effective healthcare

Effective Healthcare Requires Strengthened Cybersecurity for Patient Care and Protection

Chris Swagler | July 11th, 2024

 

It would be a tremendous understatement to say that the healthcare system is essential for both robust economic activity and individual quality of life. The size and nature of the sector demonstrates this fact. A significant societal and business challenge facing healthcare providers today is the quality of data and network security, which has a direct relationship to care.1 

Information provided by the American Hospital Association presently identifies 6,120 hospitals in the United States alone with a staffed bed capacity of 916,000.2 Additionally, there are approximately 10,728 urgent care centers throughout the country, according to Definitive Healthcare, plus thousands of small, private practices.3 Within these facilities, “83.4% of adults…and 93.9% of children” account for more than 1 billion physician visits, per Centers for Disease Control and Prevention data.4 Each one of these visits means doctors and other staff are opening, editing, transmitting, and storing records on each patient. And the unfortunate fact of the matter is that with each new person accessing the sensitive patient data, there is an increased opportunity for threat actors to somehow intercept that information.

Threat actors are heavily targeting the healthcare industry because of the incredible sensitivity found in patient records and the total market capitalization of the sector. Research has found that medical records are the most expensive record sold on the dark web, commanding upwards of $250 while credit card or social security numbers fetch less than $10 on average (mosmedicalrecordreview 5, LinkedIn 6, medicaleconomics 7, NordVPN 8).

Furthermore, the vast amount of money within the sector, estimated by the Centers for Medicare & Medicaid Services (CMC) to be $4.5 trillion, provides a lot of ‘opportunity’ for threat actors to skim some of this off for themselves.9 As a result of the intensive targeting and highly sensitive nature of the data—which, in turn, costs a lot to safeguard—the cost of a data breach in the healthcare industry dwarfs other sectors. When a healthcare provider experiences a data breach, the cost to remediate more than doubles the average among all industries with a spread of $10.93 million and $4.45 million respectively, according to the The HIPAA Journal, citing IBM Cost of a Data Breach Report.10 These costs span several components, including downtime, data recovery, settlement payouts, ransom payments, and more.

The Change Healthcare cyberattack: a case study

Just last month, Change Healthcare, a subsidiary of the world’s largest healthcare insurer (UnitedHealth Group) was targeted by a cyberattack that continues to cause problems throughout the sector11. Given the extensive downtime of payment processing systems, disruptions to prescription filings, and the vast likelihood of millions of stolen records, the U.S. Department of Health and Human Services (HHS) is investigating the incident as a violation of HIPAA, which at its core is law designed to increase protections around patient data12.

So, what happened?

Notorious threat group BlackCat/ALPHV has since claimed total responsibility for the targeted attack and, as some publications report, may have received a $22 million ransom payment to expedite recovery and limit data loss (CRN13, Wired14, Kare1115).

While the root cause has not yet been uncovered and or disclosed, the attack on Change Healthcare is an all-too-common example of a massive and influential organization falling short of patient and customer expectations of data security. While healthcare is an industry that will recover and still serve millions of individuals annually, it is reasonable to ask how providers will be able to regain the trust of patients.

How can organizations respond?

Cybersecurity is not a tool or toolset, but a collaborative practice among informed and discerning people who utilize the best in automated technology, education, and experience to anticipate, prepare for, and counter malicious adversaries.

While every case of a data breach or cyberattack are different in the details, the cases handled by our Security Operation Center (SOC) can provide some insight into the steps organizations, including healthcare providers, can take to improve cyber resilience and harden security around sensitive data.

SpearTip recently responded to a completely separate and distinct attack on a healthcare provider, the details of which may shed some light on just how threat actors infiltrate healthcare networks and wreak havoc. The evolution of cyber threats in today’s landscape calls for an evolution of defense against them. Not only are threat actors targeting the endpoint, but they’re looking for different avenues of exploitation to gain access to digital environments.

In late 2023, threat actors initially accessed the healthcare organization’s environment through their help desk by calling in with a specific user’s biographical data and moving their device into the user’s MFA (multi-factor authentication) process. Once inside the environment, the threat actor collected additional intelligence within the user’s Microsoft O365 account. This information allowed the threat actor to receive a fraudulent wire transfer from a legitimate account to an unauthorized account, which resulted in a large financial loss well over $10M.

A way to combat a breach of this type is through a service that includes active monitoring and real time threat remediation from a SOC. SpearTip’s cloud application monitoring service is such an example as it enables our team to gain vision into your cloud applications and take action in real time to prevent malicious activity.

During the incident response engagement in question, SpearTip enrolled this organization in Cloud Monitoring as part of the breach investigation to identify any other potential issues and ensure the unauthorized account access was remediated. This investigation allowed SpearTip to provide additional security recommendations within the tenant to improve posture for the future and better safeguard sensitive healthcare related data. Similar safeguards can be extended to endpoints, as well.

