Guarding Healthcare Patient Privacy With Security Intelligence
June 23, 2020 • The Recorded Future Team
Healthcare providers are under tremendous pressure to adhere to a plethora of privacy-related regulations. But now they have to do so while also experiencing unprecedented levels of cyberattacks. Neither of these points should come as a surprise given the value of the data at risk and the diversity of end-users and compute devices in the healthcare industry — not to mention, the IT environments in which medical devices operate.
While new technologies help organizations improve patient care, they also give IT teams a lot of ground to cover when trying to protect patient information and the digital assets of their organizations. Adherence to regulations may help in some cases, but this may also distract from the real task at hand: Improving security posture (versus demonstrating compliance).
In this blog, we examine why cybercriminals target the healthcare industry and how organizations can take on the challenge by leveraging the six principles of security intelligence. By applying security intelligence in the healthcare sector, IT security teams can improve their incident response, vulnerability management, risk analysis, threat analysis, and fraud prevention capabilities to better protect their digital assets, as well as those of patients and healthcare partners.
Protecting Patient Information: A Lot of Ground to Cover
Healthcare providers experienced unprecedented levels of cyberattacks in 2019, according to a recent article in MedCity News. The U.S. Department of Health and Human Services investigated more than 300 cases last year, and cybercriminals breached almost 32 million patient records in the first six months — more than double the records breached in all of 2018.
IT security presents a major challenge for healthcare organizations due to several factors:
- Patients often do not follow account credential best practices and log in to healthcare portals from a variety of devices, sometimes from open, non-secure WiFi networks.
- Doctors and nurses carry a variety of mobile devices with them as they cover their rounds throughout hospitals and other healthcare facilities.
- Medical personnel provide mobile and in-home services travel with both computer and medical devices that oftentimes connect to the cloud.
- Many medical devices are connected to IoT networks via a variety of communications technologies and channels to streamline data flows among medical personnel, as to the status of patient conditions.
Of course, there’s also the IT infrastructure (on-premises and in the cloud) to worry about, as well as desktops and laptops. Sure, all of these technologies help healthcare organizations deliver innovative patient care, but they also give IT teams a lot of ground to cover when trying to protect patient information, as well as the digital assets of their organizations used to provide care.
Remember, availability can be equally as important as confidentiality when it comes to providing care for patients, wherever they are being treated.
An Appealing Target for Cybercriminals
Patient healthcare records are particularly valuable to cybercriminals. They typically contain all the key information to steal a person’s identity — name, address, birth date, phone numbers, email addresses, and Social Security number. Many patient records also include credit card numbers and may list an emergency contact who is often a family member, which aids the identity theft process. There’s also plenty of data available for cybercriminals to conduct a variety of fraudulent activities, including insurance fraud.
What’s the ultimate payoff for stealing healthcare records? A September 2019 article in Healthcare IT News reported medical records were sold for an average of $408 in underground cybercrime markets.
More so than other industries, healthcare organizations are also vulnerable to ransom demands. Given the nature of patient care, hospitals simply can’t wait for security professionals to rescue them if their data or systems are locked up. They often pay ransoms because they simply cannot afford to stop treating patients.
The 6 Security Intelligence Principles
To help healthcare organizations take on these challenges, Recorded Future has developed a security intelligence philosophy. The approach encompasses six principles that guide IT security teams in building a strategy consisting of comprehensive policies and controls:
- Brand Protection: Fake accounts, apps, and websites are often designed to profit from maliciously redirected or accidental traffic. These can all also result in major damage to your organization’s reputation. Effective brand protection empowers you to protect your most valuable asset — your brand — with real-time alerts based on aggregated data from domain registration sites, social media profiles, web pages containing malicious content, and other sources. This makes it easy to find and take down typosquat domains, leaked credentials, bank identification numbers, fake social media accounts, code leaks, and your brand appearing in dark web markets.
- Third-Party Risk Management: Digital connections with suppliers, partners, contractors, agents, temporary workers, and others are now so critical that organizations typically share confidential and sensitive information with hundreds of third parties. Your organization is only as secure as its weakest link; it’s estimated that more than half of all businesses have suffered data breaches through vulnerable third parties. The principle of contextualized third-party risk management helps you make informed decisions and reduce your overall risk with real-time security intelligence about the companies in your ecosystem.
