By:
- Barbara Rubel, MBA, FRBMA, Senior VP, Marketing & Client Services, MSN Healthcare Solutions
- David Miller, Chief Administrative Officer, Technology Partners, LLC
Cyber Attacks on the Rise
The global cost of cyber attacks is enormous and is expected to grow 15 percent annually for the foreseeable future. For the period January 25th, 2021, through January 25th, 2023, per the Office of Civil Rights (OCR), Department of Health and Human Services (DHHS) there were 876 open investigations with over 76 million individuals affected.[1]
Common Healthcare Cyber Attacks
The most common cyber-attack in healthcare is through ransomware, a form of malware designed to encrypt files on a device. This encryption renders both the files and the systems that rely on them unusable until the target pays the attacker a ransom to gain access. According to CrowdStrike’s 2022 Global Threat Report, there has been an 82 percent increase in ransomware-related data leaks.[2]
What are Threat Actors?
It is important to remember that behind every attack is a cybercriminal, also known as a threat actor or malicious actor. These are persons or organizations that cause intentional harm and are indiscriminate in choosing their targets. Their focus is exploiting vulnerabilities and “mass scammers and automated hackers attack as many systems as possible and spread between networks like an infection.” [3]
The most common motivation is financial gain and the most common vulnerability is people, as humans are often the weakest link within an organization. The consequences of a cyber attack are enormous and include financial losses, harm to one’s reputation, civil suits, loss of business, criminal charges, and patient harm. The average cost of a data breach in the United States is $3.8 million and the data shows that after a successful breach, public companies lose an average of eight percent of their stock.
Preventive Measures
Unfortunately, threat actors evolve quickly and while a company’s security software may be current, new methods of attack are created daily. That said, there are a number of preventive measures that can be taken and which include the following:
- Loading “agents” on all servers and desktops to prevent and report infections. Common ones are Cylance AV, Cylance Optics, Cylance Huntress, and InfoCyte.
- Loading “canary files” on network “nodes” to alert and isolate future infections. Canary files are triggers and alarms are activated when a virus interferes with them.
- Contracting with a third-party security firm to monitor your entire system using Security Information and Event Management (SIEM) software. SIEM software gives security professionals insight into and a track record of the activities within their IT environment.
- Establishing a “DMZ” zone, which is a security perimeter that monitors and validates all traffic that is trying to transit between networks.
Humans are the Weakest Link
While these measures are all important and valuable, as noted above, humans are the weakest link. And emails are the easiest way for a threat actor to gain access to a system. Anyone can open an email account on Gmail or Yahoo or Microsoft and put any name as the owner.
Busy employees may not pay close attention if an email appears to be from someone known to them. It is thus important to review every email in its entirety and check for the following:
- If an email states it is from, for example, Microsoft, does the domain name match?
- Are there misspellings, grammatical errors, and abnormal spacings that could be indicative of a phishing email? Phishing is a cybercrime in which targets are contacted via email, telephone, text.
- If there are hyperlinks in the email, is the URL consistent with the sender? A foreign name or location in the URL could be an indication the email is not legitimate and should be deleted immediately.
- If the email creates a sense of urgency, demanding that an action be taken immediately in order to prevent harm, as an example.
- Use common sense – if an email does not look right, it probably is not.
Example of a Phishing Email
The following is an excellent example of a phishing email which illustrates all of the points noted above:
Several quick ways to get in trouble are to:
- Open emails that are based on the subject or sender.
- Reply to, open attachments from, or click on URLs from unknown or untrusted sources.
- Send personal information such as passwords, credit card numbers, social security numbers, and account numbers via email.
Healthcare Remains a Target for Cyber Threats
Healthcare is likely to remain a target for cyber criminals because it is an industry that is rich with private information that is easy to sell. Providers are heavily targeted, and ransomware is a major threat with email as a common threat vector.
Remember, humans are the weakest link; however, security awareness training and education and comprehensive security policies can help mitigate common vulnerabilities. Conducting risk assessments and teaching end users how to identify and respond to potential security risks go a long way towards protecting organizations from potentially catastrophic events.
Stay alert, check and double-check every email, and trust “gut” feelings!
Barbara Rubel MBA, FRBMA
Senior Vice President, Marketing & Client Services
Barbara has been a leader with MSN Client Services since 1998. Her extensive background in strategic planning, market research, healthcare marketing and managed care negotiations provides a wealth of information to support MSN Clients.
Barbara has also been highly involved in industry organizations, serving as President of the Radiology Business Management Association (RBMA), the Georgia RBMA, and the Florida RBMA. In addition, she chaired the influential RBMA Federal Affairs Committee and the RBMA Technology Task force and was a member of the RBMA Data Committee. Her work on behalf of radiology has earned her the RBMA Special Recognition Award (2010), the RBMA Global Achievement Award (2013), and she is a Fellow of the RBMA.
David Miller, Chief Administrative Officer
Technology Partners, LLC
Immediately prior to joining the ImagineTeam, David retired from the FBI after a 21-year career as a Special Agent, where he demonstrated success conducting national security investigations and intelligence operations; developing, reengineering, and leading information sharing initiatives; overseeing task force and fusion center operations; managing and growing public-private partnerships; and building collaborative, mutually-beneficial relationships.
