This Time Prominent Hospital Group Falls Prey to Hackers Believed to be Based in China
The diplomatic tension with China over cyber attacks may have just gotten another infusion of fire to deal with after it was reported earlier this week that one of the biggest hospital groups in the US was the victim of a data breach which yielded 4.5 million records containing Personally Identifiable Information. The founder of Global Digital Forensics discusses why healthcare organizations are prime targets for hackers, and why regularly testing for vulnerabilities and advanced malware is essential for this often targeted industry.
Hackers like healthcare targets
On Monday, August 18th, The New York Times (NYT) reported on a data breach suffered by Community Health Systems, which operates over 200 hospitals nationwide, that saw the compromise of 4.5 million records containing Personally Identifiable Information (PII) like names, phone numbers and social security numbers. According to Mandiant, who was engaged to investigate the incident, the belief is the attack emanated from an advanced group of cyber attackers based in China, who they say are more well known for targeting Intellectual Property, like advanced designs and research, rather than this type of PII. Thankfully, at least actual medical data does not appear to have been compromised. “The healthcare industry is a huge target for hackers,” explains Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF) , a premier provider of cyber security solutions, “because there is a lot of potential money and/or leverage to be had on many fronts, from the competitive edge which could be gained by stealing confidential R&D and other IP (Intellectual Property), and would certainly pique the interest of foreign state-sponsored attack groups or any other competitor looking for an edge, to very personal medical information which organized criminal groups will be more than happy to exploit to its fullest, as in full blown identity theft, or even targeted social engineering attacks which prey on victims facing some of the most desperate medical situations imaginable by concocting things as simple as spear phishing emails dangling the false hope of the perfect new “miracle” cure, for a hefty price at the end course. Our vulnerability assessments and penetration testing offerings focus strongly on social engineering, so we can help shore up that front not only for the organization itself, but we can also offer assistance which will see employees come away with better insight on what to watch out for as far as phishing and spear phishing techniques which they may run into at home too. And that can help the organization by strengthening another commonly weak threat vector, employees getting compromised at home and opening the door for attackers to breach the organizational network by unknowingly schlepping in malware or foolishly re-using compromised credentials from home at work, which we see all the time.”
Regular testing is key to combatting APT longevity
“Advanced Persistent Threats, or APTs, are well named,” says Caruso, “they are advanced, as in hard to detect and often complex; they are persistent, commonly letting attackers reside on a network to do their thing for weeks, months, or sometimes even years, and they are definitely a threat. That’s why professional testing and deep scanning at regular intervals is so important. APTs are almost never going to be uncovered by off-the-shelf signature-based antimalware or antivirus solutions, and that’s why you need an arsenal like ours that goes way beyond those basic capabilities. We can even hunt down and eradicate many as of yet undiscovered zero-day threats. We can also help coach up internal staff on system behavior and other clues to look for to spot threats early, and help them devise an effective emergency response plan and escalation matrix, or strengthen any existing emergency response policies and procedures.”
The scope of the problem is costing the healthcare industry plenty
“The NYT article also highlighted some numbers which should be pasted prominently on the wall of every IT security department in the healthcare industry. It siad last year an ESET researcher calculated that the numbers broke down to the protected health information records of 24,800 Americans being exposed every single day! And judging by the record breaches this year already, I doubt that number is shrinking this year. So when you consider healthcare organizations are going to end up paying a hefty cost for each and every compromised record, from the time and resources it’s going to take to notify everyone affected and consumer protection plans they will have to shell out for, to the stigma which can affect patient trust and organizational credibility, it becomes very clear that the cost of doing nothing will end up being far greater than the cost of letting proficient cyber security experts help substantially improve your cyber security posture against future attack attempts and eradicate any existing threats already residing on the network, as well as assist with 24/7 emergency response should the unthinkable happen. And yes, we are fully versed in the regulatory compliance issues like HIPAA (Health Insurance Portability and Accountability Act) which apply to the healthcare industry and can help make full compliance as painless as possible," Caruso said.
Customized for the uniqueness of every client
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics , cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.