- Security Operations and Response: Security operations and incident response are built on the premise of efficiently identifying relevant, previously unknown threats and responding quickly. This enables IT teams to make faster, more confident decisions based on external threat indicators — automatically correlated with internal threat data in real time, and at scale across vast amounts of data and without any manual research.
- Threat Intelligence: Threat intelligence combines knowledge, data, and context to allow you to prevent or mitigate cyberattacks, and it’s a vital component of a proactive security intelligence strategy. Machine learning and automation make it possible to aggregate data in real time from open, closed, and technical sources. The two technologies then provide searchable context on who is attacking you, their motivations and capabilities, and the indicators of compromise to look for in your systems — so you can make informed and timely decisions.
- Vulnerability Management: Vulnerabilities put your business at risk of attack, and with thousands of critical new vulnerabilities emerging each year, it’s impossible to patch everything, everywhere. Vulnerability management scores risks based on real-time exploitation trends to give IT teams the context they need to make faster, more confident decisions when prioritizing patches and preventing attacks.
- Geopolitical Risk: To defend against and respond to attacks on executives and physical entities, security teams need timely and contextual intelligence. The geopolitical risk principle accelerates critical decision making with contextual OSINT data on geopolitical threats and trends. This makes it possible to protect your people and assets and understand shifting dynamics in the geographic areas that matter to your organization.
These six principles help healthcare IT security teams expose unknown threats and gain access to information that enables better decision-making on proactive and reactive security measures. By producing a common understanding of external and internal threats, as well as threats related to patients, insurers, and third-party service providers, security intelligence can enable security teams to accelerate risk reduction across the entire healthcare ecosystem.
Security Intelligence in Action
Three sample use cases illustrate how security intelligence empowers healthcare IT and security teams to identify, prioritize, and mitigate cyber threats:
- Protecting Medical Devices of All Shapes and Sizes: When medical devices don’t work properly due to malware, doctors and nurses can’t deliver proper care — whether in a clinical setting or at a patient’s home. Defending against malware is often hampered when incident response teams waste time responding to false-positive alerts that come from security information and event management systems, endpoint detection and response systems, and other security technologies. Security intelligence not only weeds out false alerts, but also prioritizes legitimate alerts — enabling response teams to immediately mitigate genuine cyber threats.
- Safeguarding Patient Information: As reported by the HIPAA Journal, many hacking incidents occur in the healthcare industry for months and sometimes years before IT teams detect them. The longer the process takes, the greater the risk to patient privacy and the greater the mitigation costs to the organization. Security intelligence helps minimize losses by enabling security teams to identify compromised assets (including patient records) the moment they turn up for sale on the dark web. This drastically improves breach identification and containment times.
- Improving Resource Allocation: When IT security resources are limited, making good decisions on how to invest in the resources is essential. This includes the utilization of personnel, as well as the deployment of technologies and the development of security policies and procedures. Security intelligence helps healthcare security leaders make informed decisions about which technologies to invest in, who to hire, and which policy and procedure initiatives to prioritize in order to minimize cyber risk.
Applying security intelligence to use cases like these enables healthcare providers to defend their brand reputation. They can even share intelligence with patients to help them protect their sensitive information as well.
Another important group to share security intelligence with is the ecosystem of healthcare providers. By doing so, organizations can help their partners in care avoid breaches that could in turn infiltrate the infrastructures of extended third-party care-delivery ecosystems.
Continue Leveraging Digital Technologies While Protecting Information
Security intelligence provides healthcare providers with a way to continue leveraging digital transformation technologies to communicate with patients and deliver superior care, while also protecting private information. By leveraging the six principles of security intelligence — brand protection, third-party risk management, security operations and response, threat intelligence, vulnerability management, and geopolitical risk — IT security teams can minimize the impact of cyber threats. This makes it easier to protect patient data and other digital assets, as well as those of partner ecosystems across the healthcare industry.
Start making your move toward security intelligence today — download the second edition of “The Threat Intelligence Handbook” and find out how the core principles of the security intelligence philosophy can provide a comprehensive approach to your threat mitigation strategy.