While data breaches in the financial and government sector tend to resonate more in consumers’ minds, it is in fact the healthcare industry that is becoming a popular target for hackers and data thieves. Earlier this year, more than one million personal and medical records of Australian citizens donating blood to the Red Cross Blood Service were exposed online in Australia’s biggest data breach to date. Additionally there were also fears sensitive medical information was leaked in a Medicare data breach.
When considering both the hack attempts and the latest findings of the Breach Level Index, the healthcare sector accounted for 27 percent (or 263 incidents) of data breaches in 2016. Compared to financial, which was only 12% (118 incidents), and even government, a surprising 14 percent (137 incidents), it is clear that Australians’ medical records are of significant value.
However, the question remains, why is the healthcare industry becoming such a popular target for hackers and data thieves? To put it simply, the answer is in the data. Let us not forget that not only do medical records usually contain payment and billing information, leaving credit card information exposed, but they also often contain information that could enable a hacker or impostor to obtain medical services under the victim’s identity and private healthcare insurance benefits.
Given there has been such a huge focus on other sectors like financial and government, the healthcare industry has often been thought of as a ‘spectator’ in terms of data breaches. Furthermore, seeing as medical data is not protected enough, as demonstrated by the breach data results, healthcare providers are an easy target for hackers and data thieves.
Cyber-criminals are now finding more and more creative ways to steal data – and identifying spaces where it’s relatively easy to do this – and as a result of this healthcare professionals are increasingly falling victim to data theft. It is now more crucial than ever for the healthcare sector to prioritise patient data protection, given the industry is moving at incredible pace digitally.
As well as this trend, ransomware has recently surfaced in this space and is currently demonstrating just how vulnerable many medicals records are. As the name suggests, hackers are able to break into a healthcare institution network and server, encrypt the data or take control of the encryption system used for securing or backing up its data, change the keys, and demand payment to unlock the files and demand payment or a ‘ransom’ to unlock the files.
Ransomware is clearly on the rise and is hitting the healthcare sector at a fast pace with new stories making headlines around the world. This means that healthcare professionals are among the groups that need to implement protective measures against it. Experts agree that more hackers will start abusing the ransomware technique in coming months, as news spreads among cyber criminals of the attack’s effectiveness and financial rewards.
Ransomware hackers typically scan the internet for unsecured websites or platforms and then modify the hospital or the clinic’s server scripts so that data is encrypted before being inserted into the database. With that being said, traditional perimeter security measures such as firewalls, antivirus, content filtering, and threat detection are no longer the sole deterrent for cyber criminals.
In order for healthcare institutions to combat ransomware threats and guarantee the protection of their patients’ data both at rest and in transit across networks, they must move to a framework that centres on the data itself.
Organisations need to provide protection that stays with the data wherever it is being sent, such as encryption and digital signatures, which enable them to maintain control of their data and detect any unauthorised modifications, even when data is deployed in the cloud or in their data centre. By moving security controls as close as possible to the data, they can ensure that even after the perimeter is breached, the information remains secure.
Still it is integral to note that encryption is still only one part of the solution as an organisation’s infrastructure is only as secure as the private keys and certificates used to protect it. Hackers also target encryption keys stored on remote servers and remove these from the organisation’s server, which is why we recommend that healthcare providers install a Hardware Security Module (HSM).
This is a type of electronic safe that stores their cryptographic keys, securely managing, processing and saving them inside a hardened, tamper-resistant device/virtual device. Simply putting it that way, locking the door to the hacker but hiding the key under the doormat will not bring much security, this is why cryptographic keys management is pivotal.
Cyber-criminals are only getting smarter and are finding new ways to access data from multiple points. Healthcare organisations should implement a multi-layered, dynamic approach to their security measures to ensure their valuable assets remain uncompromised. In realising the true worth of healthcare information assets, appropriate systems combining strong authentication, data encryption and key management, can be put in place to safeguard these as they need to be – preventing potential breaches by hackers.
Article by Graeme Pyper, Regional Director, Australia and New Zealand at Gemalto