<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

Data at Risk Series: Healthcare Cyber Security - is Now Life or Death

February 18, 2016

life death

In our first Data at Risk post about healthcare, we discussed the current state of security in the industry. After highlighting the key vulnerabilities for healthcare providers—the move to digital patient records, aging electronic medical record systems and mobile use of electronic personal health information—we contemplated the fact that the healthcare industry just isn’t prepared for the increasing rate of cyber attacks.

Even after the year of the healthcare hack, it seems that healthcare organizations still have a lot to learn about data breach security—especially in the wake of the recent Hollywood Presbyterian Memorial Medical Center cyber hijacking.

The Anthem Data Breach—A Wake-Up Call for the Healthcare Industry

In February 2015, Anthem released a statement saying that the company suffered a data breach that compromised approximately 78.8 million patient and employee records—a staggering number that represents almost a quarter of the US population.

The attackers responsible for the Anthem data breach launched phishing schemes against Anthem network administrators, luring the privileged users to visit fake sites such as “we11point.com”—a play on Anthem’s original name, Wellpoint. Once attackers compromise a network administrator, they have almost complete access to servers containing sensitive information that can be used for identity theft (names, social security numbers, dates of birth, medical records and more).

 It’s easy to look at Anthem’s mega data breach and think that an attack of that magnitude could never happen to the average healthcare provider. However, the recent hack into a Hollywood hospital’s computer systems has created a life-or-death situation as patient records can’t be accessed.

Ransomware is Posing a Life-Threatening Challenge for Hollywood Presbyterian Memorial Medical Center

Hackers have encrypted Hollywood Presbyterian Memorial Medical Center’s entire IT infrastructure with Ransomware. Often delivered via phishing schemes and other forms of social engineering, Ransomware encrypts critical systems and machines until users comply with a ransom note—in this case, with instructions to pay 9,000 Bitcoin (about $3.6 million) for the decryption key. At the time of publishing this post, it was announced the hospital paid $17,000 in ransom to obtain the decryption key:

In a statement revealed by the Associated Press, CEO Allen Stefanek stated:

The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.

While ransomware isn’t new to the cyber security industry, this is an instance where the cyber ransom is causing a life-or-death situation. Without access to electronic health records (EHR), the hospital has been forced to declare an internal state of emergency due to potential mistreatment of patients. At the time of this writing, the hijacking has persisted for over a week and the hospital is starting to transport patients elsewhere (stay tuned for updates).

Only time will tell how this fresh healthcare data breach will play out. However, healthcare organizations must recognize the potential for this kind of attack and prepare themselves.

Because ransomware is generally delivered in targeted spear-phishing campaigns, multiple machines in the hospital’s network must have been compromised. To not recognize the spread of such a malicious attack vector indicates a lack of visibility throughout the network.

How to See Your Baseline Traffic

Network Visibility: The Key to Improving Security in the Healthcare Industry

The shift from physical records to electronic health records (EHR) has made network visibility more essential than ever before in the healthcare industry. However, many companies don’t have the right tools and infrastructure in place to keep an eye on their data.

Deploying the right security systems and appliances is an integral part of any security infrastructure, but it won’t help without visibility. For example, Anthem never encrypted the records that were breached, but encryption doesn’t help when attackers gain network administrator access. Crafting a better network visibility plane enables companies to spot suspicious traffic patterns—for example, when thousands (or millions) of records are flowing to unauthorized IP addresses. 

The healthcare industry experiences the highest cost per breached record of any industry ($363 compared to $300 for the next highest) and has a customer churn rate of 6.1% in the wake of data breaches. If you want to avoid these devastating numbers, visibility is key.

Want to learn more about monitoring your baseline network traffic and ensuring total visibility? Download the Garland Technology white paper, How to See Your Baseline Traffic, and discover Tim O’Neill’s tips for avoiding data breaches like Anthem’s or Hollywood Presbyterian Memorial Medical Center.

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES