ADVERTISEMENT
Report: Cybersecurity Threats Increasing for Healthcare Organizations
More than 300 data breaches have been reported to the US Department of Health and Human Services (HHS) Office for Civil Rights since the start of 2023, a 104% year-over-year increase from the midpoint of 2022, according to a report published this week by Fortified Health Security, a managed security services provider organization.
In its report, Fortified examined statistics regarding data breaches, data theft tactics being used, and current legislative priorities that are aiming to address cybersecurity concerns.
>> READ Fortified’s “2023 Mid-Year Horizon Report: The State of Cybersecurity in Healthcare”
Fortified found that healthcare provider organizations have been directly targeted in 62% of the breaches, while their business associates—outside partners whose work involves the use or disclosure of protected patient health information—were targeted in 25%, and health plans accounted for the remaining 13%. Business associate organizations have become a significantly hotter target for hackers, accounting for 82 breaches in 2023, compared to 22 at the midpoint of 2022.
In February, Fortra’s GoAnywhere security file transfer software was breached in an incident that impacted more than 130 organizations and 5 million healthcare records. Victims of the attack included a virtual behavioral healthcare services provider, a large hospital system, and a supplemental benefits provider.
Fortified’s data analysis also delivered the following findings:
- 75% of breaches reported by the midpoint of 2023 were attributed to hacking; 21% were from unauthorized access or disclosure. The latter figure represents a 133% year-over-year increase.
- Network servers (65%) and email accounts (18%) were the most common origin points of data breaches reported.
The report made note of 2 trends that have emerged in recent years. One is data theft using file transfer tools, which provide a secure connection to an attacker’s chosen repository to house stolen patient records, database files, and other office documents. Particularly alarming, Fortified said, is that some such tools can be installed without administrative privileges and executed directly from memory or a flash drive.
The second trend, which Fortified dubbed “living off the land,” involves attackers employing various tactics within the operating system of an exploited machine to expand their reach while maintaining a low profile. Actions can be concealed by capitalizing on weak or compromised remote desktop protocol credentials.
Tips for Protecting Data
Fortified offered the following tips for healthcare providers to protect their operations:
- Principle of least privilege. Remote access functionality should be limited to an as-needed basis, with restricted access to specific services within organizational resources.
- Access and authentication. Fortified recommends implementing multifactor authentication across all systems, especially those connected to the Internet. Also consider using complex passwords and obfuscating usernames to limit identification.
- Endpoint protection. Advanced endpoint protection tools can offer additional features beyond traditional antivirus software, such as system isolation, behavioral analysis, and comprehensive response capabilities.
- Logging. Collaborate with a security information and event management provider to aggregate and monitor relevant data logs.
- Stringent firewall. Restrict outgoing secure shell (SSH) connections and file transfer capabilities to explicitly known and justified purposes and destinations.
References
