Skip to main content

Australia’s healthcare data security is sick – but there is a cure

If you ever want to find out what sorts of data cyber-criminals are targeting, there's a simple rule; follow the money. And some of the most valuable commodities threat actors are looking for comes from the healthcare sector. As hospitals, medical practitioners and allied health professionals digitise more of their systems and workflow, and people use more wearable devices to monitor and improve their health, the amount of data that is being exposed is growing.

In Australia, the Office of the Australian Information Commissioner (OAIC) publishes a report every six months detailing the most common types of data breaches and which sectors are targeted. Health service providers reported the most breaches in the latest report, and that number has risen for every period the report has been issued. Almost half of those breaches were the result of malicious activity or criminal acts, according to the OAIC.

Right across the Asia Pacific region, we are seeing attacks that specifically attack the healthcare sector. There have been several attacks in Singapore, with one even exposing the Prime Minister's health data. The WannaCry malware continues to be an issue and healthcare data is now readily available over the dark web.

Australians' confidential medical data can be purchased on the dark web.

Healthcare industry ‘not keeping up’

The old school approach to business IT security – ensuring end-point protection is up to date and there's a firewall in place – is no longer good enough. Cyber incidents, where threat actors are able to bypass security controls account for more than half of the reported breaches in 2019, with the remainder spilt almost evenly between the theft of data storage devices and paperwork, and rogue employees.

Putting all this together, we are seeing the digitisation of healthcare is occurring faster than the sector's ability to protect the valuable information it creates and holds.

At a recent event, Stephan Neumeier, Managing Director for Asia Pacific at Kaspersky, said that, "Data is sick. Confidential medical records being breached and advanced devices turning a human into a bionic man. These ideas have since crossed the bridge between fictional stories and our physical world. They are well within our reality. As rapid digitalisation penetrates the healthcare sector, cybercriminals are seeing more opportunities to attack this lucrative and critical industry."

Stolen medical records openly sold on the dark web

When we follow the money in any industry – and cybercrime is one of the most profitable industries on the planet – we find there are marketplaces where skills and information are traded. Senior Security Researcher from GReAT Korea, Seongsu Park recently presented at a cybersecurity forum and discussed an Australian-based dark web seller called Ausprdie. This platform trades in medical data. 

Park said medical records can be considered more valuable than a simple credit card because a hospital generally requires a patient’s personal and financial credentials before a check-up or an admission. Those online forums are even advertising in order to access confidential medical data. And those breaches, like the fallout from a nuclear incident, can have long-term repercussions.

Stephan Neumeier, Managing Director of Kaspersky APAC, explained that the dangers of healthcare IT hacks were making cautionary science-fictional concepts into a reality at the recent Cybersecurity Weekend in Myanmar.

How the industry can better protect itself

With such a well-organised adversary, it's important to take a forward-looking posture when planning a defence. Hoping that a "walls and moats" approach will be sufficient is not enough. Attackers use tactics such as phishing attacks, where a large volume of emails are sent containing fraudulent instructions that seek to dupe people into giving up log in data or other valuable information. Or, they can take a more focussed approach, where they try to trick someone with a higher level of data access to hand over information – a targeted tactic called spear-phishing. As we know from the OAIC's data, malicious insiders are also a major challenge.

Rather than trying to block all the possible attacks it's important to actively seek threats that may already be inside the network. That means having tools that actively seek potential threats that are already inside your firewall. For healthcare providers, this means looking for unusual activity. For example, detecting when something like a blood test report is being sent to an x-ray technician. This could indicate that an email account has been compromised, as that type of data is not usually shared between those two parties.

New methods for breaching systems, often called attack vectors, are constantly being created by criminals. Trying to keep up with the latest types of attacks is not easy, but there are threat feeds and other types of intelligence from external parties that not only keep healthcare providers informed, but help them detect when the risk of a new type of attack is rising so that appropriate counter-measures can be put in place.

Rather than waiting to become a victim, hospitals, doctor's offices and other healthcare facilities can get on the front foot and hunt for threats before they escalate and become cyber incidents.

Protecting healthcare data is about more than ensuring data is as well-protected as possible when it's at rest and when it's in transit. It's about proactively looking for where the risks are, then taking active steps to mitigate those potential losses and any unauthorised access.

As it stands today, the healthcare sector is lagging as security pays catch up with the digital transformation effort. By taking a forward-looking approach, where risks are constantly assessed and mitigation strategies are put in place, the sector can move forward.

Kaspersky is a global leader in cybersecurity for both consumer and business users. To discover how it’s helping healthcare providers protect their critical data, click here.



from TechRadar - All the latest technology news https://ift.tt/2oNitpH

Comments

Popular posts from this blog

Mother's Day 2020 gift ideas: 18 gadgets and gizmos for tech-savvy Aussie mums

Raising a family is not an easy job, and the women who care for us each and every day deserve to be told how special they are each and every day. While we tend to forget to do that, Mother’s Day reminds us we need to celebrate the women in our lives, whether they’re our own mothers or our wives and partners helping us raise the young ones. Mother’s Day 2020 is fast approaching (with under two weeks to go), and there’s a pretty good chance you won’t be able to take her out to her favourite restaurant this year, or even get to a store to shop for something she might like. So we have to get creative, and TechRadar’s Australian team has put together this little list of great tech gift ideas that you can buy online and have delivered in time for May 10. But you will need to get a wriggle on as delivery supply chains are under strain with more people shopping online. Whether she’s a whiz in the kitchen, loves to cosy up with a book or entertain at home, we’ve got a gadget or gizmo that’s s...

Amazon Australia has specials on Bose products all this week

December may have just begun, but the world's largest online marketplace is already feeling the Christmas spirit.  To kick off the month’s festivities, Amazon Australia is celebrating  ‘7 Days of Deals’ with Bose's superb audio hardware discounted each day. To begin with, the very popular (and rightly so) Bose QuietComfort 35 II and the more expensive Bose Noise Cancelling Headphones 700 are available for less. To sweeten the deal, Amazon will throw in an Echo speaker as a bonus as well. When you purchase the superb Bose Headphones 700, you will receive a free Amazon Echo Show 5, or if you’d prefer the Bose QuietComfort 35 II, you’ll receive a complimentary Echo Dot. The offer is valid until December 8, or while stocks last. You can buy the same bundles, for the same price if you make the purchase via the Echo Dot or the Echo Show 5 product pages on Amazon. Just make sure you select the bundled headphone in the 'add other items' section on the right. Best noi...

Valentine's Day flowers: the best online flower delivery services

February 14 will be here before you know it, and if you, like many others, are searching for that perfect gift, then placing an online order for Valentine's Day flowers is always an easy and romantic option. You can order a beautiful floral arrangement in minutes from a variety of online retailers, including; 1-800-Flowers, Amazon, ProFlowers, Teleflora, and many more. To help you sort through all the Valentine's Day offers, we've rounded up the best online flower delivery services in both the USA and the UK and listed their current promotions. We've also included delivery charges and made sure to mention if you can allocate specific days for delivery. There's a fantastic range of bouquets and gifts available from our selection of florists below, and online delivery from a specialist means you don't have to worry about the usual hassle of buying from a store and getting them home safely. We'll be updating this page as we get closer to the big day so you...