Protecting data in the age of digital health
Healthcare institutions hold vast amounts of highly sensitive information on large swathes of the population — from basic details such as a person’s name and address, down to their unique and detailed medical history. As such, patient records are a target for ransomware attacks.
Bad actors and cybercriminals seek this data for many different reasons. This valuable data can be used for crimes such as identity theft, but healthcare breaches are particularly serious because personal data can, in some cases, mean the difference between life and death. It is therefore vitally important for CIOs within the healthcare sector to build secure IT infrastructures that not only withstand ransomware attacks, but ensure this critical data remains available.
Cybersecurity in the healthcare sector has traditionally been very poor as medical staff are rightly focused on saving lives rather than upgrading IT systems. This is true now more than ever, with the coronavirus pandemic occupying huge amounts of healthcare providers’ resources. To add to this, ransomware attacks have intensified under the pressure of the pandemic.
In February this year, The Office of the Australian Information Commissioner released a detailed four-step Data Breach Action Plan, specifically for health service providers including the myGov Health Record.
On 19 June, the Defence Minister and the PM called a press conference to reveal that Australian organisations were currently being targeted by a sophisticated state-based cyber actor. The broad attack was across all levels of government including health.
The Australian Government recently announced it will be investing $1.67 billion in its 2020 cybersecurity strategy to protect and strengthen the security and resilience of Australia’s critical infrastructure. This is the largest ever Australian Government financial commitment to cybersecurity and is a direct result of the increase in Aussies interacting more online, for work, health care, education, entertainment and shopping. The healthcare sector is also embracing new technology.
We all stand to benefit from digital technology in health care as better medical research, clinical trials and treatments can save lives and improve the way we treat illnesses. We are already seeing video communications and surgical robotics gain traction in health care, and new technologies such as augmented reality are set to have a significant impact.
A few years ago, the Australian Government controversially introduced MyHealth records which made a summary of key health information available online. The initiative caused uproar among many Australians, who had concerns regarding the safety of their personal data. This puts incredible pressure on organisations and the public sector to ensure patient data is safe and secure.
By taking proactive, as opposed to reactive, precautions, this face-off might never be necessary. IT teams within healthcare institutions and related organisations should consider a data protection strategy on a foundation of education, implementation and remediation to be impermeable from the word go.
Understanding the risks
The journey of understanding starts after the threat actors are identified. Remote desktop protocol (RDP) or other remote access tools, phish and software updates are the three main mechanisms for entry. Knowing this can help an institution focus its investment strategically, enabling maximum resilience against ransomware from an attack vector perspective.
Most IT administrators use RDP for their daily work for remote access, with many RDP servers still directly connected to the internet. As a result, over half of ransomware attacks currently use RDP as an entry pathway. Other threats choose phish mail as their method of choice. If you are ever unsure if you have received a phish email, there are two popular tools that can help assess risk: Gophish and KnowBe4. It is also essential to keep in mind the need to update critical categories of IT assets such as operating systems, applications, databases and device firmware. Extend this thorough approach to data centres, too, as they can be just as susceptible to attack as the data housed onsite.
When it comes to a ransomware attack, resiliency hinges on how the backup solution is implemented, the behaviour of the threat and the course of remediation. As an important part of ransomware resiliency, implementation of backup infrastructure is a critical step.
Backup repositories are an essential storage resource when it comes to ransomware resiliency, so it is recommended that access to those within the organisation is not permitted. Insiders having access to this data could lead to potential leaks outside of the organisation, so it is recommended that these responsibilities are managed by a third party, where possible.
Despite ensuring your institution is educated around the threats of ransomware and implements the correct techniques accordingly, you should always be prepared to remediate a threat where necessary.
If you do suffer an attack, your next steps to remediating ransomware are:
- Do not pay the ransom.
- The only option is to restore data.
One of the hardest parts of recovering from a hack is decision authority. Make sure you have a clear protocol in place that establishes who will make the call to restore or to fail over your data in the event of a disaster. Within these business discussions, agree on a list of security, incident response and identity management contacts that you can call on if needed. When a breach happens, time is of the essence — you will thank yourself for having prepared in advance.
Just as you would invest in insurance for your home, you should consider backup an investment in the same vein. It is something you hope never to need, but if the worst happens, your organisation is protected, and your staff and patients’ data is safe. By properly educating your colleagues on the risks, implementing the appropriate infrastructure and having the appropriate remediation protocols in place, you will not only increase your resiliency against a ransomware attack but also avoid data loss, financial costs or reputation damage to your organisation.
Critical, real-time access to data can substantially benefit the pharmaceutical industry.
A global healthcare study by mobile and IoT management solutions provider SOTI reveals that only...
Device visibility is the number one issue that healthcare organisations need to address to meet...