In 2024, there's more than one healthcare crisis to watch out for. In this case, it's cyberattacks. Cyberattacks are on the rise, increasing 136% in the last year alone. Of course, this doesn't include the number of major healthcare breaches that have occurred this year. Overall, these breaches have stolen more data than ever before and caused widespread damage, costing healthcare organizations an average of $11 million per breach.
The latest breach targeted Ascension Healthcare, which operates 140 hospitals across 19 states. The attack disrupted operations, forced ambulances to be diverted, and limited patient access to services. In the articleIn this article, we explore the causes of this incident and provide practical guidance to help healthcare organizations avoid becoming the next statistic.
The attack on healthcare continues
The recent cyberattacks against Ascension and United Healthcare are indicative of a broader trend in the healthcare industry. Attackers understand that the data needed to deliver healthcare services is extremely valuable. It contains a wealth of sensitive data, everything from patient health information (PHI) to detailed billing information needed to bill patients, all of which can be used to commit fraud. Even if not used by threat actors themselves, PHI is highly valuable on the dark web, allowing attackers to quickly profit from an attack.
Attackers also understand that unlike many other businesses, healthcare services cannot afford to simply shut down to deal with a breach, which is why many organizations choose to pay the ransom straight away rather than face a prolonged outage, which encourages criminals to try to extort them multiple times with the same attack.
Understanding the Ascension Violation
Ascension Healthcare System underwent a significant cyberattack that was first detected on May 7th, resulting in a swift system-wide shutdown to mitigate further damage. The breach had widespread impacts on critical systems, including the Electronic Health Record (EHR), MyChart patient communications platform, and medication and test ordering systems. The disruption forced the suspension of non-emergency procedures and the diversion of some emergency services, highlighting the severe impact on operations.
In response, Ascension engaged the expertise of cybersecurity firms Mandiant and Palo Alto Networks to respond to the incident and strengthen its defenses. Communications with patients were quickly managed and patients were advised to bring important medical information with them to appointments as their systems had been compromised. The ongoing investigation seeks to determine the scope of the data breach and ensure compliance with regulatory obligations to notify affected individuals. Once again, cybersecurity became a matter of damage containment, not threat prevention.
Understanding the ransomware threat
Ransomware attacks are not limited to the healthcare industry. Ransomware encrypts victim's data and renders systems inoperable until a ransom is paid (usually in cryptocurrency). These attacks can come from many entry points, including phishing emails and shared files. Ransomware often exploits software vulnerabilities to rapidly infect the system it attacks and attempt to spread across a network of systems.
Ransomware is particularly dangerous because it targets the healthcare sector, which relies on continuous access to patient data and life-sustaining medical equipment. The impact of system downtime goes beyond financial costs, severely impacting patient care through delays to critical medical procedures.
But the threat doesn't stop there – attackers could also threaten to release the locked data unless the ransomware is paid, which could put healthcare organizations in violation of numerous compliance regulations such as HIPAA, GDPR, and CCPA, potentially resulting in fines, mandatory corrective action programs, or even lawsuits from affected individuals.
Preventing ransomware breaches
Preventing ransomware attacks in healthcare requires a comprehensive approach that eliminates threats while simultaneously protecting sensitive data. Traditional antivirus (AV) is great at stopping known threats, but attackers are constantly evolving their malware to evade AV detection. This allows ransomware to gain a foothold and encrypt devices or sideload other software, such as rootkits, allowing attackers to steal valuable sensitive data.
Once an infection begins or a breach occurs, data is easily accessible and the damage has already begun. By introducing an additional layer that can sanitize information stored in structured data, such as databases, or unstructured data, such as documents, teams can prevent unmasked data from falling directly into the hands of attackers.
Stop the ransomware threat with CDR
AV effectively stops known threats, but it also needs to be enhanced to stop new and evolving threats. This is where Content Sanitization and Reconstruction (CDR) comes in. CDR doesn't rely on detection, it breaks down files and reconstructs them with only known good components, eliminating new threats as well. Advanced CDR solutions can restore files with the same level of fidelity and functionality as the original, making the difference indistinguishable to end users. By integrating with CDR communication pathways like email, collaboration tools, and cloud storage, data is automatically sanitized without extra steps or burden on users. This is especially important in the busy healthcare sector.
Further protecting sensitive data with DDR
In healthcare, protecting sensitive data is paramount, and Data Discovery and Response (DDR) plays a key role in this protection. DDR employs various tactics such as tokenization and anonymization to transform sensitive data into a form that is unusable by unauthorized users while still maintaining its usefulness for analytics. Data masking hides the original data with random characters, making it usable for non-critical applications yet still secure.
With continuous real-time monitoring and response capabilities, the DDR system can instantly detect and respond to unauthorized access attempts and seamlessly integrate with existing security measures to strengthen overall data protection. These combined capabilities enable DDR to ensure healthcare providers meet strict regulatory compliance requirements for protecting patient information.
Votiro Zero Trust DDR Protects Healthcare Data
Healthcare organizations can't afford to deal with sensitive data leaks. Votiro DDR protects healthcare providers from file-based threats and enables real-time privacy and compliance for sensitive data.
Votiro's Zero Trust solution starts by building a foundation of protection against threats hidden in files, combining AV to rapidly detect known threats with CDR to sanitize potential zero-day attacks. It builds on this foundation to prevent data leaks and breaches by sanitizing sensitive data that crosses organizational boundaries through file shares, email, collaborations, and more. It also detects sensitive information in structured and unstructured data in real time and anonymizes the information based on organizational rules to prevent data leaks. This is especially important for organizations that don't want to offload data policy management by giving security teams tighter control over their prevention and response strategies.
To learn more about Votiro’s data detection and response capabilities, sign up for a one-on-one demo of the platform or try our 30-day trial to see how Votiro can proactively protect your organization from your next data breach.