Healthcare and BioTech
Healthcare and BioTech
Industry
Healthcare and BioTech
Healthcare and BioTech
Industry

Healthcare and BioTech

Cyber security in healthcare, pharmaceutical and biotech is without doubt a critical need in the digital age.
Healthcare during Covid

We saw the COVID-19 pandemic accelerated and proliferated the number of cyber-attacks targeting the healthcare sector; only for it to become clear the need to build robust cyber security programs within the healthcare and biotech sector.

The consequential rise of ransomware attacks targeting healthcare saw for the first time how ransomware can impact human lives. The first major incident was the NHS in United Kingdom that was crippled with the WannaCry ransomware. The ransomware attack that impacted the NHS so profoundly in 2017 was a watershed moment for healthcare cyber security in UK and further afield. It was a problem that impacted patient care directly, costing the organisation $116.4M and leading to almost 19,000 cancelled appointments.

Healthcare during Covid

We saw the COVID-19 pandemic accelerated and proliferated the number of cyber-attacks targeting the healthcare sector; only for it to become clear the need to build robust cyber security programs within the healthcare and biotech sector.

The consequential rise of ransomware attacks targeting healthcare saw for the first time how ransomware can impact human lives. The first major incident was the NHS in United Kingdom that was crippled with the WannaCry ransomware. The ransomware attack that impacted the NHS so profoundly in 2017 was a watershed moment for healthcare cyber security in UK and further afield. It was a problem that impacted patient care directly, costing the organisation $116.4M and leading to almost 19,000 cancelled appointments.

Why Healthcare?

Hospitals and healthcare clinics have experienced significant data breaches primarily driven by ransomware attacks. First, health data is more valuable to cyber criminals. Health data, including medical records, contain protected health information (PHI), which is more valuable on the dark web than credit card credentials or regular personally identifiable information (PII).

Whereas a credit card number can sell on the dark web for around $1.50, a single electronic health record (EHR) can sell for upwards of $300. This is largely because PHI doesn’t change over time. Healthcare records and patient records often include personal information such as names, Social Security numbers, dates of birth, payment information, insurance identification numbers, and more. Those facts can’t easily be canceled or changed like, say, canceling a credit card.

The permanent nature of this information makes it more valuable to cybercriminals, since they can use it to commit identity theft. Long story short: healthcare hacking is profitable.

Many healthcare organizations don’t invest enough in cybersecurity for this very reason, but cyber criminals know this. They also know that a healthcare organization is more likely to pay up when its data is held for ransom, so medical staff can resume operations as quickly as possible.

Why Healthcare?

Hospitals and healthcare clinics have experienced significant data breaches primarily driven by ransomware attacks. First, health data is more valuable to cyber criminals. Health data, including medical records, contain protected health information (PHI), which is more valuable on the dark web than credit card credentials or regular personally identifiable information (PII).

Whereas a credit card number can sell on the dark web for around $1.50, a single electronic health record (EHR) can sell for upwards of $300. This is largely because PHI doesn’t change over time. Healthcare records and patient records often include personal information such as names, Social Security numbers, dates of birth, payment information, insurance identification numbers, and more. Those facts can’t easily be canceled or changed like, say, canceling a credit card.

The permanent nature of this information makes it more valuable to cybercriminals, since they can use it to commit identity theft. Long story short: healthcare hacking is profitable.

Many healthcare organizations don’t invest enough in cybersecurity for this very reason, but cyber criminals know this. They also know that a healthcare organization is more likely to pay up when its data is held for ransom, so medical staff can resume operations as quickly as possible.

What Is the Main Cause of Healthcare Data Breaches?

The primary reason for the spike in healthcare data breaches last year was due to the rise in ransomware attacks. According to many reports, ransomware attacks accounted for 55% percent of healthcare data breaches in 2020.

The numbers for 2021 are even higher. Hacking incidents and IT incidents (which include malware and ransomware attacks) accounted for 68% of reported breached – but what about undisclosed breached. In April 2021 alone, the top three data breaches were all ransomware attacks and involved 1.3 million healthcare records.

Ransomware groups know that healthcare organizations are especially vulnerable to ransomware attacks during a global pandemic. At the same time, they have also shifted the way in which they conduct ransomware attacks.

In the past, ransomware groups merely encrypted their victims’ data and then held it for ransom. Today, ransomware attacks also involve data theft prior to encryption. This lets ransomware groups threaten to release and sell that data on the black market, should the victim company refuse to pay for a decryption code.

