- Healthcare records are bestsellers on the Dark Web, ranging in price from $250 to over $1,000 per record.
- The growing, profitable market for Protected Health Information (PHI) is attracting sophisticated cybercriminal syndicates, several of which are state-sponsored.
- Medical fraud is slower to detect and notify, unlike financial fraud (ex. stolen credit cards), contributing to its popularity with cybercriminals globally.
- Cybercriminals prefer PHI data because it’s easy to sell and contains information that is harder to cancel or secure once stolen. Examples include insurance policy numbers, medical diagnoses, Social Security Numbers (SSNs), credit card, checking and savings account numbers.
These and many other insights into why healthcare provider networks are facing a cybersecurity crisis are from the recently declassified U.S. Department of Health & Human Services HC3 Intelligence Briefing Update Dark Web PHI (Protected Health Information) Marketplace presented April 11th of this year. You can download a copy of the slides here (PDF, 13 pp, no opt-in). The briefing provides a glimpse into how the dark web values the “freshness’ of healthcare data and the ease of obtaining elderly patient records, skewing stolen identities to children, and elderly patients. Protenus found that the single largest healthcare breach this year involves 20 million patent records stolen from a medical collections agency. The breach was discovered after the records were found for sale on the dark web. Please see their 2019 Mid-Year Breach Barometer Report (opt-in required) for an analysis of 240 of the reported 285 breach incidents affecting 31,611,235 patient records in the first six months of this year. Cybercriminals capitalize on medical records to drive one or more of the following strategies as defined by the HC3 Intelligence Briefing:
Stopping A Breach Can Avert A HIPAA Meltdown
To stay in business, healthcare providers need to stay in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA provides data privacy and security provisions for safeguarding medical information. Staying in compliance with HIPAA can be a challenge given how mobile healthcare provider workforces are, and the variety of mobile devices they use to complete tasks today. 33% of healthcare employees are working outside of the office at least once a week. And with government incentives for decentralized care expected to expand mobile workforces industry-wide, this figure is expected to increase significantly. Health & Human Services provides a Breach Portal that lists all cases under investigation today. The Portal reflects the severity of healthcare providers’ cybersecurity crisis. Over 39 million medical records have been compromised this year alone, according to HHS’ records from over 340 different healthcare providers. Factoring in the costs of HIPAA fines that can range from $25,000 to $15.M per year, it’s clear that healthcare providers need to have endpoint security on their roadmaps now to avert the high costs of HIPAA non-compliance fines.
Securing endpoints across their healthcare provider networks is one of the most challenging ongoing initiatives any Chief Information Security Officer (CISO) for a healthcare provider has today. 39% of healthcare security incidents are caused by stolen or misplaced endpoints. CISOs are balancing the need their workforces have for greater device agility with the need for stronger endpoint security. CISOs are solving this paradox by taking an adaptive approach to endpoint security that capitalizes on strong asset management. “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what are consuming network bandwidth is an IT management problem, but it’s a security outcome “, said Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software.
5 Strategies for Healthcare Providers Are Using To Secure Networks
Thwarting breaches to protect patients’ valuable personal health information starts with an adaptive, strong endpoint strategy. The following are five proven strategies for protecting endpoints, assuring HIPAA compliance in the process:
- Implementing an adaptive IT asset management program delivers endpoint security at scale. Healthcare providers prioritizing IT asset management control and visibility can better protect every endpoint on their network. Advanced features including real-time asset management to locate and secure devices, geolocation fencing so devices can only be used in a specific area and device freeze options are very effective for securing endpoints. Healthcare providers are relying more and more on remote data delete as well. The purpose of this feature is to wipe lost or stolen devices within seconds.
- Improve security and IT operations with faster discovery and remediation across all endpoints. Implement strategies that enable greater remediation and resilience of every endpoint. Healthcare providers are having success with this strategy, relying on IT asset management to scale remediation and resilience to every endpoint device. Absolute’s Persistence technology is a leader in this area by providing scalable, secure endpoint resiliency. Absolute also has a proven track record of providing self-healing endpoints extending their patented firmware-embedded Persistence technology that can self-heal applications on compatible endpoint devices.
- Design in HIPAA & HITECH compliance and reporting to each endpoint from the first pilot. Any endpoint security strategy needs to build in ongoing compliance checks and automated reports that are audit-ready. It also needs to be able to probe for violations across all endpoints. Advanced endpoint security platforms are capable of validating patient data integrity with self-healing endpoint security. All of these factors add up to reduce time to prepare audits with ongoing compliance checks across your endpoint population.
- A layered security strategy that includes real-time endpoint orchestration needs to anchor any healthcare network merger or acquisition, ensuring patient data continues to be protected. Private Equity (PE) firms continue acquiring providers to create healthcare networks that open up new markets. The best breach prevention, especially in merged or acquired healthcare networks, is a comprehensive layered defense strategy that spans endpoints and networks. If one of the layers fails, there are other layers in place to ensure your organization remains protected. Healthcare providers’ success with layered security models is predicated on how successful they are achieving endpoint resiliency. Absolute’s technology is embedded in the core of laptops and other devices at the factory. Once activated, it provides healthcare providers with a reliable two-way connection so they can manage mobility, investigate potential threats, and take action if a security incident occurs.
- Endpoint security needs to be tamper-proof at the operating system level on the device yet still provides IT and cybersecurity teams with device visibility and access to modify protections. Healthcare providers need an endpoint visibility and control platform that provides a persistent, self-healing connection between IT, security teams, and every device, whether it is active on the network or not. Every identity is a new security perimeter. Healthcare providers’ endpoint platforms need to be able to secure all devices across different platforms, automate endpoint hygiene, speed incident detection, remediation, and reduce IT asset loss by being able to self-diagnose and repair endpoint devices on real-time.