Following the news about the healthcare hack at Georgia-based Emory clinic, which is the largest reported to-date in 2017, exposed 80,000 patient files. IT security experts from Proficio and Tufin commented below.
Ken Adamson at Proficio:
“Cybercriminals will always be drawn to where the easy money is. The ROI for stolen patient records has dropped significantly, as nearly a third of Americans’ health information can be found on the black market. So, hackers have turned to more profitable attack methods like ransomware, which allows them to block access to key systems or data until the victim pays. Healthcare organizations are quick to pay, given the potential life-or-death stakes of critical systems collapsing – and there’s no guarantee a hacker will deliver on their promises. The Emory Healthcare breach follows a growing trend of ransomware attacks targeting the industry. Although healthcare in general is making strides to prevent ransomware, organizations will continue to fall victim to ransomware attacks due to the overwhelming volume of security alerts generated per day combined with limited IT security resources to thoroughly investigate each threat.
We also envision the potential for the ‘ransom’ approach of cyber-attacks to expand to other methods where attackers gain administrative control over systems, access control services, and medical devices thereby locking out medical staff until a ransom is paid. This would introduce a whole new risk equation for the healthcare industry. We’ve already started seeing attackers taking over administrative control of door locks and other services at places like large hotels, and requiring a ransom be paid before returning control.”
Joe Schreiber at Tufin:
“Open-source databases like MongoDB are attractive targets due to potential misconfigurations that make it easy for attackers to access sensitive information. There are a number of ways healthcare companies can protect themselves and minimize damage when it comes to breaches. First, it’s important to reduce the attack surface through network segmentation since a tightly segmented network can prevent lateral movement and isolate many of these attacks. Additionally, IT automation can help IT teams at hospitals enforce security rules and unify security policy – identifying unused, shadowed, unattached and expired rules. At the end of the day, it’s important to realize there’s no ‘one size fits all’ approach for preventing all breaches – that’s just the reality. However, organizations can respond to an incident without hindering overall business agility through network resiliency.”