By Tomasz Kowalski, CEO, Secfense
According to a Trustwave report, medical data may cost up to $250 per record on the black market, while stolen payment card data is sold for $5.40. That is why the healthcare institutions are becoming the main vector of cybercriminals attacks. How to defend against them? The right approach is to protect the space where usually attacks come the most often so the accounts of all employees of clinics or hospitals.
Zero trust security is a cybersecurity concept that implies a total lack of trust in users, systems, or services within the network. What does this mean and how does it relate to the safety of the healthcare industry? Zero trust relies on 100% certainty that the right person is on the other side of the computer, and not a thief who wants to take over your sensitive data.
Medical data worth its weight in gold!
Medical data is extremely attractive to cybercriminals. Mainly because intruders know very well how to cash them. Theft of medical data can threaten the reputation of individuals or institutions and cause enormous damage. That is why all healthcare facilities must remodel their approach to IT security as soon as possible and base it on strict user authorization, restriction of permissions and limiting access to medical resources in accordance with the principle: never trust, always verify.
One of the latest media attacks against a medical institution was an attempt by intruders to get into the computers of AstraZeneca employees (including those who worked on the Covid-19 vaccine).
North Korean cybercriminals used phishing and social engineering claiming to be recruiters. According to the Wall Street Journal the attackers also tried to steal vaccine information from Johnson & Johnson and Novovax, as well as from three South Korean drug makers.
The credential theft – employees’ passwords and logins – is one of the most common causes of attacks on medical institutions today.
Cybercriminals usually send an e-mail designed to trick the person into thinking that the message comes from a legitimate source and then obtain credentials. Bad actors also often use WhatsApp or LinkedIn messengers, as happened in the case of the attack on AstraZeneca.
Why is this happening? The healthcare industry is one of the worst when it comes to data security knowledge. Data from the Wombat Security’s learning management system shows that 23% of best practice questions are answered wrong on average by medical personnel. Fraudsters know that very well. The difficult period associated with the pandemic only makes it easier for them to get access to extremely valuable information, for which, for example, they can receive a large ransom (ransomware attacks).
User access security broker is an approach to cybersecurity consistent with the zero trust security approach. It triggers MFA during a login session on any hospital or clinic web application – regardless of whether the person logging in is currently at the facility or works remotely. Before the employee enters the application or system, he must enter, for example, a one-time code or verify his identity through face biometrics or a fingerprint.
What’s important is that the integration of MFA takes place without changing the protected application’s code. This basically means that the security broker can add multi-factor authentication on the accounts of all employees in any number of applications without any subsequent support for IT specialists, who are constantly lacking in the medical sector. It also allows for convenient scaling – simple and quick adding of users and protected resources, regardless of their number and complexity. Moreover, organizations do not have to share any of their information with third parties – strong authentication can be easily applied to the current infrastructure without long and tedious programming. This is important in the case of dynamically developing private hospitals and medical clinics.
Cybercriminals use the pandemic very efficiently and target the weak points of the healthcare system. Therefore, medical facilities must ultimately do a very difficult task and protect not only selected, but in reality all applications used by their employees on a daily basis. This could mean using advanced analytics to track identities on their network, multi-factor authentication, and enforcing “least privilege policies” for specific accounts.
One thing to remember – flexibility, scalability and speed of response in the case of precise and increasingly sophisticated attacks will be a key factor influencing the final result. Well-thought-out choices in this context really pay off. The costs of healthcare attacks are growing exponentially as prolonged system downtime not only hampers but often paralyzes medical care for patients.
About the Author
Tomasz Kowalski is a CEO and co-founder of Secfense. He has nearly 20 years of experience in the sale of IT technology. He was involved in hundreds of hardware and software implementations in large and medium-sized companies from the finance telecommunication, industry and military sectors. Tomasz can be reached online at (firstname.lastname@example.org, Tomasz Kowalski | LinkedIn) and at our company website https://secfense.com/