types of passwords. Personal data is often sought after by identity frauds, while medical records fetch large sums on the black market. Health insurance companies are prime targets for data breaches because they hold both confidential medical and financial data. Health practitioners are also targeted by cybercriminals because they have the same information on file. Smaller practices can run on legacy systems with fewer personnel, and security concerns do not take priority over patient care.

Ransomware attacks, unpatched vulnerabilities, and internal threat actors can all cause a data breach that exposes patient information but using authentication to validate login credentials can reduce the chances of a breach.

The following are the most common types of security breaches, and how healthcare organizations can protect themselves from similar incidents.

Attacking Via Ransomware

In 2018, ransomware was by far the most common type of malware used in cyberattacks, according to the annual Verizon data breach investigations report. Almost 40 percent of all successful malware-based attacks in 2018 used some form of ransomware.

To conduct a ransomware attack, the cybercriminal will upload malicious software to the organization’s system via a harmful link and encrypt critical files and data. By encrypting files, the critical data is inaccessible to the organization, allowing the attacker to demand a ransom in exchange for the files. A ransomware attack can easily immobilize a healthcare provider, as critical patient files become inaccessible.

The most effective weapon against these types of attacks is backed up data. If organizations regularly upload important data into a secure backup source – ideally one that is partitioned away from the rest of the network –the attacker's efforts will have been for nothing. It is critical for CISOs and IT teams to set aside time to backup data, even if they believe the chances of a ransomware attack are slim. If a cybercriminal successfully orchestrates a ransomware attack, organizations can turn to a decryption service to unencrypt the affected files, but this is never 100 percent guaranteed to work. Instead, the most effective method is to regularly backup critical data on a secure and partitioned source.

Attacking Via Vulnerable Software 

Organizations in the healthcare industry can prevent data breaches with zero effort by just updating their systems. Updates fix security issues and add new features to defend against the latest hacker techniques. Outdated software retains all of these vulnerabilities, which attackers love.

Outdated OS systems and applications are a prime target for attackers, and regularly scheduling updates can help prevent a debilitating data breach. For example, the 2017 Equifax data breach, which compromised the information of 148 million Americans, was entirely preventable. The credit reporting bureau confirmed that attackers were able to enter its system through a web-application vulnerability in May 2017, but a patch for this vulnerability was available in March 2017.

Timely software updates are key to preventing data breaches from occurring in the first place, but CISOs and IT teams may face pushback from other departments to delay a needed upgrade. As data breaches continue to disrupt organizational operations in 2019, security teams in the healthcare industry need to keep software updated.

Attacking Via Internal Access

Unfortunately, a huge number of data breaches come from within an organization. This might mean that employees are attempting to steal data, or that an attacker is using office hardware to get inside the system. Employees might also inadvertently share confidential data, which could result in a HIPAA violation and cause compliance concerns for an organization.

Health insurance companies and healthcare providers should be proactive about the threat of an internal data breach by ensuring that all employees have limited privileges and can’t access unnecessary files. By partitioning and limiting data access from unauthorized employees, organizations in the healthcare industry also can avoid HIPAA violation fines.

Healthcare providers and health insurance companies also have to worry about unauthorized access to their portals from patients and customers. Organizations should have systems in place that help them vet cyber credentials.

Recognizing Valid Vs. Invalid Credentials

Our current environment of digital anonymity makes it difficult for healthcare providers to authenticate digital identities. Ultimately, there are four uses of cyber credentials that must be vetted to ensure proper access to your digital infrastructure, on-premise and cloud-based applications:

  • Valid credential used by a valid person for valid reasons: This is the ideal scenario and only truly desired state for all access to all medical data and IT resources.
  • Valid credentials used by a valid person for invalid reasons: This is an unfortunate scenario where a trusted person is using valid credentials for improper reasons. In this case, the need for better policy control continuously monitoring and tracking the “valid credential” could prevent improper use from within the organization.
  • Valid credentials used by an invalid person for any reason: This is the absolute worst-case scenario possible. In this case, valid credentials have been stolen or hijacked by someone intent on doing harm to your organization. The challenge here is how to determine when the wrong person is using a valid credential. Stronger authentication methods like cognitive authentication can prevent cybercriminals from stolen identity credentials to access another patient’s information.
  • Invalid credentials used by anyone for any reason: This type of scenario, keeping the bad guys out, is what most security teams solve for. In an ideal situation, security teams would implement robust authentication protocols that are also seamless for the end user, thus preventing unauthorized access.

According to a global study by IBM Security and the Ponemon Institute, the average cost of a data breach reached a staggering $3.86 million per incident in 2018, up 6.4 percent from the previous year. Organizations in a highly regulated industry like healthcare can face more financial consequences due to HIPAA violations and other compliance issues. Organizations can prevent ransomware attacks by backing up their files and avoid other cyberattacks by making sure their software is updated. To guard against internal threats, organizations should rely on advanced authentication methods, like continuous authentication, to ensure that only authorized users have access to data.

About The Author

Shahrokh Shahidzadeh is the CEO of Acceptto, where he leads a team of technologists driving a paradigm shift in cybersecurity through Acceptto's Cognitive Continuous Authentication TM technology. Shahrokh is a seasoned technologist and leader with 27 years of contribution to modern computer architecture, device identity, platform trust elevation, large IoT initiatives and Ambient Intelligence Research (AIR) with more than 20 issued and pending patents. Prior to Acceptto, Shahrokh was a senior principal technologist contributing to Intel Corporation for 25 years in a variety of leadership positions where he architected and led multiple billion-dollar product initiatives.