In January 2018, a regional hospital in Indiana was forced to pay $55,000 after their records were infected by the SamSam ransomware. The attackers targeted more than 1400 patients’ data and changed their names to “I’m sorry”. Even though the hospital had a backup, the incident response team determined that it would take a lot of time and resources to recover the damaged data. Instead of wasting downtime the hospital paid the attackers the demanded amount in order to retrieve the backup of its critical systems. 
The healthcare industry is no stranger to attacks like the SamSam ransomware attack. In fact, healthcare is said to be among the most targeted industries. The main reason for this is mostly because of its incredibly low tolerance for outages and downtime.
To help healthcare leaders shield themselves with proper security strategies, the team at Barkly has identified three trends. These trends are based on the study of the pattern of attacks that healthcare IT leaders ought to be aware of: 
|Trend 1: Less exploitation of end-user mistakes. For example, opening malicious email or visiting compromised websites||Trend 2: Increased use of the organization’s tools||Trend 3: Propagating automatic attacks|
Attackers are targeting vulnerable servers, unsecured ports, or introducing “click-less” ways of infecting the data.
For example, SamSam ransomware attacked open remote desktop protocol (RDP) connections and broke into the networks of healthcare enterprises by using brute-force attacks.
Using legitimate system tools and processes to spread the infection through networks. This trend relies on the programs that are already existing on the system, and therefore, called, “living off the land.”
For example, NotPetya was triggered using an update of Ukrainian accounting software.
Leveraging worm components to spread widely over the entire network. One infected system will be a catalyst for a larger outbreak over various networks.
For example, WannaCry outbreak spread to over 400,000 computers over 150 countries.
Cybersecurity Measures for the Healthcare Industry
Here are a few measures that a healthcare organization could adopt in order to reduce cyber attacks:
- Training Staff on Cybersecurity Protocols
Henry Ford Health System was breached during October 2017 due to the improper care of healthcare records by the employees. The hacker stole the data of 18,470 patients which had the patient names, date of births, medical record numbers, health insurer, and other medical conditions. 
It has been observed that the weakest cybersecurity link in healthcare is the user. Therefore, the staff should be trained on all the latest security protocols at regular intervals. A little ignorance on the part of any member of staff could result in a hefty ransom.
- Update All Software
As a healthcare organization, you require 24/7/365 access to all patient medical records and all networked assets that assist in every step of patient care. This requirement may not permit you to allocate time for a software update. But it is important to update the software as and when the latest patches are released by the company. The patches or updates are released as a defensive tool against any new malware.
The U.S. Food and Drug Administration (FDA) had recalled half a million pacemakers with the fear of getting hacked which may result in a loss of power in the batteries. If that happens then all the instruments will stop performing, threatening the risk to patients’ lives. The recall could have turned into a dangerous medical ordeal for 465,000 patients. Instead, the manufacturer in August 2017 issued a firmware update which was given to the medical staff to patch the security holes. The six types of pacemakers manufactured by Abbott healthtech firm are all radio-controlled implantable cardiac pacemakers, typically used for patients recovering from heart care.
Though there have been no records of unofficial access to the patient’s implanted device, the FDA had an opinion that the vulnerability would have resulted in the breakdown of the entire machinery, risking patients’ life. The vulnerability was discovered by MedSec, a company that specializes in healthcare cybersecurity solutions. This was the second update for the heart implants issued by Abbott since they acquired St. Jude Medical to sell pacemakers under the latter’s brand. 
- Curb Access to Patients’ Data
In March 2018, Verizon analyzed that healthcare is theindustry to have the highest recorded internal breaches which form 58% of the overall tracked cyber attacks in healthcare. 
Hackers seek to reach patients’ data so that they can exploit them for some monetary benefits. One of the ways to reduce this risk is to establish controlled access to the patient’s database. A regular audit of access will help you understand who has accessed the data and when.
- Password Management
Passwords are the direct key for hackers to gain access to personal data. Using the same passwords or easily guessed passwords may put your data at risk. The convenience of having one password will lead to the catastrophic threat of data loss. The three steps that an organization should follow when it comes to password management are –
- Restrict access to main accounts
- Change passwords regularly
- Use multi-factor authentication to access secure data
Verizon in its data breach investigation report stated that the data breaches due to stolen or weak passwords have increased from 50% in 2015 to 66% in 2016 and 81% in 2017.  This growing trend clearly illustrates that the security standards available today are not enough unless we concentrate on the password management.
- Perform Risk Assessments Regularly
Dealing with something that is not known is more difficult than dealing with something known to you. Therefore, by performing risk assessments on a regular basis you will have enough information to implement the right security measures.
The risk assessments of healthcare entities shall ensure that they are compliant with HIPPA (Health Insurance Portability and Accountability Act) requirements in terms of technical, physical and administrative processes. It is a necessity for any healthcare entity to meet the HIPPA standards and by performing regular security assessments ensure that the PHI (Protected Health Information) of patients is secure. For example, Catholic Health Care Services (CHCS) of Philadelphia agreed to stand by the norms of HIPPA in June 2016 and paid $650,000 to conduct a risk assessment. The University of Washington Medicine (UWM) in December 2015 agreed to HIPPA settlement and paid $750,000. 
Become a Cybersecurity Professional
EC-Council is the world’s leading cybersecurity credentialing body, with a wide range of industry-recognized certifications like Certified Ethical Hacking (C|EH), Licensed Penetration Testing (Master), Certified Application Security Engineer (C|ASE), Certified Threat Intelligence Analyst (C|TIA) and more. For more information, visit https://www.eccouncil.org/programs/