Cyberattacks in healthcare increased by 45% globally at the end of 2020, according to a Check Point reportThis is twice the rate of attacks in other sectors, with cybercriminals taking advantage of the perfect storm of new technologies being implemented quickly and staff efforts focused on the pandemic.
Compared to the financial sector, healthcare organizations are often more vulnerable to cyber attacks.
Financial organizations are better protected today because the sector has invested a lot of time and money to improve the situation; they spend approximately 15 percent of their annual IT budgets on cybersecurity. In comparison, most healthcare organizations that need dedicated cybersecurity teams only spend around 4 or 5 percent on this investment.
Cybercriminals are motivated financially. A health record contains not only social security and CPF numbers, but also employer details, insurance details and prescription data.
In practice, cybercriminals can use this information to file fraudulent insurance claims, buy medicines or medical equipment with it and can even file fraudulent tax returns.
The data in a person’s health record contains enough details to help steal identities. If cybercriminals aren’t looking to do something themselves, they could sell the information on the dark web.
However, the main use is not to exploit individual data, but to launch a ransomware attack, where cybercriminals infiltrate the hospital’s network, gain access to healthcare and lock the hospital out of the system, holding patient data hostage until the healthcare institution pays the ransom.
Cybersecurity challenges in healthcare
The most recent cyber attacks are not necessarily an organization’s biggest cyber threat. Verizon’s 2016 Data Breach Investigations Report found that most breaches are about money and attackers usually take the easiest route to get the information they need.
Consequently, many common cyber attacks continue to be problematic in healthcare, including:
- Malware and ransomware: cybercriminals use malware and ransomware to shut down individual devices, servers or even entire networks. In some cases, a ransom is demanded to rectify the encryption;
- Cloud threats: an increasing amount of protected health information is being stored in the cloud. Without proper encryption, this can be a weak point for the security of healthcare organizations;
- Deceptive websites: clever cybercriminals have created websites with addresses similar to trustworthy sites. Some simply replace .com with .gov, giving the unwary user the illusion that the sites are the same.
- Phishing attacks: this strategy sends large quantities of emails from apparently reliable sources in order to obtain confidential information from users;
- Encryption blind spots: while encryption is critical to protecting health data, it can also create blind spots where hackers can hide from tools designed to detect breaches;
- Employee error: Employees can leave healthcare organizations susceptible to cyber attacks through weak passwords, unencrypted devices and other compliance failures.
As organizations seek to protect their patients’ information from increasing cyber attacks, the demand for a security infrastructure and for health informatics professionals who are familiar with the current state of cybersecurity in the healthcare area is increasing, but it is still a major challenge.
Strategies to improve security and prevent cyber attacks
Due to the significant financial impact of data breaches in healthcare, healthcare managers are looking for strategies and investments to ensure that medical organizations remain secure.
According to HealthIT.gov, the US Office of the National Coordinator for Health Information Technology, individual healthcare organizations can improve their cybersecurity by implementing the following practices:
1. establish a security culture aimed at reducing cyber attacks
Cybersecurity training and education emphasizes that every member of the organization is responsible for protecting patient data, creating a culture of security.
2. Protect mobile devices
A growing number of healthcare providers are using mobile devices at work. Encryption and other protection measures are essential to guarantee the security of all information on these devices.
3. Maintain good computer habits
The integration of new employees should include training on best practices for computer use, including software and operating system maintenance.
4. Use a firewall
Basically, anything connected to the Internet should have a firewall.
5. Install and maintain antivirus software
Simply installing antivirus software is not enough. Continuous updates are essential to ensure that health systems receive the best possible protection at all times.
6. Plan for unexpected cyber attacks
Files should be backed up regularly for quick and easy data restoration. Organizations should consider storing this backup information away from the main system if possible.
7. Control access to protected health information
Access to protected information should only be granted to those who need to view or use the data.
8. Use strong passwords and change them regularly
The Verizon report found that 63% of confirmed data breaches involved exploiting passwords that were default, weak or stolen. Healthcare workers should not only use strong passwords, but ensure that they are changed regularly.
9. Limit access to the network
Any software, applications and other additions to existing systems must not be installed by staff without the prior consent of the competent organizational authorities.
