here we go again. The U.S. healthcare system is in a desperate situation when it comes to cybersecurity. Another healthcare cyberattack has made the news, and this one is on a large scale. Change Healthcare, the technology division of UnitedHealth Group, is currently facing an ongoing ransomware attack that is impacting the healthcare system and affecting prescription delivery. This should raise a red flag for any healthcare organization, regardless of its size, but especially for smaller organizations with limited budgets. After all, if a large company like Change Healthcare, which undoubtedly has sophisticated cybersecurity measures in place, can be compromised, what's going to spare your business?
This attack, attributed to the Blackcat ransomware group, also known as ALPHV, highlights the importance of proactive measures to mitigate the risks posed by advanced cyber threats. As of this writing, the attack vector in the Change Healthcare breach has not been identified, but the same group was responsible for his massive September 2023 MGM Resorts hack, which was driven by social engineering. The exploit started on his LinkedIn.
Businesses need to re-evaluate their cybersecurity preparedness and ensure layers of protection from endpoints to email to comprehensive user training.
Lessons learned and actions to take
Although a very devastating incident, this was not an accidental act. For example, through 2023, approximately 1 in 3 Americans was affected by a health-related data breach. The number of attacks continues to skyrocket. These are typically carried out by organized hackers operating overseas and target the computer systems of healthcare providers and vendors and companies that provide healthcare services. Most of the large-scale hacks targeted vendors that provide billing, mailing, or other services to hospitals, doctors, and other health care providers.
Over the past year, more than 133 million medical records have been exposed in data breaches carried out primarily by hackers who attacked healthcare providers and their vendors, penetrated computer systems, and demanded ransom or other payments. did. This is a record number of people affected. According to a HIPAA Journal analysis, there were an average of two health data hacks or at least 500 record thefts every day in the United States last year.
The most important lessons learned from this incident and others like it are to increase organizational awareness across healthcare organizations, deploy advanced endpoint detection and response (EDR) solutions, and continue monitoring endpoint activity in real time. This means that you need to monitor it closely. EDR approaches are effective at detecting and responding to anomalous behavior that indicates a potential compromise.
While large enterprises may have the resources to implement a comprehensive cybersecurity infrastructure, smaller organizations can also take steps to prioritize strategic investments to strengthen their defenses against evolving threats. must be taken. After all, healthcare businesses and related vendors could be the next Change Healthcare.
Risk mitigation is keyI
Cyber attacks can not only cause business interruption, but also expose your business to legal repercussions. For example, in the case of the 2023 HCA Healthcare breach, which affected more than 11 million patient records and was one of the largest incidents of the year, the legal challenges resulting from that breach are relentless for the healthcare system. Thing. Lawyers for more than a dozen affected patients said in a statement that they “want to hold HCA accountable for its unacceptably inadequate data security measures” in connection with the data hack. One patient's lawyer said: USA Today“If you're in a business that collects (personal) data, you better take care of that data.”
Additionally, these incidents highlight the critical role of employee training in mitigating cyber risks. Phishing attacks, a common vector for ransomware infections, often exploit human vulnerabilities through fake emails and other communications. Therefore, medical institutions of any size Employees should be provided with comprehensive security training, educating them on how to identify phishing attempts, be careful when handling email content, and promptly report suspicious activity to IT. . To instill a culture of vigilance and proactive risk management among people working in and across your organization, you should conduct regular security awareness training and cover broader cybersecurity topics in your sessions.
In addition to technical and human-centered defenses, organizations should prioritize establishing robust access controls and password policies. Implementing multi-factor authentication (MFA) and practicing strong password hygiene can significantly reduce the likelihood of unauthorized access to critical systems and sensitive data. Additionally, health systems should develop, implement, and regularly test backup and disaster recovery plans to ensure timely restoration of operations and data in the event of a ransomware attack or other cybersecurity incident. .
What cannot be overlooked is that all healthcare organizations must take proactive steps to minimize the impact of cybersecurity incidents. By developing comprehensive incident response protocols that include threat identification, containment, investigation, and recovery procedures, these organizations are able to mount a coordinated and effective response to security breaches, thereby increasing You can reduce potential damage and minimize business interruption.
Finally, regulatory compliance should not be ignored, especially in industries subject to strict cybersecurity regulations such as healthcare. Ensuring compliance with relevant standards and frameworks such as HIPAA provides a fundamental framework for implementing effective cybersecurity measures and protecting sensitive data from unauthorized access and disclosure. But you need to do at least more than that to protect against attacks.
Cybersecurity issues persist
Healthcare continues to be a prime target for cybercriminals seeking to exploit vulnerabilities in digital systems for financial gain, and smaller healthcare organizations and groups are also at risk. While large healthcare organizations often make headlines for data breaches and ransomware attacks, the reality is that smaller healthcare organizations are equally susceptible to these threats, but are not properly managing them. may lack the resources or awareness to defend themselves. For every Change Healthcare or HCA, there are thousands of small shops with tons of data waiting to be mined.
Daily reminders and headlines are a clear reminder of the urgent need for healthcare organizations of all sizes to prioritize their cybersecurity investments and efforts.
For many small healthcare organizations, the concept of cybersecurity can seem distant or abstract, overshadowed by the day-to-day demands of patient care and administrative tasks. However, ignoring cybersecurity can have devastating consequences. Ransomware attacks, in particular, can disrupt operations, compromise patient data, and cause financial harm to clinics that are unprepared to respond.
The healthcare industry is plagued by persistent, ongoing, and evolving threats that threaten organizations every day, but businesses don't have to be immune to these attacks. Small organizations may lack the extensive resources available to larger enterprises, but next-generation AI-powered threat detection technology, managed solutions through IT partners, employee training, access controls, and incident response plans. , and strategic investments in regulatory compliance can significantly strengthen. Cyber security preparedness.
Healthcare organizations must take a proactive and holistic approach to protecting data from data breaches and other threats. Companies must protect their operations and remain vigilant about security measures for patient safety.
As industry insiders believe, this was no small attack, nor was it a one-off. It is expected that such activities will continue nonstop in the future. And these won't forever be limited to big companies.
About Usman Chaudhary
As General Manager of VIPRE Security Group, Usman Choudhary is responsible for executing the company's product vision and strategy for advanced threat protection solutions. He contributed several patented innovations in the early stages of the security field, and has influenced the evolution of mission-critical cyber defense programs for the U.S. Navy (PROMETHEUS) and other government agencies, as well as security programs such as Microsoft. contributed to giving. Large companies. Prior to joining VIPRE, Usman held several product leadership roles developing identity and security businesses at NetIQ, Novell, and eSecurity. Previously, he spent 10 years working in technology innovation in the global securities industry. Usman received his bachelor's degree in computer engineering from Rutgers University School of Engineering and his executive leadership education at his school of business at Harvard. In his personal time, Usman regularly contributes to several nonprofit service causes in the country, and in 2013 he received the prestigious United States Presidential Convocation Award.
