The healthcare sector has recently been found to be the top target for cyber-security attacks. In Q2 of 2022, analysts Kroll found that 21% of all attacks were in the sector; compared to 11% in Q1. This equated to a rise of 90% in attacks against health organisations in just three months.
The most commonly seen threats for the sector are ransomware, email compromise (phishing) and unauthorised access which all have unique challenges in prevention.
So why has healthcare become a target? Healthcare has become a key target for cyber criminals for a variety of reasons, but the main reasons being that the scale of organisations, underinvestment, and the difficulty in securing systems. The wealth of patient information is worth a lot of money to attackers who can quickly sell it on across the dark web or hold organisations to ransome for bitcoin.
In this blog post, we discuss the main risks for security in healthcare, challenges in improving security posture and what this potentially all means for healthcare workers.
Government pressure to improve resilience
Before we start talking about the threats from cyber criminals, it is important to be aware of the regulations that the government is using to improve organisational resilience for cyber-security. The main goal of these regulations is to boost and standardise security standards and increase the reporting of serious cyber incidents, designed to reduce the risk of attacks causing disruptions and protect vital services and the supply chains they rely on.
The main regulation around cyber-security is the Network and Information Systems (NIS) regulation, which came into force in 2018 to improve the cyber-security of companies providing critical services. Organisations that fail to meet the regulatory standards can face fines of up to £17 million.
The Government continues to strengthen this regulation, working to ensure that organisations remain compliant, with Julia Lopez Minister for Media, Data and Digital Infrastructure stating that “The services we rely on for healthcare, water, energy and computing must not be brought to a standstill by criminals and hostile states”.
The NIS regulations come as part of the UK governments £2.6 billion National Cyber Strategy which is focused on making risk businesses improve their cyber resilience and securing the UK’s digital ecosystem.
What are the risks for healthcare?
Healthcare is not unique in the methods that cybercriminals use to infiltrate their networks, but the sensitivity of data and the importance of critical equipment means that breaches can have dangerous consequences.
Here are the four biggest cyber-security challenges in healthcare:
This is when attackers illegally gain access to computer systems to deploy malware (malicious software); and once this software has been installed, data will be encrypted and in order to decrypt data, attackers make demands.
Data is not always taken in these attacks, but it can be used as part of the negotiations as sensitive data can be sold online to third-party buyers.
Phishing, across all industries, is the most common method used by cybercriminals as it is usually the most effective. It has been reported that 2%-3% of all email and internet traffic to an NHS trust was regarded as a suspicious threat.
Put simply, phishing is when innocuous emails are infected with malicious links that direct users to a decoy web page, usually mirroring a login screen for familiar internal software. If the target submits their credentials, cybercriminals can gain access to healthcare systems.
It may seem simple and easy to avoid phishing breaches, but many of these emails are elaborate and look very convincing and rely on social engineering tactics to get results – so without proper training and education, there is always the risk of a breach. Find out more about phishing here.
The huge amount of sensitive and operationally critical data makes data breaches a key cyber-security risk in healthcare. The sheer quantity and accessibility of this data makes securing it, increasingly difficult.
In addition huge cybersecurity gaps around data in healthcare, provide entry points for cyber attackers that continue to threaten the safety of patient care and data.
Distributed-denial-of-services (DDoS) attacks
DDoS attacks are more effective in healthcare than most other industries, due to the range of endpoint vulnerabilities and huge number of devices connected to the organisation’s network.
These attacks don’t offer the same data extraction risks as ransomware, but force operational disturbance which can have dangerous impacts for patient care. DDoS breaches are simpler and easier to deploy for attackers as they don’t require them to breach the networks.
These see attackers flooding targeted servers with fake connection requests, and during the attack, endpoints and IoT devices are forcibly recruited into a botnet through a malware infection which can gives attackers control of the devices.
The NHS fell victim to a server DDoS attack in 2017, now named WannaCry attack, where attackers gained access to their systems and installed malware. It is estimated to have cost the NHS around £20m during the attack due to lost output, and a further £72m in IT support to restore data and systems.
The attack resulted in huge disruptions across more than 80 hospital trusts, 8% of GP practices and it was later found that 19,000 appointments were cancelled across the one-week period of the attack.
Learn more about how you can secure your organisations from cyber threats with our series of Security Quick Guides.
Challenges in securing healthcare
With a huge number of endpoints and IoT devices that are essential to patient care, legacy equipment and a large attack surface, securing systems security has evolved into a far more advanced proposition. This now often includes both Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) delivering a wide range of tools to help incident investigation and remediation.
Healthcare also requires data to be sharable and accessible in multiple locations and across a wide number of departments/personnel to work collaboratively. With the increase in remote working and digital health initiatives, there are a number of new challenges.
Connecting to external devices in different/off-site locations is risky, but there are a number of solutions you can use to protect the ‘edge’ of the network, such as next-generation firewalls, network monitoring, IoT and mobile security. One method adopted by many and effective in securing devices outside of your network is a Zero Trust approach. This approach ensures that all devices are authorised to access applications and the network is authentic and safe.
A “never trust, always authenticate” approach ensures that no device can access resources until the identity and authorisation can be verified.
How to improve cyber-security posture
With all the threats considered and the unique difficulties faced when securing healthcare organisations, we believe that there are a number of core areas that you should focus on:
Improve network infrastructure & use Multi-factor authentication
There are a number of tools/solutions that you can implement to improve your cyber-security, and we would recommend reviewing your current strengths and weaknesses with a review of your current security posture. You can do this with a Cyber Threat Assessment; this will give you an in-depth view of the current state of your network and areas that pose risks and require attention.
Additionally, implementing Multi-Factor Authentication (MFA) is a simple and effective way of deterring many attack attempts. And as it is estimated that 90% of all cyber-attacks could be prevented with MFA on endpoints and mobile devices – we believe it is an essential tool in the fight against cybercrime and where available and possibly always switched on.
Train staff on cyber threats
Training your staff on the risks of phishing and social engineering attacks is a simple and effective method to reducing the risks of cyber-attacks. With humans being the weakest link in any security initiatives it is a critical step in building a more resilient approach to security.
We offer a free simulated phishing attack, find out more here.
You can’t measure what you don’t know and if you can’t see a security risk, you can’t fix it.
Intrusion prevention solutions can identify and notify you when a potential anomaly or threat is recognised. These can often quarantine and remediate potential challenges using sophisticated AI and machine learning. This delivers better visibility about the network and what activity, malicious or otherwise is happening.
Whilst cyber/patient security is now higher on the board’s action plans, it requires ongoing review, focus and resources and this challenge is slowly being taken up within the industry. However, the complexity and demands on resources can make this a challenge and it’s important to ensure that the right levels of expertise are present within the organisation to ensure that investment can be made to secure the most critical vulnerabilities and a robust roadmap to be created to protect the organisation.
Have you got questions about your security posture and want to speak to an expert? Get in touch with us today.
You can also learn more about how you can secure your organisation against cyber threats with our series of Security Quick Guides.