Keeping up with fast-changing cybersecurity threats is a challenge in all industries, especially in the healthcare industry, where large groups of cyberthieves join forces to create more coordinated and devastating attacks. Over one-third of healthcare organizations report that they were hit by ransomware over the past 12 months, according to a recent report. Partnership HealthPlan of California was subject to one such attack, targeted by the group “Hive,” which is among the top ten global ransomware groups and known for targeting healthcare organizations. The breach resulted in the loss of 850,000 patient records or 400GBs of data stolen from the organization.
Healthcare payers are frequently the target of such attacks because they have a treasure trove of highly sensitive and valuable data. From a hacker’s perspective, the more valuable the data, the higher the likelihood of getting paid. The good news is that you can mitigate risk by understanding how thieves access systems and by rethinking existing security and safeguards.
How bad actors sneak into your systems
Cyberthieves look for the path of least resistance when searching for an entry point into your system. Why invest time in a challenging target when they can instead pivot and focus on an easier path to their goal?
The target of an attack may be a large healthcare payer, but if that company has robust security safeguards, gaining entry is difficult. However, if the healthcare payer works with third-party vendors, and some of those vendors have weak security controls, that becomes the path of least resistance — and the payer’s most significant security threat.
Organized cyberthief groups use tactics, techniques, and procedures (TTPs) to target their victims, and targeting “little fish” to get to “big fish” is a key TTP of ransomware group Hive. As a result, payers need to focus on their own security as well as that of their partners.
Using single-factor authentication or having an excellent security team in place is no longer enough to protect against evolving threats; organizations need much more to keep data safe and out of the clutches of cyberthieves.
Protecting against bad actors — best practices
In cybersecurity, we’re constantly talking about risk management. The first step to good risk management is identifying specific risks to your company and how badly an attack could affect you. This starts with a business impact analysis, where you make a list of everything important to your company, such as data, processes, assets, and more, and attempt to put a price tag on losing it.
Understanding where a breach will cause the most damage helps you prioritize time and resources. A few best practices to consider include:
- Use multi-factor authentication for everything. Passwords aren’t sufficient, regardless of the complexity of the password or how often you change it. For example, if your password is Kiriworks with a capital “K,” modern rainbow tables can solve that offline in a little over a week, or even faster if the password is reused elsewhere.
- Create a security culture. Ninety percent of all cyberattacks start with a phishing email to an unexpected victim. Unfortunately, humans are always the weakest link. Even the best security team can’t be everywhere, and attackers have the advantage of choosing the time and the place to That’s why you need a workforce that is educated and suspicious of phishing email links.
- Trust, but verify. Do you think you can quickly recover from ransomware? Wargame test your response to identify servers and processes that need improvement. It’s better to identify potential weaknesses early and update your incident response plan than to walk into the CEO’s office to report that you’ve lost sensitive data.
Improving your security isn’t only about preventing today’s attacks but also about closing loopholes for future attacks. A healthcare payer that gets attacked, for example, may pay cyberthieves to release its data. After getting paid, the bad actor might stay in your network undetected, and if they do, chances are they will hit you again.
Evaluating existing security safeguards, improving critical areas, and better understanding third-party vendor security will help you close off the easy paths thieves can use to access your data and steal sensitive information.