Michelle Drolet, CEO of Towerwall,
Healthcare organizations have faced continual stress from heavy COVID-19 caseloads in 2020. Cyberattacks on their information networks also loomed as a serious threat, and the pressure to protect data is expected to grow this year, as more criminals target healthcare providers.
Protecting patient data from unauthorized access has long been a regulatory prerequisite for healthcare organizations. But increasingly, cybercriminals see profit potential in attacking and crippling their networks, and restoring operations carry a high cost, both in the expense of repairing IT capabilities, as well as lost revenue, productivity hits, and erosion of community trust.
The rising pressure to protect data systems is prompting healthcare IT security executives to take a hard look at security procedures, and ways to identify and secure potential network weaknesses.
Attacks on the Rise
The need to batten down security hatches has grown in recent months, as COVID-strained healthcare has been hit with devastating cyberattacks, and government agencies warned that more could be coming.
In late October, the FBI and two federal agencies warned that they had credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. The potential attacks were attributed to a Russian-speaking criminal gang targeting providers with TrickBot and BazarLoader malware, leading to ransomware attacks, data theft, and service disruption. The agencies noted that the issues will be particularly challenging for organizations within the COVID-19 pandemic.
The federal warning came on the heels of several high-profile security breaches. In one attack, UVM Health Network had about 5,000 network computers rendered inoperable by a system outage that lasted 40 days; about 300 workers were furloughed because the outage prevented them from doing their jobs. The organization noted that its IT staff had to rebuild the entire infrastructure before re-populating it with backed up files and data, in addition to scanning and cleaning 5,000 computers and endpoints that had been infected. Hospital executives estimate the total cost of the attack at more than $63 million.
Another large cyberattack crippled Universal Health Services, a large hospital system that had a massive IT network outage in late September. The IT outage for the health system lasted eight days after a malware attack; it used downtime protocols and paper records during the outage.
Some reporting suggested that attackers are mounting ransomware attacks on healthcare system networks and charging higher-than-usual fees for its removal, suggesting that criminals may be targeting as many as 400 different facilities across the country.
More broadly, attacks are being aimed at the entire healthcare sector, according to reports from Microsoft. The technology company reported that it has detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19.
In addition, providers could face monetary fines from the Office of Civil Rights of the Department of Health and Human Services, which has the prerogative of assessing fines on healthcare organizations or business associates for lack of compliance with HIPAA and willful neglect of practices that protect patient information. As of November 2020, OCR has settled or imposed penalties in 92 cases, resulting in fines of almost $130 million.
Boosting Security Efforts
To counter these threats, healthcare organizations are taking a variety of steps to improve their security postures. Protecting healthcare information is increasingly becoming a challenge because of growing pressure for healthcare entities to distribute healthcare information to better coordinate care, engage with patients and comply with regulations forbidding information blocking. Also, the COVID-19 pandemic has fostered the use of remote patient monitoring and telehealth services, which increase the amount of patient information being exchanged on provider networks.
An important component of ensuring information security for provider organizations involves regularly testing the defenses that protect access to crucial networks. Penetration testing is one way to check for the effectiveness of cyber defenses before potential incidents, rather than afterward, when patient care can be disrupted and expensive to resolve.
Also known as a pen test, the exercise simulates a cyberattack against a healthcare organizations network to check for vulnerabilities that attackers could exploit. Pen testing can involve outside white hat hackers who attempt to breach application systems to find vulnerabilities, such as unprotected inputs that are susceptible to code injection attacks.
Pen testing can be complex, looking for weaknesses that can be exploited by insiders as well as outside attackers. It can involve significant preplanning in terms of reconnaissance, analysis of how systems and defenses respond to different forms of attack, and attempted exploits of weaknesses of systems such as cross-site scripting, SQL injection, and backdoor efforts as well as human engineering efforts, such as different forms of phishing attacks to see if system users need training so they dont give their network login codes to cybercriminals.
Analysis of such efforts also is complex, assessing which vulnerabilities were found and exploited, if any sensitive patient data or administrative systems could be accessed, or how long a pen tester could remain in the system undetected after gaining access.
Many organizations conduct annual penetration tests, subjecting defenses to internal, external and application attacks designed to emulate real attacks. In addition, healthcare organizations do such testing to meet compliance obligations for standards such as the NIST 800-35 CIS ISO 27001, the PCI DSS, and SOC2, which require businesses to conduct regular penetration tests and security reviews using skilled third-party testers.
But the threat environment for healthcare organizations is always changing, and cybercriminals are constantly honing their skills to access networks and extract value from their attacks. To effectively protect critical systems and private health information, healthcare organizations need to develop customized approaches, utilizing the latest techniques, tools, and technical expertise from outside the organization to understand vulnerabilities and develop an actionable remediation plan.