10. Controlling physical access also prevents cyber attacks
Data can also be breached when physical devices are stolen. Computers and other electronic devices containing protected information should be kept in locked rooms in secure areas.
In addition to these recommendations, health data professionals are continually developing new strategies and best practices to ensure the security of confidential health data, protecting the patient and the organization from financial loss and other forms of damage.
The CipherTrust Data Security Platform solution allows healthcare institutions to protect their structure against cyber attacks
According to IDC, more than 175 zetabytes of data will be created by 2025, and today more than half of all corporate data is stored in the cloud.
To deal with the complexity of where data is stored, the CipherTrust Data Security Platform solution offers strong features to protect and control access to sensitive data in databases, files and containers. Specific technologies include:
CipherTrust Transparent Encryption
Encrypts data in on-premises, cloud, database, file, and Big Data environments with comprehensive access controls and detailed data access audit logging that can prevent the most malicious attacks.
CipherTrust Database Protection
It provides transparent column-level encryption of structured and confidential data that resides in databases such as credit card, social security numbers, national identification numbers, passwords, and e-mail addresses.
CipherTrust Application Data Protection
It offers APIs for developers to quickly add encryption and other cryptographic functions to their applications, while SecOps controls the encryption keys.
CipherTrust Tokenization
It offers application-level data tokenization services in two convenient solutions that provide customer flexibility – Token without Vault with dynamic policy-based data masking and Tokenization in Vault.
CipherTrust Batch Data Transformation
Provides static data masking services to remove sensitive information from production databases so that compliance and security issues are alleviated when sharing a database with a third party for analysis, testing, or other processing.
CipherTrust Manager
It centralizes keys, management policies, and data access for all CipherTrust Data Security Platform products and is available in FIPS 140-2 Level 3 compliant physical and virtual formats.
CipherTrust Cloud Key Manager
It offers its own key lifecycle management (BYOK) for many cloud infrastructure, platform, and software-as-a-service providers.
CipherTrust KMIP Server
It centralizes key management for the Key Management Interoperability Protocol (KMIP) commonly used in storage solutions.
CipherTrust TDE Key Manager
Centralizes key management for encryption found in Oracle, SQL and Always Encrypted SQL.
The portfolio of data protection products that make up the CipherTrust Data Security Platform solution enables healthcare organizations to protect data at rest and in motion across the entire IT ecosystem and ensures that the keys to this information are always protected and only under your control.
It simplifies data security, improves operational efficiency, and accelerates compliance time. Regardless of where your data resides.
The CipherTrust platform ensures that your data is secure, with a wide range of proven, industry-leading products and solutions for deployment in data centers, either those managed by cloud service providers (CSPs) or managed service providers (MSPs), or as a cloud-based service managed by Thales, a leading security company.
Tool portfolio that ensures data protection against cyber attacks
With data protection products from the CipherTrust Data Security Platform, your healthcare organization can:
Strengthen security and compliance against cyber attacks
CipherTrust data protection products and solutions address the demands of a range of security and privacy requirements, including electronic identification, authentication and trust, Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Act (LGPD), and other compliance requirements.
Optimizes team and resource efficiency
CipherTrust Data Security Platform offers the broadest support for data security use cases in the industry, with products designed to work together, a single line for global support, a proven track record of protecting against evolving threats, and the industry’s largest ecosystem of data security partnerships.
With a focus on ease of use, APIs for automation, and responsive management, the CipherTrust Data Security Platform solution ensures that your teams can quickly deploy, secure, and monitor the protection of your business.
In addition, professional services and partners are available for design, implementation, and training assistance to ensure fast and reliable implementations with minimal staff time.
Reduces total cost of ownership
CipherTrust Data Security Platform’s data protection portfolio offers a broad set of data security products and solutions that can be easily scaled, expanded for new use cases, and have a proven track record of protecting new and traditional technologies.
With CipherTrust Data Security Platform, healthcare institutions can prepare their investments for the future while reducing operational costs and capital expenditures.
About Eval
With a track record of leadership and innovation dating back to 2004, Eval not only keeps up with technological trends, but we are also in an incessant quest to bring news by offering solutions and services that make a difference to people’s lives.
With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.
Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.
Eval, safety is value.