Healthcare institutions are heavily targeted by cyber attackers. The critical services these institutions provide, the volume of sensitive data they handle, the mix of IT and OT infrastructure, and unpreparedness make healthcare institutions very attractive and vulnerable to cyberattacks. While several strategies exist to mitigate risk, deception technology in healthcare is a proven and effective method to detect and respond to cyber attacks.
The state of healthcare cybersecurity
According to statistics published by the HIPPA Journal:
- There has been an upward trend in healthcare-related data breaches over the past 14 years.
- Between 2009 and 2022, 5,150 healthcare data breaches of 500 or more records have been reported to the HHS’ Office for Civil Rights.
- Those breaches have resulted in the exposure or impermissible disclosure of 382,262,109 healthcare records.
- In 2022, an average of 1.94 healthcare data breaches of 500 or more records were reported each day.
- Hacking is now the leading cause of healthcare data breaches.
- Many of the hacking incidents between 2014-2018 occurred many months, and in some cases years before they were detected.
A review of the current data in the Department of Health and Human Services, Office for Civil Rights (HHS OCR), a database of major breaches, also shows that cyber attackers continue to compromise healthcare institutions more with each passing year.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) stipulates how personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft. Major healthcare data breaches are defined as those reported under HIPAA compliance as impacting the confidential healthcare data (personal health information – PHI) of more than 500 individuals.
The penalties for HIPAA violations can be severe. Multi-million-dollar fines are possible when violations have been allowed to persist for several years or when there is systemic non-compliance with the HIPAA Rules.
What are some of the cybersecurity challenges in healthcare
Attacker tactics have evolved. Email is identified in the HHS OCR data as the primary attack vector, and the use of email has been increasing during the past few years.
The rapid move to mobile devices and the broad interconnection of healthcare networks between hospitals, physicians, diagnostic labs, surgical centers, long-term care facilities, and other healthcare institutions have made healthcare networks much more porous. Malware-infected medical devices provide a safe target where embedded attackers can remain relatively undetected for long periods of time.
Once inside the healthcare network, cyber attackers know that medical devices are likely targets of opportunity for their malware tools. If they can get to a medical device, they have a very high probability of inserting their command and control software tools and using this to communicate with an IP address that has not yet been identified as malicious by current threat intelligence.
Standard cybersecurity tools cannot be installed within FDA-certified medical devices.In the United States, all of these medical devices are closed devices, that is, no standard cybersecurity controls may be added by healthcare personnel for fear of voiding FDA certification, voiding manufacturer warranty, creating a potential hazard to patients, and being financially liable for that hazard. Operating systems in medical devices are typically older, out-of-date, and missing critical updates which exposes them to vulnerabilities.
It is not simple nor fast to remediate the situation in the case of malware-infected medical devices.
The operating system software must be completely reinstalled by authorized vendor personnel. The downtime for a device like an MRI or CT scan can cost a hospital or MRI center hundreds or thousands of dollars or more in lost revenue. This makes deception technology in healthcare a feasible option.
The use of segmentation to protect healthcare networks can help. But only some parts of hospital networks have implemented network segmentation in whole or part. Network segmentation is difficult and sometimes expensive to implement. Portable devices such as X-ray machines, blood gas analyzers, and other devices that must hop on and off various wireless networks are yet another small but complicating factor.
How can Deception Technology in Healthcare solve the problem?
Deception technology in healthcare can rapidly and decisively identify attackers hidden away in medical devices.
Deception technology in healthcare can be used to lure and deceive attackers into revealing themselves earlier. With realistic decoys that blend into the network, any activity emanating from within a medical device will very quickly reach a deception decoy. When the attacker engages with a decoy, an alert is raised. Since a legitimate user will not have any reason to interact with a decoy, this sort of behavior is clearly malicious.
Deception technology is not variable, probabilistic, or conditional. The detection used by deception technology is absolute and crystal clear. Hence, there will not be any false positives on which the response team will need to waste their time.
Since deception technology is not platform dependent and offers a wide range of decoys for both OT (Operational Technology) and IT networks, it is well suited for healthcare where hospital networks have a mix of inter-connected IT and OT devices.
Acalvio deception technology is optimized and well-architected to protect healthcare networks and can overcome many weaknesses in current healthcare network cyber security architecture, leveraging many years of experience protecting some of the largest healthcare institutions in the world. In addition, Acalvio ShadowPlex is perfectly suited to organizations seeking HIPAA compliance.
The deception technology decoys in ShadowPlex are easily interspersed within a hospital network network, amongst medical devices. Every way they turn, attackers will face a high probability of detection. At any point in time, when they touch a deception decoy, Acalvio will identify them with high certainty and issue a very high-integrity alert for action by the SOC team responders.
FAQ
Why is cybersecurity important in the healthcare industry?
Hospitals perform critical functions and handle and store large volumes of sensitive patient data. This combination of factors makes them attractive targets for cyber threats. Since healthcare networks interface with third-party vendors, have a mix of IT and OT networks, and often comprise systems with legacy operating systems, this leaves them vulnerable to different cyber attacks.
What are the most significant cyber threats affecting healthcare in 2023?
The biggest cyber threats affecting the healthcare industry are Hacking, Data Breaches, and Ransomware Attacks. Some of the biggest cyber attacks that affected healthcare providers in 2023 include:
- HCA Healthcare data breach that affected over 11 million individuals.
- MCNA Dental data breach that affected over 8.9 million people.
- PharMerica ransomware attack involving the data of over 5.8 million people.
How can we mitigate cyber attacks in healthcare?
Cyber attacks can be mitigated by ensuring that all systems are patched and have critical updates applied. This includes the systems of third-party vendors who interface with the main healthcare network. Network segmentation is another strategy that helps. The use of modern active cyber defense technologies like deception technology help proactively detect and respond to cyber attacks.
Why is deception technology important in the Healthcare Industry?
Deception technology in healthcare does not depend on a specific platform, and offers a wide variety of decoys. So, it is well-suited to healthcare networks that have a mix of IT and OT devices. Deception technology lures attackers away from critical assets, protecting valuable medical devices and patient records. Providing early, high-fidelity detections, deception-technology based cybersecurity solutions can secure healthcare networks from new and emerging threats.
Authors