About Michelle DroletMichelle Drolet is the CEO and co-founder of Towerwall a woman-owned cybersecurity company. She serves as chairperson of the Board of Directors. As one of Towerwalls resident cybersecurity experts, Ms. Drolet assists organizations through the risk mitigation process to help them protect critical data by the evaluation, establishment, education, and enforcement of sound cybersecurity, network security, and data security practices. Reach her at email@example.com.
View original post here:
- Is It Possible to Change the Structure Of The Brain With Meditation? - January 20th, 2022
- Single-payer health care is back on the table at the California Capitol - Capital Public Radio News - January 11th, 2022
- Grant will help improve access to health care - Washington Daily News - thewashingtondailynews.com - January 11th, 2022
- Health care workers face fatigue as they deal with more COVID-19 patients - News 12 Bronx - January 11th, 2022
- Philly ER doctor: Omicron wave threatens to overpower exhausted health-care workers | Expert Opinion - The Philadelphia Inquirer - January 11th, 2022
- County seeks to expand mental health care for those facing incarceration - Austin Monitor - January 11th, 2022
- CIOs plan big investments in EHR optimization and pop health IT - Healthcare IT News - January 11th, 2022
- Steward Health Care Week 22 high school star athletes of the week - Deseret News - January 11th, 2022
- Health care workers brave bitter cold temperatures at testing sites in Milwaukee - WDJT - January 11th, 2022
- United Way, UPMC, community partners thank health-care workers - Williamsport Sun-Gazette - January 11th, 2022
- COVID hospitalizations hit 300, as many healthcare workers call in sick - KHON2 - January 11th, 2022
- Could this be the year for single-payer health care in New York? - Times Union - January 11th, 2022
- Latinos in U.S. often live in 'deserts' where adequate housing, groceries are hard to find - USA TODAY - January 11th, 2022
- J.P. Morgan Healthcare Conference Starts With Lots of Deals, No Blockbuster M&A - Barron's - January 11th, 2022
- Read the latest Gambit: Getting mental health care in the age of disaster - NOLA.com - January 11th, 2022
- US hospitals recruit foreign nurses to ease health care worker shortage : Shots - Health News - NPR - January 11th, 2022
- [PODCAST] The Pandemic and Beyond: Navigating Disputes Within Health Care Systems - JD Supra - January 11th, 2022
- We're buying more of this high-quality health-care stock amid the market sell-off - CNBC - January 11th, 2022
- Health care heroes honored | News, Sports, Jobs - Youngstown Vindicator - February 15th, 2021
- Black community leaders to discuss vaccines and repairing trust in health care - wcia.com - February 15th, 2021
- Gourmet Cookie owner sharing the love with health care workers by donating treats for each dozen cookies sold - WATE 6 On Your Side - February 15th, 2021
- Funding for Health Care Providers During the Pandemic: An Update - Kaiser Family Foundation - February 15th, 2021
- Vaccine rollout wont be equitable unless health care reckons with racism - The Verge - February 15th, 2021
- City adds disabled residents, home health care providers to list of groups eligible for vaccinations | City of Detroit - City of Detroit - February 15th, 2021
- Delawareans Will Have New Opportunity to Gain Health Insurance Through HealthCare.Gov from Feb. 15 to May 15 - State of Delaware News -... - February 15th, 2021
- New help to quit smoking; how to get the health care you need - The Union Leader - February 15th, 2021
- What Health Care Providers and Facilities Should Know About the PREP Act's "Covered Countermeasures" - JD Supra - February 15th, 2021
- Health Care Workers Hit Hard by the Coronavirus Pandemic - The New York Times - February 15th, 2021
- These Are The States Attempting to Pass Anti-Trans Health Care Bills - Human Rights Campaign - February 15th, 2021
- Many health care workers turned down their COVID vaccine. Here's why - KGW.com - February 15th, 2021
- Healthcare equity and Alzheimers is the focus of March 3 virtual town hall - cleveland.com - February 15th, 2021
- 'It happened so quickly': Health-care workers lose everything in house fire - 9News.com KUSA - February 15th, 2021
- Since vaccinations began, fewer health care workers in Richmond have tested positive - Richmond.com - February 15th, 2021
- Who can afford healthcare these days? | Journal-news - Martinsburg Journal - February 15th, 2021
- 3 of the most pressing health care topics of 2021 - cerner.com - cerner.com - February 4th, 2021
- Biden Moves to Expand Health Coverage in Pandemic Economy - The New York Times - February 4th, 2021
- Bidens Health Care Moves - The New York Times - February 4th, 2021
