Healthcare cyber security is in a critical condition

A broad IT attack surface, years of under-investment in cyber security and large stores of valuable patient data make healthcare organizations (HCOs) an attractive target to hackers. According to a global Verizon study, 15% of breaches in 2018 came from the healthcare sector, with financial motives (83%) the biggest driver. With the US healthcare IT market predicted to grow by over 11% CAGR to reach more than $149bn by 2025, it’s more vital than ever to get solid cyber security procedures in place.

Data loss in the healthcare sector happens on a regular basis. Officially reported breaches in the US last year resulted in 5.3 million compromised records. Meanwhile, in the UK, the WannaCry ransomware caused:

  • Disruption to 34% of trusts
  • Infections 600+ NHS organizations
  • A £92m bill to the NHS

The bad news is that threats like this, and more common attempts to steal sensitive and highly regulated patient data, are gaining in frequency and volume. Almost a third of NHS trusts have been affected by ransomware.

The cyber epidemic crippling US healthcare organizations

Download our infographic to understand the threats US healthcare organizations are facing.

Cyber complexity in the healthcare sector

Complexity is everywhere in healthcare IT. Systems are typically comprised of legacy and modern: from on-premise servers and traditional PCs to cloud platforms and smart endpoints.

Key examples of cyber complexity in healthcare IT include:

Many staff are mobile, which leads to requirements in collaborative tools that increase the security challenge for healthcare IT professionals. Each of these workers is also a potential risk, if they are not trained adequately in areas like data protection and how to spot phishing emails. The GDPR has put ever greater pressure on IT teams in Europe to ensure they have the processes and controls in place to keep patient and employee data safe.

There’s also a potential risk from third-party suppliers to consider. A breach at payment processor AccuDoc Solutions affected two healthcare clients in the US: Atrium Health operates nearly a thousand hospitals servicing over 2.6 million customers while the BaylorScottWhite Medical Center serves 40,000.

Cyber threats such as crypto-jacking and ransomware are also common. The latter is a major threat for HCOs, which are typically seen as more likely to pay up than many organizations, and so represent a lucrative target for attackers. The SamSam strain has actively targeted the sector for several years, extorting tens of thousands of dollars from some US HCOs. According to Verizon, ransomware accounted for over 70% of all malware outbreaks in this vertical globally.

Funding is a recurring challenge. In a recent report to Congress, the industry task force warned that “most health care organizations face significant resource constraints as operating margins can be below one percent”. In the UK, the health service has been given £150m by government to invest in cyber security, and average mean spend on healthcare industry cyber security is second only to financial services, at £16,800.

Modernizing whilst continuing to protect health services

Digital transformation is a priority for many HCOs and can help to improve patient experience whilst reducing costs. But from smart inhalers to electronic patient records, these initiatives can also create extra cyber risks. Read our whitepaper on Protecting and Modernising UK Healthcare for more information.

There are several things HCOs can do to proactively tackle cyber threats:

  1. Appreciate the scale of the challenge and where the main threats are. Privacy and security is one of the key principles of the Department of Health & Social Care’s 2018 vision document for the digital future of healthcare, and it’s crucial that IT teams take this on board.
  2. Perform an IT audit to provide visibility into systems to inspire risk management strategies.
  3. Train staff in correct data procedures and how to spot phishing emails
  4. Take a closer look at DNS traffic via new analytics tools

Healthcare IT leaders should first understand and assess the DNS threat, before carrying out a full IT audit and using new analytics tools to drive visibility via DNS traffic.

Why it’s time for DNS-based security in healthcare organizations

DNS is such an integral part of an organization’s IT infrastructure that it can be easy to ignore it. Traffic is often whitelisted by firewalls because of this mission criticality to the organization. However, this can provide attackers with useful opportunities. Changing the answers to the queries stored by DNS servers can redirect users to malicious or phishing websites, while stolen data can be hidden in DNS traffic and smuggled out of the organization, for example.

With DNS-based analytics, organizations can finally get the visibility they need to ensure security is always at the forefront of any digital initiative.

Why do healthcare organizations suffer more cyber attacks than other industries?

Download our whitepaper to understand why healthcare companies are targets and how to stop threats before they cause harm.

How can Nominet help the healthcare industry harness DNS to improve cyber security?

Whilst DNS is part of the problem, it can also be part of the solution. Nominet provides the technical capabilities for the UK’s Public Sector DNS Service. That makes it an ideal solution to protect CNI industries like healthcare services.

By using advanced algorithms to analyze large volumes of DNS traffic, it can spot even single packets of malicious activity in legitimate data. With these capabilities, healthcare IT teams can detect and block data theft, phishing, botnets, command and control (C&C) malware and much more, before attacks have had a chance to make an impact.