Mitigating Risk in the Healthcare IndustryPOSTED BY LIZ BUSH
SingHealth. UnityPoint Health. LabCorp. Blue Springs Family Care. Sunspire. Alive Hospice. Cass Regional Medical Center. A quick Google search reveals that in the month of July alone, each of these facilities reported that they were victims of cyberattacks, putting millions of patient records, other sensitive data and systems at risk.
Clearly, healthcare organizations are attractive targets for today’s hackers. Not only do providers process and store reams of personal and health information on behalf of patients. The data is comparatively much more valuable, so hackers stand to make big profits. A healthcare record sells for eight to 10 times the price of a credit card on the black markets, according to research from Cisco.
Attackers also exploit the fact that healthcare providers operate in a rapidly changing and fast-paced environment where, by necessity, security isn’t their top priority – lives are. Clinicians need instant and reliable access to patient records as well as the latest medical devices and systems to diagnose, monitor and treat patients. They also often must rely on outdated legacy systems and software that they are reluctant to upgrade given the potential for interruptions in care delivery. Looking at the attacks reported in July, cybercriminals use a variety of tactics, techniques and procedures (TTPs) – spear phishing, ransomware, other malware variants, and highly targeted attacks focused on credential stealing – to penetrate Electronic Health Record (EHR) systems and other systems and infrastructure.
So, what can organizations do to better protect themselves and mitigate risk?
Threat intelligence can provide valuable details on attackers’ motives and their TTPs that can be used to determine how to most effectively strengthen defenses. A robust threat intelligence platform, like ThreatQ, can bring order to healthcare security operations. It integrates with existing security infrastructure and workflows so that security teams can collaborate and work smarter, not harder. They can gain context to understand and prioritize the threats that matters most for their health system environment and may impact their HIPAA-related security policies. With greater insights they can proactively hunt for malicious activity on their network and make better decisions to accelerate detection and response.
Download ThreatQ for Healthcare to learn about the threats healthcare organizations face and how a threat intelligence platform can help.