Password management & AI detection solve healthcare security

The U.S. Department of Health and Human Services reports that more than 28.5m healthcare records were breached in 2022, a major spike compared to the 21.1m breaches in 2019. 

“An industry that was once considered off-limits and protected, is now being widely targeted,”  says Shawn Kanady, Global Director, SpiderLabs Threat Hunt at Trustwave, a cybersecurity leader. “With this shift, ransomware attacks continue to be a major threat to the healthcare sector, with attackers exploiting vulnerabilities in healthcare systems to encrypt critical patient data and demand ransom payments.”

Additionally, the healthcare industry has unique challenges that make it a prime target, such as heavy reliance on custom applications with insufficient security testing, as well as numerous third-party partners and a high number of connected devices that expand the attack surface. “With highly sensitive data and patient safety on the line, hospitals, healthcare providers, and other healthcare organisations cannot afford to have mediocre security testing,” said Kanady. “The loss of patient data only scratches the surface when it comes to the risks within the healthcare industry. Hospital disruptions caused by ransomware attacks have already been blamed for multiple patient deaths, and the American Hospital Association says the ‘delay and disruption of healthcare delivery’ engendered by such attacks increase the risk of negative outcomes.”

For these reasons he says, it’s incumbent on the sector to protect information as well as or better than other industries.

Proactively spotting cyber issues in IoT devices

With the number of globally connected medical devices making up 74% of a hospital's network devices, the healthcare industry will see benefits of increased accessibility and improved care - but also challenges and new risks. 

“As vulnerabilities are proactively identified in medical devices, organisations must aim to patch them with the latest software release as soon as possible. However, the personnel, training, and expertise required to take a device out of service and patch it can make it difficult for hospitals to act quickly and sufficiently,” says Kanady.

To close that gap, he says that healthcare organisations must ensure their own systems and third-party partners are secure and protected with the latest security measures. 

“Set up a plan to implement a routine vulnerability scan before installing any new medical device or technology. Then, maintain an ongoing inventory management system for all medical devices and software, including third-party vendor software.” 

Finally, for continual proactive security, healthcare organisations should work with third-party threat hunting teams to conduct human-based threat hunts. 

“Through this, they can identify behaviour-based threat findings that would have previously gone undetected by current detection and response tools.”

Keeping up with administrative accounts and outdated passwords

Recent Trustwave research found that 22% of healthcare clients’ security issues are related to unsecured credentials, making the attacker’s job a lot easier. Successful cybercriminal groups can use the credentials of existing accounts to gain initial access and obtain further permissions to healthcare records. 

“Taking it a step further, compromised credentials can also be used to bypass access controls placed on various systems within the network,” says Kanady. “This means that if a cybercriminal gains the credentials of a hospital employee with broad access across the network, they too can get access to those areas where classified data and information may be hosted.”

Passwords can be a major security concern, as they are often one of the first targets threat actors will exploit to be able to explore their victims’ environments and raise their user-level privileges to move laterally from system to system and steal sensitive data. For example, in a query looking for the word ‘password’ in filenames, files called ‘My work passwords’ are easily exposed. 

“To maintain a high level of security, healthcare organisations should have policies in place that ensure all employees have complex passwords which are frequently changed,” says Kanady. “In addition to ensuring strong passwords, two-factor or multi-factor authentication is a best practice to confirm the identity of the individual attempting to gain access to credentials. Organisations must not solely rely on password protection. This is even more critical for individuals who hold confidential hospital network information on their devices.”

Utilising AI-detection tools and policies to minimise risk 

While AI isn’t a new discovery, the advances that are being experimented with Generative AI are setting new boundaries for what can be achieved in the healthcare space — both for the attackers and defenders. 

“This transformative technology has the potential to create unintentional breaches from internal teams who use it for good and it can increase the risk of exposure for third-party partners who may want to incorporate it in their devices,” says Kanady. 

With this in mind, hospitals should continuously evaluate their security solutions and partners. Choose security tools or partners that can detect AI-generated threats like advanced phishing. 

“Additionally, consider creating robust internal policies and employee trainings for proper data usage and sharing to help minimise the risk of breaches. Generative AI is here to stay, and while all tools still have inherent risks, healthcare organisations will need to establish how to govern internal AI initiatives.”

Operating with a security-first mindset

The future of healthcare security will depend heavily on organisations’ ability to keep up with the evolving technological landscape and create a security-first mindset. 

“As accessibility and capabilities grow, like AI, and the industry continues to modernise its practices, preventative measures remain the most effective defence against all types of cyberattacks,” adds Kanady. “Organisations must stay proactive in their cybersecurity protocol and work with security partners to conduct routine scans and threat hunting, create password management policies, and evaluate partners with AI in mind.”

With every new innovation to improve patient care with technology, comes new security considerations to ensure bad actors cannot leverage vulnerabilities or find footholds in the system.

*********************************************

For more insights into Healthcare - check out the latest edition of Healthcare Digital and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Manufacturing Magazine.

*********************************************

BizClik is a global provider of B2B digital media platforms that cover 'Executive Communities' for CEO's, CFO's, CMO's, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.

BizClik, based in London, Dubai & New York offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.