- UB Department of Surgery launches Anti-Racism and Health Care Equity Initiative with Cornel West as inaugural speaker - UB News Center - February 4th, 2021
- Health Care Unions Find a Voice as the Pandemic Rages - The New York Times - February 4th, 2021
- UPMC Health Care Workers Surprised With Trip To Super Bowl - CBS Pittsburgh - February 4th, 2021
- Partnership created to accelerate health care innovation - WISHTV.com - February 4th, 2021
- Frontline health care workers with ties to Charlotte win free tickets to Super Bowl LV - WCNC.com - February 4th, 2021
- Stroke Recovery - Norton Healthcare - February 4th, 2021
- Hims & Hers, ATA, and 10 others launch Telehealth Equity Coalition - Healthcare IT News - February 4th, 2021
- Rebuilding trust after COVID-19: U.S. healthcare experts weigh in - Medical News Today - February 4th, 2021
- 'Out of Control': Wuhan Health Care Worker Sheds New Light on How COVID's Early Days Really Unfolded in China - FRONTLINE - February 4th, 2021
- 4 Cincinnati health care workers awarded free trip to 2021 Super Bowl - WLWT Cincinnati - February 4th, 2021
- Biden signs executive orders to expand health care access - CBS News - February 4th, 2021
- RI field hospital nurse one of 75 New England health care workers to attend the big game - WPRI.com - February 4th, 2021
- Long Beach moves from vaccinating health care workers to teachers. Mayor says their strategy is different from other cities - KCRW - February 4th, 2021
- Global Healthcare Analytics Market Worth USD 80.21 billion by 2026; Launch of Project Apollo by Cerner to Boost Market - GlobeNewswire - February 4th, 2021
- Kudos to health care workers at vaccination clinic - Beckley Register-Herald - February 4th, 2021
- Change Healthcare Inc. Reports Third Quarter Fiscal 2021 Financial Results - Business Wire - February 4th, 2021
- Accenture rebuffed again in Healthcare.gov protest - FCW.com - February 4th, 2021
- ZEISS partners with Microsoft for better patient care through data-driven healthcare and to enhance quality and efficiency in manufacturing - Stories... - October 8th, 2020
- New Funding to Bring Mental Health Care to Homeless Shelters, Encampments - WTTW News - October 8th, 2020
- Healthcare companies cashing in on financing vehicle boom - Modern Healthcare - October 8th, 2020
- Health care is already benefiting from VR - The Economist - October 8th, 2020
- Health Care: The Best and the Rest | by David Oshinsky - The New York Review of Books - October 8th, 2020
- Diversity in health care starts at the beginning - Nevada Today - October 8th, 2020
- Respiratory therapists: Vital part of health care team - Brownwood Bulletin - October 8th, 2020
- MedaSource: Depth and Breadth in Life Sciences and Healthcare Consulting - BioSpace - October 8th, 2020
- Value-based Care After COVID-19: What Healthcare Leaders Need to Know - Medical Economics - October 8th, 2020
- Free sessions on legal and financial issues for those with neurological conditions - Norton Healthcare - October 8th, 2020
- Telemedicine and Digital Health to Set the Tone for Healthcare - Medical Device and Diagnostics Industry - October 8th, 2020
- How one conversation turned into a fundraiser helping healthcare workers - WATN - Local 24 - October 8th, 2020
- The 14 US health care billionaires, according to Forbes - The Daily Briefing - October 8th, 2020
- Sonic Healthcare USA Enhances Test Offerings with the Launch of Multiplex Assay for COVID-19 and Flu - PRNewswire - October 8th, 2020
- Florida is falling behind on health care and voting rights | Column - Tampa Bay Times - September 21st, 2020
- Doctors Push For Health Care To Address Climate Change In New Teaching Framework - Here And Now - September 21st, 2020
- Closing the rural health care access gap in Jackman, and maybe beyond - Mainebiz - September 21st, 2020
- Digital engagement and transformation of healthcare in Singapore - Healthcare IT News - September 21st, 2020
- From the Editor: The health care business adjusts to an ever-changing world - Mainebiz - September 21st, 2020
- The Coronavirus Is Creating A Mental Health Crisis For Health Care Workers - HuffPost - September 21st, 2020
- Intermountain Healthcare: Fighting for greater health and inclusion for the LGBTQ+ community - ABC 4 - September 21st, 2020
- Letter: Wagner is clueless on health care and the pandemic - STLtoday.com - September 21st, 2020
- Walmart to open health care clinics in Kissimmee and throughout Florida - positivelyosceola.com - September 21st, 2020
- Local VA receives 2020 Healthcare Organization of Distinction Award - Wgnsradio - September 21st, 2020
- Law and order vs. health care as Dems, GOP vie for suburbs - The Associated Press - September 21st, 2020
- Prescription Drug And Healthcare Costs Are Rising - Forbes - September 21st, 2020