SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
The race to keep ahead of healthcare cyber threats
Mon, 30th Jul 2018
FYI, this story is more than a year old

The healthcare industry is among the most preferred prey of cybercriminals. Whether they're targeting sensitive health information to extract ransom from a medical provider, or for blackmail or identity theft purposes, hackers are becoming faster and more intelligent.

In the last two years, 50 percent of healthcare organisations have experienced a data breach. This is according to ServiceNow's recent State of Vulnerability Response in Healthcare Report.

Look no further than the WannaCry ransomware attack in 2017, which locked up National Health System computers in the UK and demanded ransom. This caused appointments to be cancelled and surgeries delayed. We're continuing to see healthcare organisations suffer massive breaches.

Earlier this month, the operator of Singapore's largest group of healthcare institutions, SingHealth, was the victim of a major cyber-attack. Non-medical personal data of 1.5 million patients were accessed and copied, and in addition, outpatient medical data of 160,000 patients were compromised.

Closer to home, recent initiatives by the Australian government have put the security of Australia's healthcare infrastructure under the microscope like never before. In April it was revealed that more than 60 breaches were reported in the first six weeks of the country's Notifiable Data Breach scheme, with healthcare making up almost a quarter of the notifications.

Additionally, this past week has seen intense debate about the security of the government's My Health Record, as we entered a three-month period during which people can opt out of doing so.

There's no guarantee that you will never be breached. 58 percent of healthcare organistions surveyed by ServiceNow believe attackers are outpacing the current cyber security infrastructure of healthcare firms, and they also reported a 15 percent increase in cyber-attacks over the last year, with severity increasing by 22 percent.   

With digital records here to stay and hackers ramping up attacks, now is the time for healthcare organisations to bolster cybersecurity to keep sensitive data secure. Let's take a look at best practices to do just that:

Review vulnerability response capabilities

ServiceNow's research found that two key capabilities that help avoid a breach were detecting vulnerabilities and patching them in a timely manner. Organisations should assess maturity based on these factors: ability to identify problematic areas, such as cross-department coordination, lack of asset and application visibility, and inability to track the vulnerability lifecycle.

Organisations should score these areas by estimating the existing risk—for example, based on the delays they introduce into the vulnerability patching process.

Tackle low-hanging fruit first

Start with basic hygiene items that can be addressed quickly.  For example, if security teams don't scan for vulnerabilities, they need to make it a top priority to acquire and deploy a vulnerability scanner. If they do scan, they need to make sure they are doing both external and internal scans, including authenticated scans. Prioritising vulnerabilities is also essential. By integrating threat intelligence, security teams can factor in whether a vulnerability has been weaponised or is part of an active campaign.

Break down data barriers between security and IT

Create a common view combining vulnerability and IT configuration data—ideally using a single platform. This lays the foundation for more advanced capabilities, such as prioritising vulnerabilities based on impacted business systems and routing vulnerabilities to the right IT system owners for patching.

Automate response processes

Repeatable vulnerability response processes increase accuracy—reducing risk and eliminating rework. Workflow and process automation adds to this by driving significant efficiencies, accelerating patching times and reducing staffing requirements. Pay attention to automated routing, status tracking, measurable SLAs, and automated escalations. Ensure that security teams and IT teams have a shared view of these processes, and create situational awareness by providing dashboards and heat maps.

By automating response processes, security teams can significantly reduce the risk of a breach. With a clear roadmap and the correct technology, better cyber hygiene is within reach of any healthcare organisation, offering hope for a more secure future.