The point here is that having a depth and breadth of network visibility is vital to limiting the likelihood of an attack, just as extensive preparation and training can potentially lessen resulting damages.

Listen to Andrew Chace, Manager of Incident Response at SpearTip, discuss some of the content of this article with the team at KMOX | Audacy16.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.

Sources

  1. com. “Two North Jersey Hospitals continue to turn away patients in wake of cyberattack” NorthJersey.com, 2023. Web. <https://www.northjersey.com/story/news/health/2023/11/28/nj-hospitals-continue-to-divert-patients-cyberattack-hackensack-meridian-pascack-valley/71727571007/>
  2. American Hospital Association. “Fast Facts on U.S. Hospitals, 2024” American Hospital Association, 2024. Web. <https://www.aha.org/statistics/fast-facts-us-hospitals>
  3. Definitive Healthcare. “How many urgent care centers are in each U.S. state?” Definitive Healthcare, 2024. Web. <https://www.definitivehc.com/resources/healthcare-insights/us-urgent-care-centers-by-state>
  4. National Center for Health Statistics. “Ambulatory Care Use and Physician office visits” National Center for Health Statistics, 2022. Web. <https://www.cdc.gov/nchs/fastats/physician-visits.htm>
  5. MOS Medical Record Reviews. “Why Medical Records Are a Hot Product on the Dark Web Marketplace” MOS Medical Record Reviews, 2016. Web. <https://www.mosmedicalrecordreview.com/blog/why-medical-records-are-hot-product-on-the-dark-web-marketplace/>
  6. Thomas Lacher, CISSP. “Why Medical Records are 10 Times More Valuable Than Credit Card Info?” Thomas Lacher, 2023. Web. https://www.linkedin.com/pulse/why-medical-records-10-times-more-valuable-than-card-lacher-cissp/
  7. Medical Economics. “HIPAA cost confusion and privacy myths” Medical Economics, 2023. Web. <https://www.medicaleconomics.com/view/hipaa-cost-confusion-and-privacy-myths>
  8. Nord VPN. “Payment Card Details Theft” Nord VPN. Web. <https://nordvpn.com/research-lab/payment-card-details-theft/>
  9. Center for Medicare & Medicaid Services. CMMC Documentation. https://dodcio.defense.gov/CMMC/Documentation/. Accessed 8 July 2024.
  10. Alder, Steve. “The HIPAA Journal.” IBM: Average Cost of a Healthcare Data Breach Increases to Almost $11 Million, 24 July 2023, https://www.hipaajournal.com/2023-cost-healthcare-data-breach/.
  11. Wells, Kane. “UnitedHealth Remains World’s Largest Insurance Company for Ninth Year Running – Reinsurance News.” Ws, 8 Jan. 2024, https://www.reinsurancene.ws/unitedhealth-remains-worlds-largest-insurance-company-for-ninth-year-running/.
  12. Diamond, Dan. “HHS Opens Probe into UnitedHealth’s Cybersecurity as Hack Fallout Continues.” Washington Post, 2 May 2024. washingtonpost.com, https://www.washingtonpost.com/health/2024/03/13/patient-data-breach-hhs-probe-unitedhealth-change-healthcare/.
  13. Haranas, Mark. UnitedHealth Pays $22 Million To Ransomware Group Behind Change Healthcare Cyber-Attack: Reports. https://www.crn.com/news/security/2024/unitedhealth-pays-22-million-to-ransomware-group-behind-change-healthcare-cyber-attack. Accessed 11 July 2024.
  14. Greenberg, Andy. “Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment.” Wired. wired.com, https://www.wired.com/story/alphv-change-healthcare-ransomware-payment/. Accessed 11 July 2024.
  15. Severson, Gordon. “What We Know about Reported Healthcare Hack Ransom Payment.” Com, 5 Mar. 2024, https://www.kare11.com/article/news/local/breaking-the-news/reported-hacker-ransom-possibly-paid-by-united-health/89-02040e5e-6412-4e75-8ca2-ccdda21ea9e6.
  16. How Safe Are Healthcare Institutions Keeping Your Medical Records – Total Information AM. https://omny.fm/shows/total-information-am/how-safe-are-healthcare-institutions-keeping-your. Accessed 11 July 2024.

Categories

Connect With Us

Featured Articles

EDR Silencers
Responding to the Exigent Emergence of EDR Silencers
06 December 2024
Illusion of Invulnerability
How the Illusion of Invulnerability Can Elevate Business Risk
22 November 2024
Critical Role of Annual Assessments
The Critical Role of Annual Assessments for Preventative Cyber Care
11 November 2024
Cybersecurity Measures
Enhancing Cybersecurity Measures for Business Continuity
29 October 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

inside the soc

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.
shadowspear platform

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.
shadowspear demo

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.