If you work in the health sector, assume you’re being targeted at any moment.
Organisations across the Australian healthcare sector – from hospitals, medical centres and telehealth vendors to medical equipment and pharmaceutical manufacturers – house a wealth of highly sensitive information.
The collection of patient data, treatment documentation and financial records linked to Medicare and private health insurance makes these organisations obvious targets of threat actors seeking to steal data or network access for profit.
Compounding this is the digitisation of records and reliance on third-party software, the growth of which will almost certainly align with a continuous rise in the number and severity of attacks.
If successful, these cyber threats stand to increase delivery costs, affect patient outcomes and directly impact the healthcare system’s ability to provide care for patients. It could be a matter of life and death.
It’s vital for these organisations to gain awareness of the risk apertures and implement threat intelligence tools that enable quick identification, mitigation and prevention of cyber attacks.
One of the most prolific threats, these crimes are perpetrated by financially motivated actors who seek illegal access to sensitive information stored by healthcare providers or third-party affiliates. This data is highly lucrative when transacted in illicit communities, where actors can sell or trade stolen personally identifiable information.
Data breaches and vulnerabilities
Data from healthcare-related breaches is commonly discussed or advertised across nearly all illicit communities where threat actors interact. This stolen data often includes valuable patient records, along with access to medical networks that house information, such as cloud-based resources.
Healthcare institutions are particularly vulnerable to risks that stem from third-party vendors, like cloud service providers and internet of medical things (IOMT) manufacturers – any internet-connected device within a healthcare provider’s network. Cyber attacks of vendors along the supply chain could significantly affect business operations, compromise sensitive customer data and erode trust and reputation.
Simply put, ransomware in the healthcare sector could be a matter of life and death. The critical nature of healthcare and the necessity of data in its work requires the ability to rapidly recover from a cyber attack, making it more likely that an organisation will pay a ransom to recoup its data.
Research indicated that cyber attacks on the health and social sector in Australia doubled in 2021, making it the most attacked industry.
Ransomware attacks can dramatically reduce a healthcare facility’s ability to deliver care, the number-one priority. Medical facilities rely on a large number of internet-connected devices, which increases the number of potential attack vectors. Malicious attacks can shut down critical infrastructure, restricting access to records and vital medical data, potentially putting lives at risk.
A person within an organisation who has access to assets or insider information concerning the organisation’s security practices, data and computer systems can present a major threat. Insider threats don’t necessarily arise as the result of malice, but accidental neglect or falling victim to a phishing email or text scam.
Closing the risk gap
Organisations in the healthcare sector must evaluate network policies to harden ports and internet-facing resources, or close them off if not fulfilling a critical business function.
It’s vital for security teams to possess the tools necessary to detect and remediate breaches and attacks. For example, a ransomware dashboard allowing security operations centre (SOC) teams to view trends, victims, ransomware groups themselves, as well as an alerting system to make them aware of leaked credentials as soon as they occur to mitigate a breach.
The entire sector should assume threat actors are actively targeting, either directly or indirectly, at any time. As overwhelming as this may seem, it’s important to ensure an appropriate first line of defence against this ever-evolving threat landscape.
Having a thorough understanding of the organisation’s risk apertures, in the context of the threat landscape, is crucial to developing and maintaining an effective security posture. Not just to protect assets and infrastructure but personnel and, most importantly, patients from harm.
Ashley Allocca is senior cyber security intelligence analyst at risk intelligence firm Flashpoint.