An enterprise falls victim to a ransomware attack every 14 seconds in 2012, and this trend will increase to every 11 seconds by 2021.
Due to the recent LifeLabs data breach, it has become increasingly evident that cyber security is a significant risk factor for healthcare providers in Canada. According to a recent publication, data breaches cost healthcare industry north of $5.5 Billion a year. Another report claimed that between 2016 and today there had been at least one healthcare data breach per day, affecting over 27 Million medical patient records.
The main problem here is that healthcare providers systematically underinvest in security controls which, combined with legacy IT infrastructure decreases incident detection and response times, often weeks or even months for a security breach to be detected. Such attacks can take multiple forms, including social engineering and especially ransomware delivered via phishing scams, email attachments and various web attacks.
The U.S Department of Justice has stated that ransomware is an increasingly popular cybercrime business model, as well as a global phenomenon. Ransomware is a rogue software code - a malware - that infects the system and restricts access to basic functions, as well as threatens to permanently destroy data unless a ransom is paid.
This phenomenon has reached epidemic proportions and is the fastest growing type of cyber crime, as ransomware attacks have increased by 350% in 2018. By 2016, a business fell victim to a malware attack every 40 seconds. Today, it has risen to every 14 seconds, and a business is predicted to be affected by ransomware every 11 seconds by 2021. As entire medical institutions, enterprises and government agencies are reliant on the Internet connection, it is of utmost importance to make sure that such entities are prepared to confidently answer to any cyber security threat they may go up against.
The increasing popularity of ransomware is directly related to cryptocurrencies and the blockchain technology. Receiving untraceable ransom amounts was a cumbersome affair not so long ago, but Ethereum, Bitcoin and the like made the task significantly simpler - and more lucrative - for cyber criminals.
Don't forget that apart from an obvious threat of a complete business shutdown, cyber security breaches are also implicating non-compliance with a number of regulations and legislations applicable to the industry.
"Ontario public institutions are required by law to protect your personal information, and to follow strict rules when collecting, using and disclosing your personal information". - Information and Privacy Commissioner of Ontario
Legislations relevant to the medical industry include the Personal Health Information Protection Act (PHIPA) and Health Insurance Portability and Accountability Act (HIPPA), if the medical organization operates within the United States. Unfortunately, just recently, 15 Million Canadian citizens' personal information was compromised following a LifeLabs data breach in December 2019 with as of yet unknown repercussions for the lab test provider.
Below are the necessary steps your institution could take in order to reduce and mitigate the risks associated with cyber attacks, which in turn will help comply with local legislations and information acts, saving a fortune in litigation costs, regulatory fines and loss of business:
Consult Cyber Security Experts: Often times it is very difficult for someone with no prior knowledge and experience to protect their organization from cyber crime. Make sure your organization stays compliant with all appropriate legislations by contacting specialized cyber security specialists
Establish a Security Culture: Make sure every member of the organization understands that they are responsible for protecting patient data. Offer ongoing cyber security workshops, employee training and education, or lunch-and-learns explaining the importance of data protection
Protect Your Mobile Devices: as more and more healthcare providers are relying on mobile connection, make sure an encryption and other protective measures are in place to mitigate a security breach
Maintain Safe Computer Protocols: Software and operating system maintenance practices should be included in new hire on-boarding programs
Firewalls: Everything connected to the Internet should sit behind a properly configured firewall. Example: in 2018, hackers stole 10GB of data from a Las Vegas Casino by compromising a smart thermometer in a fish tank
Usage and Maintenance of Anti-Viruses Software: Often times just installing an anti-virus and walking away is not enough. Make sure the system is continuously updated and patched to achieve optimal, up-to-date security levels
Crisis Preparation: Regularly backing up files and data should prepare your organization for a quick and easy data restoration. Backed-up information should be stored away from the main systems
Identity Access Management: Access to private, protected or otherwise secure data should only be available to those who need it and nobody else, ideally with the help of an IAM solution
Passwords: All passwords need to be strong in nature and regularly updated. Verizon reports that 63% of data breaches happened due to default, stolen or weak passwords
Physical Access: Another common data breach would involve physical device theft. Computers and other electronics devices that contain protected information should be kept secure in locked rooms, or be protected via a hardware lock
Ultimately, such defence-in-depth approach proves to be the most effective as the complexity of multi-channel fraud and cyber attacks increases.
Andrey Alchin Senior Consultant, Cyber Risk