While whole world has been fighting with corona outbreak, IT professionals across the globe were fighting a different pandemic – threats to Cybersecurity in Healthcare. Sudden need for advanced diagnosis technologies, mechanisms to handle massive records of new data, and rapid communication channels – everything the medical world did to increase their responsiveness and efficiency created new digital gateways for the cybercriminals.
Cost of an average medical data breach is increasing year by year and it is impacting the patient’s trust with the institutions. Stronger Cybersecurity in Healthcare is not only for the organizational efficiency of healthcare institutions but also to protect the trust and integrity of general public. In this article we cover various aspects of cybersecurity in healthcare by defining the scope of cyberthreats in healthcare, biggest cyberbreaches in healthcare and provide you some basic guidelines on improving cybersecurity in healthcare industry at large.
What comes under Cyberthreat?
Irrespective of their intentions and motivations, Cybersecurity threats upend all the efforts of a digitally growing organization, cause severe financial damage, and cost irreparable reputation damage. Technologies such as IoT and Cloud Computing that are being employed widely; Practices such as distributed data storage and using public networks are increasing the risk of security threats. Every business unit including the leadership teams must learn more about these common cybersecurity mishaps and start adopting safe practices (individual and org-wide) immediately.
Why Cybersecurity in Healthcare is a bigger problem in 2022?
Healthcare institutions, pharmaceutical companies, and health tech companies are the new target groups for the hackctivists and cyber spies. IBM and Ponemon Institute collectively conducted a study and calculated the average cost of a data breach by industry. Healthcare continued to stay at the top of the list in 2020 and 2021. According to these charts, cost of an average data breach in healthcare industry is a whopping 9.23 million USD.
As much as the number is flattering, (considering the vertical holds such high-valued data) one cannot deny the fact that Health tech is in such vulnerable state and prone to peril. Here are the top aspects contributing to this phenomenon.
Networks – This has been the soft target for breach of cybersecurity in healthcare. The intruders disrupt the network and gain access to the data that is travelling through the network. Subpar network security standards and trusting public networks to greater extents can lead to cybersecurity breaches. Vulnerabilities of networks can lead to Wiretapping, Encryptions, Traffic Analysis, Denial of service, Phishing, etc.
Communication Channels –A common target in the age of IoT and connected devices. The attackers try to compromise the operation of sensors and control systems by spoofing, jamming, or sending illicit commands in an attempt to disrupt the core system, cause blackouts, and in some events even result in physical damage to key system components.
Data Storage Practices – Scroll up and check the last graph. Data is the most valuable asset for the corporates in 21st century. Unsecured physical storage devices and cloud storages invite breaches. Impacts of Data breaches include business downtimes, legal complications, data loss, and threat to privacy.
Remote Working – It could be the most unexpected threat to cybersecurity in healthcare, considering most of the medical staff has been working as front-line support since ever the pandemic raised curtains. But 61 to 80% of corporate employees (non-essential healthcare delivery professionals who handle and have access to the data) work remotely. Device theft, unauthorized access or employees acting as corporate spies are just a few of potential cyberthreats due to remote working arrangements. Human error is one of the biggest contributors of data breaches.
Biggest Cybersecurity Breaches in Healthcare
Pfizer Breach – During a cyberattack on this pharma and biotech giant, COVID19 vaccine data was stolen and illegally published online in December 2020. Although the leak significantly caused no damage to Pfizer or approval process of their vaccine, it certainly caused drama considering the global medical emergency and Pfizer being one of the few first companies to attempt to create vaccine to prevent COVID19.
WannaCry Ransomware in UK – In one of the unfortunate days for Cybersecurity in Healthcare, National Health System hospitals were forced to delay treatment plans and reroute their ambulances as they temporarily lost access to the hospital’s information systems in 2017.
Wales Patient Data Breach – Over 18000 COVID-19 patient data was accidentally exposed when an employee ‘accidentally’ posted the information in a public-facing database instead of a secured server. Reports suggest that the patient data included the patients’ initials, dates of birth, geographical information, and gender details.
Incidents like these are why it is important for us to discuss Cybersecurity in healthcare today.
How to strengthen Cybersecurity in Healthcare?
Quite similar to any other industry vertical, Cybersecurity in Healthcare is all about protecting the electronic information to achieve three goals - Confidentiality, Integrity, and Availability. This is what Healthcare Information and Management Systems Society (HIMSS) calls CIA triad.
A system architectural model with 7 abstract layers that is inspired by the popular Open Systems Interconnection model (OSI) developed by the International Organization for Standardization (ISO) in the latter half of 1970’s is often used for documentation by the software engineers and architects. Let us follow the same model to discuss the layers’ functions and ways to reinforce better measures of cybersecurity in healthcare tech environments.
Humans and the devices they use to access the application comes under this layer. Most of the IT security professionals consider humans as the weakest link in the mission to enhance cybersecurity in healthcare. Digitally empowered Healthcare is sharing and receiving data from various individuals who are non-healthcare professionals which increases the exposure. Humans can be distracted, and hackers exploit that quality.
