The threat landscape is a moving, shifting form that looks different to different organizations. For today’s healthcare organizations, the list of cyber-threats only continues to grow. Successfully protecting your organization from these threats is of utmost importance.
Why are healthcare companies being targeted? In most cases, it goes far beyond just attempting to steal hospital credit card and payment data. Other targets include the following:
- Medical records for fraud, so attackers can print new healthcare cards or replicate prescriptions
- Medical records for identity theft, in which fraudsters steal records from recently deceased patients
- Identity theft for tax evasion or loans, in which attackers leverage personally identifiable information (PII), such as Social Security numbers or dates of birth for various tax or monetary schemes
Looking to protect your healthcare organization from today’s top threats? According to our threat intelligence efforts, the following are the top five threats to be on the lookout for and some recommendations on how to stay one step ahead of attackers:
Ransomware is malicious software that covertly encrypts your files so you are unable to access them, then demands payment for their safe recovery. When malicious hackers ransom patient data, caregivers are left unable to provide care to their patients.
Common ways to recieve ransomware include phishing attacks and malicious documents, links, and attachments. A variety of healthcare organizations have been targeted by ransomware campaigns such as NotPetya and SamSam.
Expert tip No. 2: Patch vulnerabilities and disable Office macros to minimize the risk and impact of a ransomware outbreak.
2. Cryptomining / Cryptojacking
Cryptomining is the use of a computer’s resources to perform complex mathematical calculations to ultimately generate cryptocurrencies. When an attacker uses your IT infrastructure to mine cryptocurrency without your knowledge, that’s cryptojacking. Cryptomining can come in a variety of forms, such as through phishing attacks delivering malware, and websites using browser-based mining. Hospitals and other healthcare organizations are increasingly common targets of cryptocurrency-mining software because they contain so many computing resources that are operational 24/7, making them ripe for continuous mining.
Expert tip No. 1: Make sure you maintain appropriate whitelists and blacklists for your applications so rogue programs can’t easily settle in.
Expert tip No. 2: Monitor process execution chains on your endpoints for anything out of the ordinary.
3. Insider threats
Insider threats come from internal employees who have access to sensitive data and expose such information from either being negligent or having malicious intent. For example, employees can fall victim to social engineering campaigns that lead to sensitive data leaks. Some recent insider threat data breaches in the healthcare space include theft of an unencrypted laptop and employee errors exposing patient data.
Expert tip No. 1: Make sure your employees understand HIPAA requirements and what is considered improper access of patient data.
Expert tip No. 2: Educate employees about when they are able to transmit sensitive data to patients, their guardians, other healthcare providers, pharmacies, and insurance providers.
Expert tip No. 3: Understand the three components of an effective anti-phishing program: block the obvious stuff, empower your employees, and detect compromised users.
4. Advanced persistent threats
Advanced persistent threats (APTs) are stealthy and continuous attacks against targeted organizations for political or business-related motives. Some common attack methods include social engineering, vulnerability exploitation, and zero days. Notable APT attacks against healthcare organizations have resulted in millions of patients having their information breached.
Expert tip: Know your network top to bottom, as this can be like looking for a needle in a haystack.
5. IoT botnets
IoT botnets are a collection of compromised Internet of Things (IoT) devices such as cameras, cardiac implant monitors, wearables, and other devices with an IP address and the ability to connect to a network. These devices pose easier routes of entry onto your network and often fly under the radar due to employees connecting to the network without security experts involved. Botnets such as Reaper and Mirai are also on the rise.
Expert tip No. 1: Monitor ingress and egress traffic on your network to understand all devices and IPs connecting to your network.
Expert tip No. 2: Change the passwords of your IoT devices frequently and make sure the firmware is always up-to-date.
Overwhelmed by all the potential threats and looking for help to monitor your network? With Rapid7’s Managed Detection and Response services, finding the time, talent, and technology to expertly detect and respond to breaches isn’t your problem—it’s our mission.
Our Managed Detection and Response service is different than the traditional MSSP. Our team will provide 24/7 threat detection and response in your environment while giving you complete visibility into what’s happening, why it’s happening, and how to prevent it from happening in the future. This means your organization can finally have everything it needs to stay safe, without taking on more work.