James Thew - Fotolia


Healthcare security breaches: Tactics attackers use and what to do

A healthcare security expert describes the common and emerging tactics attackers use during healthcare security breaches and what to do to protect against them.

Healthcare security breaches, such as data exfiltration, data manipulation and data wiping, affect healthcare organizations daily, according to Josh Singletary, CIO of the National Health Information Sharing and Analysis Center. But, he said, you can take steps to thwart such breaches.

Attackers use different methods to worm their way into an organization's systems. Perhaps one of the most well-known cyberattack tactics in healthcare is phishing, Singletary said. It is, after all, the most common way ransomware enters into healthcare organizations.

But other healthcare security breaches tactics include exploit kits and malware.

"You click on a link, and it takes you out to a website. That website then has malware loaded; it downloads right to your computer," Singletary said

He explained that another way attackers sneak malware into an organization is through ZIP files.

"Maybe they send you a ZIP file inside of your email that you then double-click on, thinking it's something valuable. That then extracts a decent document that you're not really aware of what it is, but in the background, it's running malware on your computer," Singletary said. "It's running things like keyloggers, it's loading RATs [remote access Trojans], it's loading different capabilities to allow hackers to get inside your system."

However, Singletary said that, within the past month, attackers have migrated to distributed denial-of-service (DDoS) tactics, where the attackers emails the CISO or the CEO of an organization and says, "We're going to DDoS your organization with traffic."

"They're using bots, they're using different computers that are around the world to be able to send all these requests to a single server, and that then will shut down a server, or at least bog it down so heavily that ... requests can't get in," Singletary said.

The necessary steps to ensure security

Singletary recommends organizations take several different measures to protect themselves against healthcare security breaches.

Patching: "Not all systems can be taken down right as the update is released, and so you really want to make sure that you have the capability to get your systems up to date, take them offline [and] have great backups in place," Singletary said.

Two-factor authentication: Singletary said to not just have a username and password, but also to have some other way to authenticate an individual getting into a system.

Measure your enterprise risk: "If you were to get hit by ransomware, it would freeze up not only your main systems, but also your backups. What would you do at that point? Who gets involved? Who has the capability to get your systems back up? Do you pay the ransom?" Singletary said. "These are all questions that you all should be asking."

Network segmentation: Singletary said that, if, for example, the accounting systems don't need to be connected to other systems in a healthcare organization, then don't connect them.

Sharing information is really valuable to other organizations that are going to face the same issues down the road.
Josh SingletaryCIO of the National Health Information Sharing and Analysis Center

"Keep them completely separate. Keep them air-gapped. Keep the users completely separate, as well. Don't have a master ... for all of your different systems because, if that credential gets compromised, then that hacker can jump from different systems, as well," he said.

Education and training: "Make sure your employees understand exactly what they need to do on a day-to-day basis to keep your organization safe," Singletary said.

Information sharing: This may not be what a lot of people think. What Singletary means by this is really sharing information about data breaches.

"Sharing information is really valuable to other organizations that are going to face the same issues down the road," he said. "Maybe, at the same time, they'll be able to update or at least know that it's coming. And if they're sharing information, you're able to update your system, as well."

Next Steps

Learn about the best practices for mobile security in healthcare

The new threat landscape is made up of medical devices

There are new cybersecurity technologies that can help prevent attacks

Dig Deeper on Electronic medical records security and data loss prevention