Building resilient cybersecurity approaches

The healthcare industry has undergone a rapid transformation through the adoption of electronic health records (EHRs) and digitization. However, this digital revolution has also brought significant cybersecurity challenges. Rushed EHR deployment and sophisticated cybercriminals have exposed healthcare organizations to ransomware attacks, data breaches, and system disruptors. To enhance cybersecurity, organizations need to take proactive measures. This article examines the evolution of healthcare cybersecurity and outlines four crucial steps organizations can take to strengthen their cybersecurity.

Rushed deployment and unintended consequences

The implementation of EHRs in healthcare was accelerated by initiatives such as the American Recovery and Reinvestment Act (ARRA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, which injected substantial funds into the industry for EHR deployment. However, the rush to bring EHRs online focused largely on fielding capabilities that qualified health systems for federal Meaningful Use funding – that funding didn’t include resources for cybersecurity improvements. As initial stages of EHR deployments were completed, many organizations then doubled down with their own investments to bring information systems into business and research departments. Within just a few years, most healthcare organizations became highly dependent on their automated information systems to deliver safe and effective care to patients and families, with only minimal investment in cyber security protecting those systems.

Emergence of cybersecurity threats

Coinciding with the EHR deployment boom, the emergence of cryptocurrencies, such as Bitcoin, provided cybercriminals with an anonymous and untraceable means of conducting illicit activities. This, coupled with the economic incentives offered by the healthcare sector’s valuable data, led to the proliferation of ransomware attacks. The 2016 Hollywood hospital ransomware incident served as a turning point, highlighting the vulnerability of healthcare systems and setting off a gold rush for cybercriminals.

Organized nature of e-crime adversaries

The sophistication and organization of cybercriminal adversaries, often referred to as “spiders,” have created a formidable challenge for healthcare organizations. These entities operate like high-tech businesses, collaborating and specializing in various aspects of e-crime. Operating in the dark web economy, they recruit independent consultants, develop tools and capabilities, and even have a structured dispute-resolution (court) system to resolve disagreements. Subspecializations within the spider ecosystem range from social engineering and access brokering, to zero-day exploitation and money laundering.

Ransomware-as-a-service (RaaS) like Conti have caught the attention of authorities and cybersecurity experts due to their increased activity in the healthcare space. News reports have indicated spider groups like Conti operate like many large businesses, with human resources and marketing departments, employee performance reviews, and event employee of the month awards.

As technology supporting healthcare delivery evolves, so do the spiders. Most recently they’ve continued to sharpen their techniques and tactics focused on exploiting cloud infrastructure — a great concern for those hospitals and health systems expanding their digital health innovation efforts, moving rapidly into multi-cloud solutions. Many of these spiders also work closely with, and receive protection from nation-states, including Russia (Cozy Bear), Turkey (Cosmic Wolf), and North Korea (Labyrinth Chollima).

Related Content: 2023 Cloud Risk Report – FREE white paper

The U.S. Department of Health and Human Services (HHS) has warned about spider groups targeting healthcare, including Conti, LockBit, and BlackCat. In its 2022 report, the department shared data showing ransomware attacks now need less than four days to encrypt a system —a 94% decrease in time from 2019 to 2021. The average ransom grew 45% from 2020 to 2021, but the highest ransom amount skyrocketed from US$30M in 2020 to $240M in late 2021 (a Hive Spider group attack). Further, system downtime increased 18 days in 2020 to 22 days in 2021.

When organizations discover ransomware on their system, they typically notify the authorities who advise them to bring in a good incident response company, such as Crowdstrike.

“In these incident response engagements, we do a ton of forensics and it gives us a lot of information about how the adversaries behave,” said Drex DeFord, executive healthcare strategist for Crowdstrike. “We know that once a bad guy is in the first system that they gain access to, it takes them about an 84 minutes to break out of that system and move to the next system. It happens fast, so if you want to prevent these attacks you have to build the kind of security program that is consistently faster than the bad-guys. ”

Building Resilience: Insights and Recommendations

To disrupt brittle legacy security programs and enhance resilience, organizations must adopt a proactive approach. Here are four key recommendations:

1. Prioritize Security in Digital Transformation. Organizations should ensure that cybersecurity considerations are integral to any digital transformation initiatives. Rushed deployments and decentralized management can introduce vulnerabilities. Therefore, it is crucial to conduct thorough security assessments, adopt best practices, and implement robust security measures across all systems and processes.
2. Strengthen Cybersecurity Culture and Workforce. Investing in cybersecurity culture and workforce development is essential. Organizations should prioritize hiring and retaining skilled cybersecurity professionals, and aligning with trusted security partners. By providing ongoing training and creating a culture of security awareness, healthcare entities can empower their workforce to identify and respond effectively to cyber threats.
3. Embrace Comprehensive Risk Management Strategies. A robust risk management framework is essential to identify, assess, and mitigate cybersecurity risks. Organizations should conduct regular risk assessments, implement multi-layered security controls, and establish incident response plans. Collaborating with trusted incident response companies can provide valuable expertise and support in handling cyber incidents effectively. The further left in the timeline you can detect, respond, and remediate and incident, the more intentionally resilient your security program becomes, and the less change there is for disruptions to clinical, business, and research operations.
4. Foster Collaboration and Information Sharing. Healthcare organizations should actively collaborate with industry peers, government agencies, and cybersecurity experts to exchange threat intelligence and best practices. Sharing information about emerging threats, vulnerabilities, and incident response strategies can enhance the collective security posture.

The healthcare industry’s journey toward digital transformation has brought numerous benefits but also exposed organizations to increasingly sophisticated cyber threats. To disrupt brittle legacy security programs and build intentional resilience, healthcare entities must prioritize security, strengthen their cybersecurity culture and workforce, and adopt comprehensive risk management strategies. By taking proactive steps to address cybersecurity challenges, organizations can safeguard patient safety, protect their reputation, and ensure the continuity of critical healthcare.

CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security for healthcare organizations with the world’s most advanced cloud-native platform for protecting critical areas of risk — endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.

Learn more:  https://www.crowdstrike.com/solutions/healthcare/

Follow us: Blog | Twitter | LinkedIn | Facebook | Instagram

Start a free trial today: https://www.crowdstrike.com/free-trial-guide/