Even when attackers do receive payment, there is no guarantee that the ransomware groups will provide a decryption code in exchange — leaving healthcare organizations high and dry.

What Is the Main Cause of Healthcare Data Breaches?

The primary reason for the spike in healthcare data breaches last year was due to the rise in ransomware attacks. According to many reports, ransomware attacks accounted for 55% percent of healthcare data breaches in 2020.

The numbers for 2021 are even higher. Hacking incidents and IT incidents (which include malware and ransomware attacks) accounted for 68% of reported breached – but what about undisclosed breached. In April 2021 alone, the top three data breaches were all ransomware attacks and involved 1.3 million healthcare records.

Ransomware groups know that healthcare organizations are especially vulnerable to ransomware attacks during a global pandemic. At the same time, they have also shifted the way in which they conduct ransomware attacks.

In the past, ransomware groups merely encrypted their victims’ data and then held it for ransom. Today, ransomware attacks also involve data theft prior to encryption. This lets ransomware groups threaten to release and sell that data on the black market, should the victim company refuse to pay for a decryption code.

Even when attackers do receive payment, there is no guarantee that the ransomware groups will provide a decryption code in exchange — leaving healthcare organizations high and dry.

Why Hackers target Healthcare?

The healthcare industry has unique cybersecurity vulnerabilities that make it more prone to cyberattacks in general. The cause of healthcare data breaches may include malware, ransomware, hacking, phishing, insider threats, third-party data breaches or the loss or theft of laptops and other devices.

Network server incidents, most of which involved ransomware or malware, have surpassed phishing as the most common cause of healthcare data breaches. Phishing emails, however, are often the root cause of many of these ransomware attacks.

Phishing occurs when malicious actors send emails from email accounts purporting to be from reputable sources, to trick individuals into revealing personal information such as log-in credentials. The pilfered information is then used to access a system and upload ransomware.

Even on secured devices, a medical facility’s own staff is vulnerable to phishing attempts. A medical professional without cybersecurity training might inadvertently open a phishing email using a secured device, leading to a ransomware attack. Furthermore, the risk in smart medical equipment which are network connected pose a big risk where the segmentation between the corporate network and healthcare network may not be sufficiently isolated.

A typical healthcare should always implement zero-trust network architecture by ensuring not only security zones are created to isolate; visitor, guest, medical staff, IoT, corporate and smart medical devices, laboratory networks respectively. A compromise on the corporate network can easily propagate to the sensitive networks where your MRI scanners – leaving you exposed if the right segregation is not performed.

Threat actors have also shown a preference for exploiting known vulnerabilities that have been left unpatched. A ransomware group might scan for known vulnerabilities and hit a large number of healthcare organizations with opportunistic ransomware attacks; or it might specifically scan healthcare facilities for such vulnerabilities. Either way, the attacker will quickly latch onto and exploit unpatched vulnerabilities as an entry point.

So, what can healthcare organizations do to protect themselves against future ransomware attacks and protect their patient data?

Regulations on Healthcare Cyber Security

Many healthcare organizations structure their cybersecurity efforts around ADHICS compliance.

The Department of Health (DOH) established the Abu Dhabi Healthcare Information and Cyber Security (ADHICS) Standard. The ADHICS is a strategic initiative in support of DOH’s vision and federal mandates and is endorsed by DOH’s Executive Committee. ADHICS is aligned with industry and international expectations on information security. It complements the government’s initiatives on Health Information Exchange (HIE) towards greater security and public trust. DOH regulates healthcare entities adoption of ADHICS and enhances data privacy and security in Abu Dhabi’s health sector.

Applicability

All DOH regulated health care entities and services within the emirate of Abu Dhabi.

In other locations various other frameworks may apply but as of writing this article ADHICS was the primary standard addressing cybersecurity within the healthcare sector for all entities within this sector in the Emirates of Abu Dhabi.

Why Hackers target Healthcare?

The healthcare industry has unique cybersecurity vulnerabilities that make it more prone to cyberattacks in general. The cause of healthcare data breaches may include malware, ransomware, hacking, phishing, insider threats, third-party data breaches or the loss or theft of laptops and other devices.

Network server incidents, most of which involved ransomware or malware, have surpassed phishing as the most common cause of healthcare data breaches. Phishing emails, however, are often the root cause of many of these ransomware attacks.

Phishing occurs when malicious actors send emails from email accounts purporting to be from reputable sources, to trick individuals into revealing personal information such as log-in credentials. The pilfered information is then used to access a system and upload ransomware.