Ways Physical Layer Can be Managed for a better Cybersecurity in Healthcare
Training & Education
Zero-trust Security Model
Encryption of Information
Access control and Dynamic policy enforcement
Security orchestration, automation, and response (SOAR)
Tools to monitor endpoints and remote employees
Data Link Layer
Often called as perimeter layer where all the network layer connects with the physical layer to access and transmit data. Link layer brings Media Access Control and Logic Link Control together. It is often the most unattended layer in terms of security measures. Irrespective of being wired, virtual, or wireless; the ethernet networks need added attention and practices like Key Establishment Protocol to secure the Link Layer.
How Data Link Layer can improve Cybersecurity in Healthcare
Link Layer Encryption
Virtual Networks and Tunneling
Dynamic Access Control at Hardware level
Single Packet Authentication (SPA)
Symmetric Key Encryption
Dual Firewall / Demilitarized Zone
Someone being in your Network Layer means, they are already inside your system. Best practice is to give people access to this layer only when you believe it is absolutely necessary. Network Layer is responsible for addressing, routing, and traffic control. The most common threats to the Network layer are Information Gathering, Spoofing, and Distributed Denial of Service (DDoS).
Network Layer - Ways to Improve Cybersecurity in Healthcare
Intrusion Prevention System (IPS)
Web and Packet Filtering
Monitor traffic between Containers
Firewalls between networks
Explore Software-defined Networking (SDN)
Transport Layer security (TLS) is a commonly adopted security measure among digitally forward health tech networking professionals to enforce cybersecurity in healthcare. TLS usually involves securing communications between their Web servers and browsers irrespective of their sensitivity levels. Ignoring Transport Layer security can lead to interruption of communications, eavesdropping, data tampering and message forgery.
How to manage Transport Layer for improved Cybersecurity in Healthcare
Ensure site access via HTTPS by enacting HTTP Strict Transport Security (HSTS)
HTTP Public Key Pinning
Internet Engineering Task Force (IETF) standards
Perfect Forward Secrecy (PFS)
Application Layer Protocol Negotiation (ALPN)
Chain of Trust and Certificate Authorities
Session hijacking, Personal information retrieval, and Cross Site Scripting are some of the common cyberthreats at this layer. The IT managers and software engineers who build the applications are usually accountable to strengthen Session and Presentation layers. Considering the rise of web applications in health tech, focus on this and forthcoming layers could really tighten the cybersecurity in healthcare.
This host layer ensures the data is structured, presented, encoded, and translated for the Application layer to accept. Losing access control of this layer to wrong hands can result into SSL Hijacking, Decryption attacks, System exploitation, and Data exploitation. The common security breaches of this layer are attempted via unauthorized login access.
How Session and Presentation Layers Can Improve Cybersecurity in Healthcare
Data / Key Encryption
Restricted Access Controls
Zero Trust security model
Adopt Identity and Access Management (IAM) tools
System Hygiene (Deactivate ex-user accounts, uninstall unused software, monitor critical patches, etc.)
Use timing methods to restrict unsuccessful session attempts
Employ an Application Delivery Platform (ADP)
It is the development team’s responsibility to build this layer to be unbreakable to cybersecurity threats. The healthcare workers and the IT teams that Intrusions to this layer can invite Virus, Phishing, Key Loggers, Backdoors, Logic Flaws, Bugs, Trojan attacks, etc.
Improving Transport Layer for Better Cybersecurity in Healthcare
Install Virus Scanners
Patching and Hardening
Filer user-supplied data
Follow quality-first coding practices
Use runtime self-protection controls
Perform root-cause analysis
Make wise design choices
As every CIO of a healthcare establishment is being ambitious about digital maturity, it is time for them to aim big for cybersecurity in healthcare too. Nearly every healthcare department (frontline or otherwise) will have access to patient’s Personally Identifiable Information (PII) and Protected Health Information (PHI). In addition to training employees for better compliance, it is also important for the tech leadership to (re)build a cyber incident response plan.
If you are a CIO or a CTO of a healthcare firm, want to build or refine your cybersecurity program, see if you are already doing these:
- Infuse ‘Security’ and ‘Quality’ in organizational culture
- Secure your sites with HTTPS with an SSL certification
- Regularly update your systems and software
- Healthcare IT Asset Management (ITAM) is vital
- Never overlook the data backups no matter how reliable your database provider is
- Have a cybersecurity partner / consultant
- Subtly train your patients / users with best practices of browsing
- Have phishing simulation and redraft your action plan with better ideas
- Have regular conversations with your vendors and partners about cybersecurity in healthcare
If you have everything above already in action and you want to redefine the rules of cybersecurity in healthcare, our experts who’ve helped some of the biggest corporates in the world with their digital and business transformation initiatives would love to brainstorm with you. Drop us a ‘hi’ some time at firstname.lastname@example.org