HEALTHTECH: Why is cybersecurity such an important issue in healthcare?
STAFFORD: If we go back 10 years, I’d say it wasn’t a big issue because we weren’t electronic. Now, every healthcare system across the U.S. has become very electronic, and clinicians are reliant on the electronic healthcare record.
The biggest thing cyberattackers do in healthcare is ransomware attacks. We hear about those across the nation, and we’re seeing more of them. Imagine going to work one day and not being able to get to your email. That’s what happens to a clinician when they work out of these EHR systems. They can’t do their job or access information that they’re normally able to access.
They still can provide care, and they do, but it does disrupt care and cause slowness. It may cause hospitals to divert patients elsewhere, affecting patient care. Then the other side of the coin is that if you’re breached, that breached data may affect patients in adverse ways that we want to avoid. When I was a CIO, I was emphatic and passionate about protecting patient information because as soon as that patient came through our doors, we were the stewards of their data and we had to protect it.
DEFORD: The one thing that we talk about all the time now is how difficult it is to do sustainable digital health innovation without cybersecurity transformation. We are motivated, especially through the pandemic, to do a lot more projects involving digital health innovation, from telemedicine to improving patient engagement programs. Protecting the infrastructure created by all our efforts and all that deeper integration of technology into the delivery of modern health care becomes a critical component of healthcare today.
HEALTHTECH: How has the security landscape changed for healthcare in recent years?
DEFORD: Adversaries really have become bolder, faster and more sophisticated, but the most concerning part is how they collaborate with each other now. CrowdStrike refers to it as an “eCrime ecosystem” because those cybercriminal companies are just as sophisticated as our healthcare organizations in many ways. They’re more sophisticated than our healthcare organizations when it comes to cybersecurity.
There are companies that act as brokers. They focus on figuring out how to break into your network and very quietly find credentials. Then they sell those on the dark web to other parts of the eCrime ecosystem, to companies that specialize in using those credentials to explore your network, discover vulnerabilities, unpatch systems and even see if they can elevate those login credentials to gain higher levels of access to more important systems on your network. Then they take that nice little portfolio of information and sell it on the dark web to ransomware criminals who quietly come back into your network. They exfiltrate important data and set off the ransomware attack, which often is the endgame.
We know that by the time we’re called in to help an organization that is in deep trouble with ransomware, the emissary has often been in the organization’s network for, sometimes, hundreds of days. Cybercriminals are good at building this sense of urgency. They’re top-notch negotiators; they’re experts in cryptocurrency and crypto exchange. They have partners that are also part of this ecosystem who don’t just write encryption and decryption software, but also, for example, chatbots, because they want to make sure their victims, who they call clients, have an easy path to pay that ransom.
If you were really good, and you decided that you had air gap backups and you were going to restore and not pay the ransom, if they’ve exfiltrated your data, you’re now a target of a second level of extortion. They could ask you to pay them to delete that data, or they’ll sell it in a secondary data leak market.
Again, that data includes information that nobody wants to have exposed such as a patient’s name, Social Security information, insurance company, health information, etc. All of that is part of this sophisticated eCrime ecosystem that we’re dealing with now. It’s not just one adversary, it’s a whole conglomerate of adversaries that work together.
STAFFORD: And boy, have they taken advantage of it during the pandemic. We sent the workforce home; we were entering the cloud more, and everybody was nervous. They took advantage of that. We’ve had five or six advisories this year, and prior to the pandemic, I think there was one ever. So, it’s a tough time.
Click the banner below for more HealthTech content on security and incident response planning.