Healthcare data breaches a growing concern
Healthcare facilities such as hospitals and clinics are increasingly being targeted by data criminals. As the world becomes more digital, so too do healthcare institutions, which store a wide range of data and rely on digital software and cloud-based data to operate.
This is according to Neil Cosser, Identity and Data Protection manager for Africa at Gemalto. He says the healthcare sector accounted for 19% of total data records compromised in 2015 and 23% of all data breaches at a global level last year, attributing these statistics to the Breach Index Report.
He explains many organisations often underestimate the magnitude of the risk critical data is to their business, especially while in transit across public or private data networks.
From the moment data is in motion, organisations are no longer in control. Data can easily and cheaply be intercepted by cyber criminals for a number of reasons, ranging from data theft to cyber blackmail, says Cosser.
He adds ransomware is on the increase and it is hitting the healthcare sector at a fast pace with new stories making headlines every day around the world.
"This means that healthcare professionals are among the groups that need to implement protective measures against it," warns Cosser.
Explaining how the cyber criminals operate, he says in a typical scenario, ransomware hackers scan the Internet for unsecured Web sites or other online platforms and, over a long period of time, modify data such as the hospital or clinic's server scripts so that data is encrypted before being inserted into the database.
He discusses a recent incident of a hospital in Southern California that was hacked. The hackers demanded up to 9 000 in Bitcoin, a digital currency, equivalent to somewhere between $3.4 million and $3.6 million.
"As long as data is sensitive or valuable to someone, it is worth money. This is why healthcare institutions must rethink their security framework and reinforce data protection to prevent ransomware and other attacks," notes Cosser.
Peter Hunter, territory manager, SA and Africa at SailPoint Technologies, says from a cyber-criminal standpoint, healthcare data could be more valuable than other forms of data.
"Around 80 million healthcare records were stolen globally last year, the documents are sold on the dark Web for around $100 dollars per record - a direct financial incentive for thieves," he explains.
Discussing the motive, Hunter says cyber criminals tend to focus on patient health data documents in order to make fraudulent insurance claims on behalf of the patient.
He mentions the three main causes of breaches globally. The first is miscellaneous errors which account for 29.4% of overall breaches. These, he explains, are situations where information has been accidentally sent out of the company i.e. through e-mail communication.
Accounting for 25.1%, crimeware is the second most common type of company breach and ranking in third place with 20.6% incidents is insider misuse.
According to the Verizon 2015 Data Breach Investigations Report, the global healthcare sector experienced 234 security incidents and 141 data breaches in 2015.
The Bitglass breach report found that one in three Americans were affected by healthcare breaches in 2015.
Among the most significant findings of the report was that in 2015, 98% of record leaks were due to large-scale breaches targeting the healthcare industry.
According to the report, these high-profile attacks were the largest source of healthcare data loss and indicate that cyber attackers are increasingly targeting medical data.
Cosser says traditional perimeter security measures such as firewalls, antivirus, content filtering, and threat detection will usually not keep these determined cyber criminals out.
To combat ransomware threats and guarantee the protection of data while in use, he advises the first step in effective data protection is for healthcare institutions to move to a framework that centres around the data itself.
"As a result, organisations need to provide protection that stays with the data wherever it is being sent [such as encryption and digital signatures] which enables organisations to maintain control of their data and detect any unauthorised modifications."
Cosser notes by moving security controls as close as possible to the data, they can ensure that even after the perimeter is breached, the information remains secure.
However, he warns encryption alone is only part of the solution, as an organisation's infrastructure is only as secure as the private keys and certificates used to protect it.
"Ransomware hackers for example target encryption keys stored on remote Web servers which they remove from an organisation's server," he points out.
Preventing ransomware attacks requires the use of hardware security modules (HSMs), a type of electronic safe to store their cryptographic keys, securely managing, processing and storing them inside a hardened, tamper-resistant device, he says.
"HSMs are essential in providing protection for transactions, identities, and applications by providing encryption, decryption, authentication, and digital signing services."
These are used for a wide range of everyday things including smart meters, Web sites and medical devices, concludes Cosser.