The amount of healthcare data breaches continues to grow year-over-year, and as healthcare organizations move to increase security measures in one area, attackers are finding new ways to access their systems to compromise the organization and steal data. Whether it is ransomware, data breaches, or IoT (Internet of Things) risks, the healthcare industry is under attack from many different angles. The next cyber attack could happen at any moment.
We have previously discussed ransomware on our blog and this infographic provides a checklist for preventing ransomware. There are, however, many examples of healthcare organizations being targeted by a recent cyber attack. According to a recent IBM security report, some of the more utilized are:
- Injecting unexpected items: Out of all the attacks that occurred in health care recently, 47% of them involved cases where hackers placed malicious data on a machine or server designed to disrupt the behavior of a system or network.
- Manipulating data structures: According to the report, 19% of attacks involved attempted access to a system by manipulating its data structure, taking advantage of built-in weaknesses to bypass security measures.
- Manipulating system resources: Round out the top three, the third most popular way for attackers to disrupt networks was by restricting access to files, libraries, applications and other critical resources. This type of attack can limit user access to everything from a facility’s website to its internal email system – and even its electronic health records (EHR) system.
- Employing probabilistic techniques: 6% involved attackers attempting to break into networks and systems through sheer guesswork. Using the principles of probability, hackers make educated guesses about likely usernames and passwords that may gain them access to the system. If they manage to guess correctly, they then proceed to wreak havoc on the network.
- Abusing existing functionality: The use of existing programs or applications for unintended purposes – including gaining unauthorized access to confidential data or denying other users access to key information. This occurred in 4% of attacks last year.
- Collecting and analyzing information: Instead of a full-on hacking attack, some criminals will engage in a “pre-attack,” where they’ll test the waters to see how many weaknesses exist in a network or system – and how much damage they could do with unlimited access. They may take information about a device’s operating system or installed applications to create “fingerprints” used to launch an attack later. This was the intent of 4% of cyber attacks.
- Engaging in deceptive interaction: Utilizing a practice known as “phishing,” hackers will attempt to fool hospital staff, into clicking on links or downloading attachments infected with malicious software. This software could potentially install harmful programs on the person’s machine that steal confidential passwords or unknowingly encrypt important data. This happened in 3% of attacks.
- Subverting access control: 2% of attacks involved exploiting weaknesses in the processes by which systems and servers identify users. The goal is to either prevent authorized users from access or to allow criminals to bypass these controls and gain unauthorized access.
The threat of a cyber attack on the healthcare industry is very real and must be taken seriously by healthcare decision makers. Cyber attacks are typically the result of three elements: uneducated employees, social engineering, and outdated software and infrastructure. Proactive security measures and the financial commitment to ensure their success are imperative to protecting patients and their data.
And one of the primary methods for improving cybersecurity is to ask for help. You don’t have to do face the next cyber attack alone. Hackers and cyber attackers are always moving and always scheming new ways to attack you. Allying yourself and your organization with a firm that understands the nature of the security risks you’re facing and has proven methods for evaluating your environment and addressing your needs is key. Optimum Healthcare IT and our team of cybersecurity experts are here to help.
Make sure to subscribe to our blog for the latest thought leadership in healthcare IT delivered directly to your inbox. You can also follow us on LinkedIn, Twitter, and Facebook to join the conversation.