Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
healthcare<br />
PROTECTING DATA TO PROTECT PATIENTS<br />
CYBER CRIMINALS ARE NETTING MASSIVE FINANCIAL RETURNS FROM RANSOMWARE AND OTHER<br />
CRIPPLING CYBERATTACKS AGAINST HEALTHCARE PROVIDERS. HOW CAN THEY BE STOPPED?<br />
MARK SANGSTER, VP AND INDUSTRY SECURITY STRATEGIST WITH ESENTIRE, OFFERS HIS INSIGHTS<br />
Healthcare providers, support<br />
services and technology<br />
manufacturers have emerged as<br />
a favoured target of cyber criminals.<br />
Beyond the headlines of NHS shutdowns<br />
and delayed patient care, multiple<br />
studies, from the Information<br />
Commissioner's Office (ICO) to security<br />
research institute Ponemon, confirm<br />
healthcare as the industry's most<br />
vulnerable to cyber-attacks.<br />
Operational cyber-attack data generated<br />
from 24x7 monitoring of healthcare<br />
providers, insurers and equipment<br />
manufacturers indicate that these<br />
organisations face a significant exploit<br />
every hour of the day, which is four times<br />
more than financial services or law firms<br />
(2018 eSentire Security Operations Data).<br />
Such exploits vary in nature, but require<br />
security expert intervention, after the<br />
exploit evades standard prevention<br />
technologies, such as anti-virus, firewalls<br />
and intrusion prevention systems.<br />
"Headlines about systems hospital<br />
shutdowns only serve to paint healthcare<br />
as a lucrative target and invigorate<br />
criminal activities to develop industryspecific,<br />
contextually-accurate lures that<br />
yield higher success rates in network<br />
infiltration and malware infections," says<br />
Mark Sangster, VP and industry security<br />
strategist with eSentire. "Attacks today<br />
are more targeted and obtain payments<br />
through extortive negotiations.<br />
Ransomware attacks (malware that locks<br />
and encrypts files and then demands<br />
payment to unlock the files) have evolved<br />
to become denial-of-service attacks to<br />
threat medical service disruption and<br />
patient care interruption."<br />
CRIMINAL PROFITS<br />
Stolen medical records also yield tidy<br />
criminal profits. Whether public service<br />
or private practice, medical records are<br />
sold for 150% more than other personal<br />
data.<br />
"Healthcare organisations also face<br />
financial losses and penalties for<br />
mishandling confidential patient records.<br />
In 2016, the ICO fined Brighton & Sussex<br />
NHS Trust £325,000 for the loss of highly<br />
sensitive data including HIV positive<br />
patients. More recently in 2017, the ICO<br />
fined Lister Hospital, a facility owned<br />
by private health company HCA<br />
International, after patients' fertility<br />
records were not secured. Unencrypted<br />
audio recordings were sent to an Indian<br />
transcription company. The files, which<br />
had been stored on unsecured servers,<br />
were exposed to unrestricted internet<br />
searches." The worrying factor is that<br />
these sorts of fines and events will only<br />
increase with the implementation of<br />
8<br />
computing security March/April 2018 @CSMagAndAwards www.computingsecurity.co.uk