Stolen healthcare databases can be used for financial fraud outside the healthcare industry and if the victims’ health insurance information is gathered, criminals can sell the information for even more money on black markets, says Rajesh Maurya, Regional Vice President, India and SAARC, Fortinet, in an interview with Arpit Gupta of Elets News Network (ENN).
Why cybercriminals consider medical data far more valuable than credit card fraud or other online scams?
The value of any stolen record is based on its ability to be replaced. For example, credit cards are easy to replace. It simply involves a phone call to the card issuer and a trip to the bank to get a new one. Patient records and other human data, however, are difficult if not impossible to replace. Electronic health records (EHRs) are especially attractive targets for hackers owing to the sensitive information of a large number of people they contain. The patient data they hold can be used for financial gains. Some recent reports show that stolen healthcare databases are being sold on the deep web for as much as $500,000.
This information can be used for financial fraud outside the healthcare industry and if the victims’ health insurance information is gathered, criminals can sell the information for even more money on black markets. In fact, one medicare number in the US can reportedly sell for nearly $500 on today’s black market (up to 10 times the amount of a credit card number). Health insurance information can be leveraged for medical fraud, and arms criminals with the information needed to access free medical care.
Lastly, stolen medical data can go undetected for much longer period than something like a credit card, which is often disclosed within days of a breach.
How Internet of Medical Things (IoMT) be made less vulnerable from attacks by hackers?
Cyber-attacks will continue to be a threat for healthcare providers, and likely in greater volumes going forward. The resulting overall downtime, incident response and legal fees, as well as long-term reputational damage can cost hospitals millions and keep them from providing high-quality care to patients. The best course of action is to ensure every hospital has a robust, integrated security strategy that includes:
Maintain Good Network Hygiene
Ensure security posture is up-todate with prevention and detection measures as well as develop and maintain good network hygiene, which includes systematic patching and updating of vulnerable systems, and replacing outdated technologies that are no longer supported.
Implement Internal Segmentation Firewall (ISFW)
CSIOs in healthcare organisations need to implement internal segmentation firewalls (ISFWs) as the landscape of networks is wide, open and flat. ISFWs operate inside the network instead of at the edge, allowing healthcare organizations to intelligently segment networks between patients, administrators, healthcare professionals and guests. ISFW can also identify types of devices – for example, between a patient information system and a life-saving heart monitor or infusion pump. It can then prioritize interconnected medical devices that need the highest degrees of protection and monitoring, and inspect and monitor all traffic moving between segments, all without impacting performance.
Establish a Dedicated Team
A dedicated team should be put in place to uncover the latest threat intelligence so that real-time threat and mitigation updates can be made expeditiously, before cybercriminals take advantage of any weaknesses in connected IoT devices or the critical services they provide.
What are the challenges for Healthcare IT security teams to contain possible cyber-attacks on connected medical devices in healthcare facilities?
The biggest challenge for leading healthcare providers is around new attack surfaces. It’s not just the existing challenge of protecting healthcare records. That’s obviously still a primary issue due to the value of patient data and its inability to be easily erased or changed. However, as we move into 2018, healthcare organizations need to protect critical, connected networks, like those within the ICU.
Data monitors, insulin and other medicinal pumps, and pacemakers all run on these networks. In these cases, the endpoint becomes the human life, not a PC. When it comes to protecting that endpoint, healthcare providers are faced with an extremely tough challenge because security is always seen as an inhibitor.
If you put a security measure in place to block an attack and it inadvertently blocks things it shouldn’t, it could cause a denial of service and lead to grave consequences. This challenge extends outside the healthcare industry as well, since automakers and critical infrastructure industries face the same issue.
How can Fortinet help healthcare organisations to deal with such cyber-attacks?
To fight today’s sophisticated threats, healthcare organizations must adopt an integrated security strategy that uses multiple technologies, and threat intelligence applied across the attack cycle and throughout the healthcare system.
The Fortinet Security Fabric integrates security for the endpoint, access layer, network, applications, data center, content, and cloud into a cooperative solution that can be managed, analyzed, and orchestrated through a unified management interface.
It intelligently and transparently segments the customer’s network, from IoT to the Cloud, to provide advanced protection against sophisticated threats
The security fabric framework addresses three fundamental requirements to meet today’s advanced networking and security requirements:
• Integration – security and network tools need to work together as a single system to enhance visibility and correlate and share threat intelligence.
• Synchronisation – a security architecture needs to work as a unified system to enable single pane of glass management and analysis, and to enable a coordinated response to threats through such things as isolating affected devices, updating rules, and removing malware.
• Automation – in order for security solutions to adapt to dynamically changing network configurations, and respond in real time to detected threats, security measures and countermeasures need to be applied automatically.
How do you see health organisations in India adopting themselves by taking concrete steps today to mitigate impact of future attacks on their connected systems?
Fortinet works with leading healthcare service providers in India and I would say that they’re on the right track in terms of staffing and intent. When looking at the specific problems, is healthcare on the right track when it comes to protecting medical records? I would say they are.
When it comes to protecting patients, however, I’d have to say there’s still much more work to be done. This is a problem with IoT and for most medical device manufacturers is that network security is not a priority. We’re going to see many more automated attacks being launched in 2018 that can penetrate healthcare organizations by moving from corporate networks into critical care networks. Healthcare needs to start building trusted intelligence into its automated defense solutions because it’s a primed attack surface.
Few individuals can’t win this battle alone. The healthcare industry needs a threat information sharing network in place. Relevant intelligence for healthcare needs to be collaboratively shared between organizations and vendors to protect their networks in India.