According to a recent report from cybersecurity firm Norton, hackers stole a total of £130bn from consumers in 2017. These attacks hit over 978m victims around the world and include large scale attacks on the NHS like WannaCry. However, surprisingly, still more than a quarter of those compromised believe they are safe from future attacks. Norton warns cybercrime victims that they’re not doing enough to protect themselves against these types of attacks and that attacks of this nature are only set to increase as new threat vectors are sought in 2018.
The healthcare industry: a prominent target for hackers
In fact, in the first days of 2018, published research revealed that nearly every computer chip manufactured in the last 20 years contains fundamental security flaws, with specific variations on those flaws being dubbed Spectre and Meltdown.
Additionally, there were two significant cyberattacks reported during the second week of the year. The first one, a ransomware attack targeting Hancock Health hospital, affected over 1,400 files. Hackers compromised a third-party vendor’s administrative account to the hospital’s remote-access portal and launched SamSam ransomware. The hospital had to pay the ransom to unlock patient data which, according to the FBI, the hackers were not interested in stealing.
The second cyberattack involved a hacker (or group of hackers) who stole more than half of the Norwegian population’s healthcare data from Health South-East RHF. Evidence of a severe data breach on the Hospital’s website was revealed by the parent company Sykehuspartner HF. To understand the scale of such an attack, keep in mind that Health South-East RHF is the largest of Norway’s four healthcare regions and manages 2.9 million out of Norway’s total 5.2 million inhabitants over 18 counties, including the one that contains Oslo.
Strengthening IT security against threats
Even though, according to the ‘State of Software Security’ report, the vast majority of healthcare providers (85%) have increased their cyber-security spending over the past year, the industry is still struggling to protect its digital assets from hackers. But healthcare organisations have a duty to ensure the security of their patients’ data, therefore one of the key objectives in 2018 should be around adopting a better risk management and security strategies and improving their response processes to active threats. Putting at risk such sensitive information can have a disastrous impact on their finances, reputation and databases – not to mention their patients. To put this into context, on average each victim of cybercrime spends up to two days per month dealing with the malware’s repercussions.
Today’s enterprise perimeter has completely eroded and is causing every organisation to think differently about security. The concept of Zero-Trust Networking has been derived from this fact and is particularly relevant to healthcare organisations who, as stated earlier, cannot afford to let any patient data or other high value data or apps get into the wrong hands. Complex healthcare networks degrade an organisation’s security posture, but healthcare workers demand convenient access to critical systems and patient databases in order to provide the best care possible. Likewise the interconnectedness of healthcare networks also increases the attack surface. For example, there are a lot of temporary contractors who are linked with not just the healthcare organisation itself but also a whole chain of suppliers.
So, whilst healthcare organisations try to modernise their processes, their systems and digitise, they are being exposed to growing cybercrime risk, especially if they allow their staff to utilise their own devices such as smartphones.