top of page

Exposing the Cyber Threats to Healthcare

Let's start with a question that will make you think: Which of the following is worth the most on a dark web forum: a credit card number, a social security number, or an electronic health record (EHR)?

Of all the things that could be stolen, the EHR is the most valuable. A study found that an EHR can fetch up to $1,000, while a credit card number is only $5 and a social security number is $1. An easy reason for this is that you can't cancel your personal information like you can a credit card.

The healthcare business is still a top target for cybercriminals because of this big difference in value. Attackers who want to make money can take advantage of the sector's large collection of private data. Healthcare has had the highest average costs per breach for 12 years in a row, more than any other industry. It costs more than $10 million per breach on average, which is more than the banking sector, where breaches cost about $6 million on average.

From 2018 to 2022, the number of "hacking or IT incidents" recorded by the US Department of Health & Human Services (HSS) more than tripled. This shows how serious the problem is.

Ransomware, a well-known threat, is the main enemy in this case. This type of hacking is focusing more and more on the healthcare industry, taking advantage of how important patient care is to put pressure on businesses. Ransomware groups love going after the healthcare business for a number of reasons:

Diagnostic tools, telemedicine, wearable health devices, and digital images are some of the new technologies that have made medical care more dependent on digital systems.

High digitalization: The healthcare industry is driven by new ideas, and a lot of third parties are changing private data like EHRs.

Resource Limits: A lot of healthcare organizations don't have enough staff or cybersecurity experts, which leaves their (often old) IT systems open to threats.

High Stakes: Healthcare organizations have strong reasons to pay ransoms because they need to keep providing care to patients. This makes them easy targets for hackers.

Even with these problems, things aren't completely bad. To protect private data, one important thing to do is to think like an attacker. This way helps us understand how potential attackers weigh the costs and benefits of their actions, helping us figure out what assets they might go after and how they are most likely to attack.

One important thing to realize in this situation is that threats haven't necessarily become more complex. Instead, the attack area, or a number of possible weak spots, has grown. Companies can get a strategic edge by keeping an eye on the attack area and keeping track of their assets. By looking at their own systems through the eyes of an attacker, they can spot and stop potential threats before they happen, successfully turning the tables on the attackers.

How does ransomware work?

The idea that hackers are lone individuals who wear black hoodies and commit multimillion-dollar cyberheists is mostly a myth. The world of cybercrime today is much more complex, like a business with different areas of expertise. This change has been made easier by digital currencies and secret networks, which have turned ransomware into a business.

Even though cybercrime is better organized, the basic strategies haven't changed much. The main plan is still to take advantage of mistakes made by humans and "low-hanging" security holes in the huge software ecosystem.

Realizing that cybercriminals are companies is a key way to understand how they think. To reach their goals, they always choose the easiest and least expensive way to do it. This includes becoming an expert in things like getting first access to IT systems and then selling that access to other criminal groups, such as gangs, affiliates, nation-states, or even other Initial Access Brokers (IABs).

Strangely, hacking web applications might seem very old-fashioned when compared to the easier way to make money: using freely available data. The breach of 23andMe customers' genetic records is a powerful case. This breach wasn't caused by direct hacking. Instead, the attacker used stolen login information from other websites to get to the data and then sold it on the dark web for money.

The source of this kind of useful info is often surprisingly easy to find. On sites like GitHub, sensitive data like API keys, tokens, and other developer passwords (also called "secrets") is often left out in the open. Cybercriminals looking to make quick money are very interested in these credentials because they give them straight access to valuable data.

How finding lies before they get out could save your life#

The security company GitGuardian said that in 2022, 10 million secrets were found to have been stolen on GitHub. This is a 67% rise from the previous year, which means that during this time, about one in ten code authors leaked secrets.

The reason for this sharp rise is that secrets are common in today's software supply lines. These secrets, which are needed to connect different IT parts like cloud services, web apps, and Internet of Things (IoT) devices, can also get out and pose big security risks. Cybercriminals are very aware of how valuable these secrets are because they can give them direct access to terabytes of unsecured data or even internal IT systems.

As reported by the HIPAA Journal, Becton Dickinson (BD) recently admitted that their FACSChorus software had seven security holes. This is a stark reminder of the ongoing application security problems in the healthcare industry. One important flaw, CVE-2023-29064, had a plaintext secret that was hardcoded and could let people who weren't supposed to have it get administrative rights.

If organizations want to protect themselves from these kinds of weaknesses, they need to be constantly on guard. It is important to keep an eye on your company's activity on sites like GitHub so that secrets don't get leaked and cause shocks. Just as important is having a specialized team do in-depth research to find any exposed assets, badly configured data storage, or hardcoded credentials in your digital infrastructure.

It's important to be cautious, and one useful thing you can do is look into GitGuardian's free GitHub attack surface audit. An audit like this can give useful information, like a look at the company's digital record on GitHub. As well as showing how many busy developers are using business emails, it can also show how many possible leaks there are related to the company and which ones could be used by bad people.

Also, if you want to make your defense even stronger, you should add honeytokens to your security plan. Honeytokens are like fake things that can be used to lure and find people who aren't supposed to be there. This makes the Mean Time to Detection (MTTD) of hacks much shorter. This method adds an extra layer of security, making it harder for attackers to get in and lessening the damage if there is a breach.

Finish #

There is a lot of valuable data in the healthcare business, which puts it at a key point in the fight against cyber threats. Since more than ten years ago, this sector has had the highest average costs due to breaches because hackers target it. Ransomware groups are the biggest threat because they have become savvy and run their businesses like businesses. To protect themselves from these risks, healthcare organizations need to be careful and take action. One important part of this is keeping an eye on digital footprints on sites like GitHub and doing a lot of studies to find assets that are at risk and protect them. This is the only way to protect patient privacy and info. Using services like the free GitHub attack surface audit can help you learn a lot about possible security holes.

It is inevitable that hacking threats will change as technology keeps getting better. The healthcare field needs to stay ahead of these problems at all costs. This means not only using the newest security tools but also making sure that everyone on staff is aware of security issues.

5 views0 comments


bottom of page