In our first Data at Risk post about healthcare, we discussed the current state of security in the industry. After highlighting the key vulnerabilities for healthcare providers—the move to digital patient records, aging electronic medical record systems and mobile use of electronic personal health information—we contemplated the fact that the healthcare industry just isn’t prepared for the increasing rate of cyber attacks.
Even after the year of the healthcare hack, it seems that healthcare organizations still have a lot to learn about data breach security—especially in the wake of the recent Hollywood Presbyterian Memorial Medical Center cyber hijacking.
The Anthem Data Breach—A Wake-Up Call for the Healthcare Industry
In February 2015, Anthem released a statement saying that the company suffered a data breach that compromised approximately 78.8 million patient and employee records—a staggering number that represents almost a quarter of the US population.
The attackers responsible for the Anthem data breach launched phishing schemes against Anthem network administrators, luring the privileged users to visit fake sites such as “we11point.com”—a play on Anthem’s original name, Wellpoint. Once attackers compromise a network administrator, they have almost complete access to servers containing sensitive information that can be used for identity theft (names, social security numbers, dates of birth, medical records and more).
It’s easy to look at Anthem’s mega data breach and think that an attack of that magnitude could never happen to the average healthcare provider. However, the recent hack into a Hollywood hospital’s computer systems has created a life-or-death situation as patient records can’t be accessed.
Ransomware is Posing a Life-Threatening Challenge for Hollywood Presbyterian Memorial Medical Center
Hackers have encrypted Hollywood Presbyterian Memorial Medical Center’s entire IT infrastructure with Ransomware. Often delivered via phishing schemes and other forms of social engineering, Ransomware encrypts critical systems and machines until users comply with a ransom note—in this case, with instructions to pay 9,000 Bitcoin (about $3.6 million) for the decryption key. At the time of publishing this post, it was announced the hospital paid $17,000 in ransom to obtain the decryption key:
In a statement revealed by the Associated Press, CEO Allen Stefanek stated:
The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.
While ransomware isn’t new to the cyber security industry, this is an instance where the cyber ransom is causing a life-or-death situation. Without access to electronic health records (EHR), the hospital has been forced to declare an internal state of emergency due to potential mistreatment of patients. At the time of this writing, the hijacking has persisted for over a week and the hospital is starting to transport patients elsewhere (stay tuned for updates).
Only time will tell how this fresh healthcare data breach will play out. However, healthcare organizations must recognize the potential for this kind of attack and prepare themselves.
Because ransomware is generally delivered in targeted spear-phishing campaigns, multiple machines in the hospital’s network must have been compromised. To not recognize the spread of such a malicious attack vector indicates a lack of visibility throughout the network.
Network Visibility: The Key to Improving Security in the Healthcare Industry
The shift from physical records to electronic health records (EHR) has made network visibility more essential than ever before in the healthcare industry. However, many companies don’t have the right tools and infrastructure in place to keep an eye on their data.
Deploying the right security systems and appliances is an integral part of any security infrastructure, but it won’t help without visibility. For example, Anthem never encrypted the records that were breached, but encryption doesn’t help when attackers gain network administrator access. Crafting a better network visibility plane enables companies to spot suspicious traffic patterns—for example, when thousands (or millions) of records are flowing to unauthorized IP addresses.
The healthcare industry experiences the highest cost per breached record of any industry ($363 compared to $300 for the next highest) and has a customer churn rate of 6.1% in the wake of data breaches. If you want to avoid these devastating numbers, visibility is key.
Want to learn more about monitoring your baseline network traffic and ensuring total visibility? Download the Garland Technology white paper, How to See Your Baseline Traffic, and discover Tim O’Neill’s tips for avoiding data breaches like Anthem’s or Hollywood Presbyterian Memorial Medical Center.