Even on secured devices, a medical facility’s own staff is vulnerable to phishing attempts. A medical professional without cybersecurity training might inadvertently open a phishing email using a secured device, leading to a ransomware attack. Furthermore, the risk in smart medical equipment which are network connected pose a big risk where the segmentation between the corporate network and healthcare network may not be sufficiently isolated.

A typical healthcare should always implement zero-trust network architecture by ensuring not only security zones are created to isolate; visitor, guest, medical staff, IoT, corporate and smart medical devices, laboratory networks respectively. A compromise on the corporate network can easily propagate to the sensitive networks where your MRI scanners – leaving you exposed if the right segregation is not performed.

Threat actors have also shown a preference for exploiting known vulnerabilities that have been left unpatched. A ransomware group might scan for known vulnerabilities and hit a large number of healthcare organizations with opportunistic ransomware attacks; or it might specifically scan healthcare facilities for such vulnerabilities. Either way, the attacker will quickly latch onto and exploit unpatched vulnerabilities as an entry point.

So, what can healthcare organizations do to protect themselves against future ransomware attacks and protect their patient data?

Regulations on Healthcare Cyber Security

Many healthcare organizations structure their cybersecurity efforts around ADHICS compliance.

The Department of Health (DOH) established the Abu Dhabi Healthcare Information and Cyber Security (ADHICS) Standard. The ADHICS is a strategic initiative in support of DOH’s vision and federal mandates and is endorsed by DOH’s Executive Committee. ADHICS is aligned with industry and international expectations on information security. It complements the government’s initiatives on Health Information Exchange (HIE) towards greater security and public trust. DOH regulates healthcare entities adoption of ADHICS and enhances data privacy and security in Abu Dhabi’s health sector.

Applicability

All DOH regulated health care entities and services within the emirate of Abu Dhabi.

In other locations various other frameworks may apply but as of writing this article ADHICS was the primary standard addressing cybersecurity within the healthcare sector for all entities within this sector in the Emirates of Abu Dhabi.

What you should do.

Healthcare organizations should budget for cybersecurity programs accordingly. Although the upfront cost of investing in cybersecurity might seem high, it is far less than the cost of recovering from a cyber attack (especially a ransomware attack, where you have remediation costs plus whatever ransom you might be tempted to pay).

Healthcare organizations should also prioritize and remediate the vulnerabilities that are most likely to be targeted by coordinated ransomware attacks, and assure that continuous monitoring and patching is in place.

Healthcare providers need to assess the cybersecurity of any third-party vendors and business associates thoroughly as well.

Here are some more specific things your organization can do to prevent healthcare data breaches:

For healthcare organizations, where operations are focused on life and death situations, preparing for a ransomware attack can easily become overwhelming.

Healthcare providers and their business associates must balance the protection of patient privacy while also delivering quality patient care and meeting the strict regulatory requirements.

What you should do.

Healthcare organizations should budget for cybersecurity programs accordingly. Although the upfront cost of investing in cybersecurity might seem high, it is far less than the cost of recovering from a cyber attack (especially a ransomware attack, where you have remediation costs plus whatever ransom you might be tempted to pay).

Healthcare organizations should also prioritize and remediate the vulnerabilities that are most likely to be targeted by coordinated ransomware attacks, and assure that continuous monitoring and patching is in place.

Healthcare providers need to assess the cybersecurity of any third-party vendors and business associates thoroughly as well.

Here are some more specific things your organization can do to prevent healthcare data breaches:

For healthcare organizations, where operations are focused on life and death situations, preparing for a ransomware attack can easily become overwhelming.

Healthcare providers and their business associates must balance the protection of patient privacy while also delivering quality patient care and meeting the strict regulatory requirements.

Our Services

As healthcare innovation continue to strive it is equally important to keep on top of the global cyber threat landscape by having the ability to proactively detect and remediate such threats before health records, medical transactions and data are compromised. DTS Solution has the expertise to help you protect your assets and reputation as you transform operations and embrace technical innovation.

Our Services

As healthcare innovation continue to strive it is equally important to keep on top of the global cyber threat landscape by having the ability to proactively detect and remediate such threats before health records, medical transactions and data are compromised. DTS Solution has the expertise to help you protect your assets and reputation as you transform operations and embrace technical innovation.

Enhancing healthcare services security will help you:

Some of the services we have successfully delivered

Enhancing healthcare services security will help you:

Some of the services we have successfully delivered

Our Services

Our Services

Cybersecurity Program and Framework Development
Cybersecurity Program and Framework Development
Cybersecurity Assessment
Cybersecurity
Assessment
Cybersecurity Controls
Cybersecurity
Controls