The following is a guest article Troy Hawes, Managing Director moss adams
of Recent Cyber Security Attacks The health care protests have caused dramatic disruption to one of the nation's largest prescription processing companies.
On the morning of February 21, 2024, the ransom group BlackCat directed a cyberattack against Change Healthcare, which is owned by healthcare conglomerate UnitedHealth.The attack took down Change Healthcare's systems for three weeks and also caused the Department of Health and Human Services (HHS) to expand Accelerating payment and financing programs for healthcare providers affected by the attacks, similar to aid rolled out during the pandemic.
This attack provides insight into how organizations in the healthcare industry are financially impacted by these attacks, what the attacks look like, and how to proactively respond to them. It sparked a long overdue discussion.
The cost of a cybersecurity breach
At the heart of cybersecurity is how to protect valuable data and personally identifiable information (PII) such as credit card information, social security numbers, and tax records. For healthcare organizations, data and information are considered: very valuable This is because it contains PII and other health information that can be used for insurance fraud and identity theft.
As a result, the healthcare industry has a huge target on its back, as the data it stores is extremely valuable to malicious actors. Data is also needed to maintain patient service, so when cybercriminals use ransomware to make that data unavailable, healthcare organizations struggle to provide patients with the care they need. It will be.
The cost of allowing a data breach to occur can have a significant financial impact on an organization. According to the 2023 Cost of Data Breach Report published by IBM and Ponemon Institute, the average cost of a data breach to a healthcare organization is approximately $10 million. For healthcare organizations, this number can change significantly depending on the impact of the attack. A large-scale cyberattack like the Change Healthcare attack can cause an organization 10 times more damage than average. Recent examples include the Tenet Healthcare cyberattack in 2022. 100 million dollarsand CommonSpirit Health's 2022 cyberattack that reportedly caused damage. $160 million.
While the overall financial impact of the Change Healthcare cyberattack will not be known for some time, it may include the following: $22 million ransom payment Clearly, those established by medical organizations will likely only receive a fraction of the economic damage they will suffer as a result of the attack.
Analyze cyber attacks
Unfortunately, malicious actors did not have much trouble gaining access to the healthcare system. As of mid-March, 117 other medical institutions According to HHS, a cybersecurity breach could occur in 2024, impacting approximately 13 million patients.
So why are healthcare organizations so vulnerable to breaches?
This is often due to a high number of points of entry into an organization from medical devices and other internet-connected devices, the use of outdated systems, a lack of cybersecurity education and awareness, and inadequate security budgets. . Malicious attackers exploit these weaknesses by repeatedly using a variety of methods to obtain valuable medical data, often using social engineering tactics to manipulate healthcare workers and compromise their systems. leak sensitive and personal information that can be used to infiltrate.
The introduction of artificial intelligence (AI) in cybersecurity has made these attacks and tactics more sophisticated and difficult to mitigate. AI will change the way malicious actors target organizations and dramatically change the cybersecurity landscape.
For example, not only can AI-powered tools allow attackers to generate phishing emails that more closely resemble real-world scenarios in which healthcare workers are susceptible to infection, but the technology also allows malicious actors to Now you can execute phishing emails at scale, better, and faster. . Therefore, it is difficult to identify attacks generated by AI. Hackers also leverage his AI to quickly collect and analyze stolen data and information, making it easier to cull datasets to sell on the black market or hold for ransom. I'll make it.
Unfortunately, AI-based cyberattacks pose a major threat to the already fragile healthcare industry. However, organizations can leverage AI to fight back.
Building a proactive cybersecurity stance
Proactive cybersecurity is part of new strategies to keep organizations protected. Too often, healthcare organizations take a more reactive cybersecurity stance. That is, they choose to focus on remediating breaches when they occur, rather than predicting vulnerable systems and preventing attacks.
Healthcare organizations can better protect themselves by moving to a more proactive cybersecurity stance. This focuses on identifying where your biggest weaknesses are, where breaches are likely to occur, and proactively working to strengthen those gaps. For healthcare organizations, these gaps are typically in older systems and the number of networked devices.
To build a proactive posture, it is important for organizations to conduct a risk assessment to know where their biggest weaknesses and holes are. Cybersecurity risk assessments and analyzes should be performed at least once a year to ensure that all assets that may process, store, or transmit sensitive data can be identified and protected.
Third-party security assessments and penetration testing allow experienced security consultants to assess your system, identify where potential security holes exist, and provide recommended remediation actions. Tools such as Enhanced Detection and Response and similar solutions collect and correlate data across all systems to provide proactive alerting and mitigation activities, which are essential tools for proactive response to threats.
Healthcare organizations can also employ unique AI-powered tools such as predictive analytics, threat detection, and response systems to proactively protect patient PII. These tools use AI algorithms to detect and identify potential threats before they emerge. As AI algorithms continue to improve over time, AI-powered tools can leverage advanced machine learning techniques to mitigate emerging threats, perform real-time threat intelligence, and quickly respond to cyber threats. It will look like this.
Adopting a more proactive cybersecurity stance and modern mitigation strategies can help healthcare organizations thwart attacks. As the healthcare industry awaits the aftermath of the Change Healthcare breach, the ripple effect could be a catalyst for change, motivating healthcare providers to arm themselves with more modern and robust threat protection systems and tactics. there is.
About Troy Hawes
Troy is the Managing Director of Moss Adams' Cybersecurity Consulting Division, where he has been providing IT consulting services since 2001. Troy serves clients in a variety of industries, including communications and media, technology, healthcare, and higher education. He is adept at addressing the specialized IT compliance and security needs of hospitals, providers, private businesses, governments, and tribal organizations. Troy is a frequent speaker and published thought leader on IT compliance and cybersecurity topics.
Receive the latest healthcare and IT articles every day
Join thousands of Healthcare and HealthIT colleagues who subscribe to our daily newsletter.
