Ransomware and Cyber Attacks in Healthcare - Part 2

The healthcare sector is increasingly becoming a target of cybercriminals because of the wealth of valuable information that hospitals, practitioners and insurers need to store in order to deliver services. This is compounded by the fact that in recent years there has been a massive uptake of technology in healthcare while, at the same time, cybersecurity awareness and posture have unfortunately not kept pace. The growing adoption of technology, such as wearable devices, telehealth services, and electronic healthcare record storage, alongside the necessity to store payment data, makes healthcare providers a comprehensive source of information for potential identity theft or other digital crimes. The result has been that healthcare is over-represented in terms of cybersecurity breaches compared to other sectors.

In the most recent quarterly update of NTT’s Global Threat Intelligence Report we dive into more detail about the threats faced by healthcare. Of particular note is the fact that the USA, Canada and Australia collectively represent over 75% of all healthcare breaches.

These risks should not only be front of mind for larger providers, but for smaller ones as well. As larger healthcare organizations have invested in cybersecurity, threat actors are increasingly targeting small to medium providers. Not only are they targeting healthcare directly, they are also targeting third party providers of services in areas such as accounting, billing and law as routes into healthcare providers.

Attacks on Healthcare Providers

While larger healthcare organizations have built comprehensive cyber defenses, smaller providers often lack the awareness and resources required. As a result we are seeing a number of concerning breaches in small to medium sized providers, here’s a list of just some of the known disclosed attacks:

• Uniting Care, which operates mainly in the Australian state of Queensland, became a victim of a ransomware attack by the Russian REvil group. The attack resulted in some of Uniting Care’s systems being left inaccessible and in Uniting Care being cut off from accessing the Australian government’s central “My Health Record” system.
• Midwives of Windsor, a pregnancy and childbirth provider in Ontario, Canada suffered a breach in April 2023, which resulted in the theft of pregnancy and personal data of an unknown number of patients. While the breach was reported to law enforcement, affected patients were only informed nearly nine months later.
• A ransomware attack on a California-based healthcare system Prospect Medical Holdings resulted in several of its affiliate clinics and hospitals being unable to operate.Those who did manage to continue operating had to rely on paper records.
• 10 years worth of pathology referral letters may have been exposed in a breach affecting Tissupath, based in Melbourne, Australia. Data which was exposed may have included patient names, dates of birth, contact details, Medicare numbers and private health insurance details.
• Eyecare Leaders (ECL) is a cloud-based, ophthalmology-specific electronic health record (EHR) and practice management vendor based in North Carolina. A breach of ECL in December 2021 resulted in the records of at least 20 providers who are clients of ECL being compromised.
• Multiple UK clinics were impacted by a breach at the UK specialist document management provider Stor-a-File, which suffered a ransomware attack in September 2021. Sensitive medical data including consent forms, test results, medical history and fertility treatment information were believed to have been stolen.
• A number of New York hospitals and health care centers were breached in a cyber attack where threat actors had access to patients’ private information for at least two months.
• Personal records of more than 5000 patients are believed to have been stolen after the email account of a Brisbane clinic was breached.

These examples provide just a glimpse into the scale of the challenge facing healthcare and the urgency of the need to strengthen cybersecurity posture.

What are the risks facing smaller healthcare providers?

Healthcare providers, and by extension their patients as well, face a number of risks. Smaller providers face various cybersecurity risks that can impact the confidentiality, integrity, and availability of their sensitive data and critical systems. Some of the main cybersecurity risks they face include:

• Data Breaches: Hospitals and clinics store vast amounts of sensitive patient information, including personal, payment and health data. A data breach could result in unauthorized access to this information, leading to identity theft, financial fraud, or other privacy violations.
• Ransomware Attacks: Ransomware that encrypts a provider's data, may make systems unavailable until a ransom is paid. Smaller hospitals may be targeted due to perceived weaker security measures. The impact on patient care can be severe.
• Lack of Resources: Smaller healthcare providers often have limited resources for cybersecurity measures, making them more vulnerable to attacks. Insufficient investment in security tools, employee training, and dedicated personnel can leave these organizations exposed to threats.
• Outdated Software and Systems: Legacy systems and outdated software may lack the latest security patches and updates, making them susceptible to exploitation. Small hospitals and clinics may struggle to keep their systems up-to-date due to budget constraints, compatibility issues and lack of staff.
• Insider Threats: Employees or contractors with access to sensitive information can pose a threat if they intentionally or unintentionally compromise security. This could include actions such as unauthorized access, sharing of login credentials, or accidental data leaks.
• Third-Party Risks: Small providers often rely on third-party vendors for various services, such as electronic health record (EHR) systems or medical devices. If these vendors have security vulnerabilities it can expose the healthcare provider to additional risks.
• Inadequate Training and Awareness: Employees may unintentionally contribute to cybersecurity risks through actions such as clicking on phishing emails or using weak passwords. Insufficient training and awareness programs can exacerbate these risks.
• Regulatory Compliance Challenges: Healthcare organizations must adhere to various regulations and standards, such as the Health Insurance Portability and Accountability Act (HIPAA) in the USA. Smaller providers may struggle with compliance due to limited resources and expertise.
• Telehealth Vulnerabilities: The increasing use of telehealth services introduces new cybersecurity challenges. Insecure communication channels, unsecured devices, and inadequate telehealth platform security can expose patient data to risks.

What Defensive Steps should providers take?

To address risks, smaller providers should prioritize cybersecurity measures and invest in security infrastructure. Some measures which they might take to strengthen their posture include:

• Deploying security tools that defend against the most common attack vectors, including endpoint protection with strong anti-ransomware and anti-exploit capabilities.
• Two or Multifactor authentication to thwart the abuse of compromised credentials and prevent the lateral movement of threat actors.
• Regular Backups to ensure that any data corrupted or destroyed in a breach can be restored. Backups must also be tested frequently to ensure that they are recoverable.
• Maintain an up-to-date incident response plan. This is essential to ensure that the correct steps are followed if a breach does happen. Without a well-defined incident response plan staff risk panicking or forgetting important steps due to the high-pressure environment of a security incident.
• 24/7 threat detection, investigation and response, whether delivered in-house or by a specialized provider

The Role of Threat Detection and Response

While most organizations have basic security controls like firewalls and endpoint protection such as antivirus in place, this is no longer enough. With the rapidly evolving threat landscape it is often possible, as we have seen, for attackers to circumvent controls. This means that we need an additional layer of defense.

XDR is one technology which can play a crucial role in making comprehensive threat detection and response accessible even to smaller organizations. XDR provides a unified toolset, where the provider of the XDR application does all the work of integrating the components required to perform a complete set of security operations tasks through a single application, presented via a simple, intuitive user interface allowing IT teams who don’t specialize in security to scale their capability into that space.

Samurai XDR provides all of the security operations tooling that is normally reserved for large organizations with substantial budgets at a price point that is well within the reach of even small healthcare providers while at the same time providing smaller IT teams the intuitive user interface they need for managing threat detection and response.

To experience how Samurai XDR provides you with a single pane of glass for your security operations, start your Free 30 Day Trial today.