Healthcare providers are suffering from data breaches at an alarming rate. While these attacks can have serious financial impact on health organizations, the effects on patient lives can be devastating.

In fact, just this past September, a major hospital system was hit with what may be the largest medical cyberattack in U.S. history. Clinicians had to resort to using pen and paper. It’s unknown if patient care was compromised in this case, but tragically, an unrelated attack on a German hospital did result in the death of patient. 

Modern healthcare thrives on data. The number of access points continues to increase with interoperability projects, the sudden explosion of telemedicine use, the growth of health apps and the continuation of merger & acquisition activity.

As patients, we all benefit from the investments providers are making to deliver more coordinated and connected care. As technology professionals, we work to find new ways to mitigate security risks.

Data Breaches Occur at Multiple Points

Any connection point can be an open door. A patient or employee may unwittingly succumb to a phishing attack where login credentials are breached and used to plant malicious software. Ransomware attacks have grown more sophisticated over the last several years, carried out by organized criminal gangs and military units.

Criminals have even latched on to the chaos surrounding COVID-19 — for example, exploiting those now working from home on systems with consumer-grade security.

The criminals perpetrating these data breaches seem to have sophisticated tools at their disposal. In a 2019 study[1] of security professionals from provider organizations, 96% of respondents agreed that threat actors are outpacing the ability of health care enterprises to fend off these attacks. In fact, ransomware has become such a concern that the Multi-State Information Sharing & Analysis Center® (MS-ISAC), along the National Health Information Sharing and Analysis Center (NH-ISAC) and Financial Services Information Sharing and Analysis Center (FS-ISAC), have teamed up to host trainings around the country to educate organizations on how to identify and defend against an increasing array of cyberattacks.

How can providers protect themselves — and their patients — against these imperceptible threats? We recommend a multilayered, best-practice approach. At a minimum, this should include the following key components.

Tools and Technologies to Combat Risk

Establishment of unique digital identifiers for patients, providers and employees.

This allows security teams to unify online and offline identity attributes to help recognize, in near-real time, a returning user across multiple devices, email addresses, physical addresses and account names.

Ideally, systems should: a) visualize associations and linkages to that identifier and b) generate confidence scores that help flag credentials being used fraudulently or out of prior context.

Network identity intelligence that identifies risky behaviors across a wide range of industries, organizations and transactions outside of health care.

These may include new account creations, logins, payments and other online activities.

Agile, risk-responsive tools that stay on top of evolving threats while supporting efficient business operations and a positive experience for employees, providers and patients.

Two things here: These tools should assess both the identity and the device.

Because phishing schemes play a big role in cyberattacks, assessing risk from both angles is crucial. You need to distinguish risky behaviors like:

  • location anomalies
  • new email addresses originating from the same device
  • sudden changes in behavioral biometrics — key stroke/swiping variances, unusual keyboard shortcuts, etc.
  • cloaked IPs
  • cookie wiping and more.
  • Solutions with robust malware protection provide a strong defense against the multitude of ways attacks are perpetuated:
  • Man-In-The-Browser (MITB)
  • Remote Access Trojan (RAT)
  • high velocity/frequency bot attacks
  • “low-and-slow” attacks mimicking legitimate customer behavior, ransomware, key logging attempts and more.

The system should continue to get smarter and smarter — performing behavioral analysis of users during periods of normal operation, and comparing that data to the data gathered during past attacks.

A security professional’s job is never done — especially in the healthcare industry. To manage the ever-growing complexity of risk, we advise monitoring fraud policy rules, access protocols and patient, provider and employee data management to identify ways to improve your toolset as new threats evolve.

A strong partner can be valuable to this process — especially one who can apply machine learning, behavioral biometrics and multi-factor authentication to consistently fine-tune provider policies, rules and tools.  Learn more about how we are helping hospitals and health systems combat data breaches.


[1] 2019 Black Book Market Research survey