Earlier this year in February, a shocking, but not uncommon cyber crime incident was unveiled to public, about a hacker named fallensky519 breaching an undisclosed major Indian healthcare website to steal around 6.8 million healthcare records.
The stolen data was noticed to be on sale in underground web markets for around seventeen hundred dollars. The operation was discovered by the US based agency, Fireye, and was linked to China based advanced persistent threat groups who are suspected to have been frequently targeting healthcare institutions, especially those that are involved in cancer research and treatment.
Research and reports indicate that the motive behind such an attack could be twofold.
1. China’s desperate need for quick innovation due to its severing concern of cancer related deaths
2. A plan to stay ahead of western competition owing to China’s booming pharmaceutical industry
Even though, the cyberattack stole personally identifiable information (PII) and credentials of doctors and patients, and leveraged it for monetary benefits, signalling that it did not lead to high severity implications, there is no question of it being taken lightly by the healthcare industry. If anything, these attacks signal to a bleak future in terms of health privacy which will form a critical aspect of our digitally driven lives in the coming years.
A bigger picture
While peeking into this attack incident and several other related ones, let’s find important insights to paint a bigger picture of what this means and where this could be headed.
A brief overview of the details
- Over the last decade, more than a thousand attacks have been aimed at exploiting the not so cyber secure healthcare industry.
- Affected organisations include those hailing from biomedical, healthcare and pharmaceutical industries.
- More than a hundred million patients have been exposed to data and security theft as a result.
- Countries like US, UK, India and Japan have been at the gunpoint of Chinese and Russian APT groups.
- Most of the stolen records are available for sale in dark web markets at prices between 200 and 2000 dollars or for bitcoins that go up to 300 units.
- Attacker are mostly after Personally Identifiable Information and Protected Health Information that they could monetise or use for other intelligence purposes.
Leakage at a glance:
From patient data to medical equipment data, a lot is at stake due to these threats. Till now, attacks have been targeted to collect various types of sensitive information on a massive scale. Some of these are:
- Patient medical record files
- Doctors’ records
- Credentials of users
- Clinical trial data
- Research and development data
- Funding related information
- Employee and staff details
- Personal addresses of patients
- Data related to innovation and technology
- Medical equipment data, including imagery
- Tax and other finance related information
Exposure to threats:
Healthcare organisations are a central part of a nation’s infrastructure and they are now suffering millions in losses due to data breaches. Some of the most common cyberthreats in this field point to:
- Employees becoming vulnerable to phishing attacks
- Systems getting used for cryptomining
- Doctors and other staff being subjected to keylogger and other privacy threats
- Hospitals and organisations becoming victims of extortion due to ransomware
- Backdoors and malware being installed in infected systems
- Servers being attacked to access massive databases
- Domain and IP addresses being stolen
- Complete takeover of computers and networks being exercised
Reasoning it out:
The motives behind these attacks have been diverse, depending on different cases. Most of them are, but not limited to:
- Launching further attacks of higher intensity
- Collecting and selling intelligence information on dark web
- Targeting specific high profile individuals
- Gaining an unfair advantage over other nations in terms of healthcare innovation with the purpose of boosting one’s economy
How worse could be the future
The world is getting digitally integrated every second, and healthcare industry is not a stranger to it. In fact, improvement in healthcare is one of the key reasons why the digital revolution is so rampantly maturing all over the world. Various groundbreaking innovation and technological leaps have been made in the past years, like artificial intelligence and Internet of Things, which have been quickly applied to the health sector. Not to mention that these life saving yet risky inventions have countless humans already using them across the globe.
1. Risk to remote patient monitoring devices
Think about pacemakers and other implants that come with remote access and control for better efficiency. Now, imagine the nature and proportions of risks these technologies could inflict on humans if they are not secured with responsible diligence. Attackers with nefarious intentions could leverage the lack of strict cyber security in public and private entities to compromise such devices and threaten a person’s life in a matter of seconds.
2. Risk to medical equipment and health procedures
Medical equipment and systems in institutions could be caused to shutdown, either intentionally through DDoS and other attacks, or unintentionally due to lousy incident response and handling by the target. It is not difficult to imagine that these shutdowns could have a life threatening impact on patients in critical medical situations.
3. Financial risk
The financial risk that is calculated (or fairly predicted) is only supposed to multiply in the coming years. The cost of breaches faced by healthcare sector is expected to hit trillions in the next year, not to mention other implied losses, like legal and reputational.
Fighting for security
It is time that healthcare organisations get their security priorities in line while other sectors take this as a warning note. here are some ways, you can minimise your security breaches:
1. Employee training: It is vital that your staff is not just aware but capable of basic cyber security know-how as most of the attacks start in the form of social engineering like phishing.
2. Encryption: Rigorous encryption of data is necessary to keep sensitive information safe from unauthorised access.
3. Recruitment of cybersecurity specialists: Organisations need to drop the attitude of hiring security experts in case of emergencies and need to actively hire experts to assume cybersecurity positions on a permanent or recurring basis. A separate department should be set up, headed by a Chief Security Officer.
4. Investing in tech: Investing in cybersecurity technologies and mechanisms that can keep your networks and critical systems secure is profitable for those who want to sustain in the long run.
5. Employee education: Unlike employee training which is a once in a while, basic safety measure, organisations could sponsor employees’ cybersecurity education to enable internal hiring and create a win-win scenario. This is an effective method since cyber security professionals are in a stark shortage of supply as compared to their humongous demand all over the world. (It is also one of the main reasons of rising cyber crimes and resulting losses)
Cybersecurity is the need of the hour and an industry like healthcare needs to either evolve and fix the gaps immediately or prepare to face the grave consequences and slowly fade away.
Tell us what you think about this whole study and know more about how you can grow your security.
Read more. Know more. Grow more.