Omicron variant may require more stringent healthcare data protection
- A new variant will see greater demand for healthcare data.
- Securing patient data needs to be prioritized.
- Healthcare needs to look towards a zero-trust policy and prioritize data recovery.
Healthcare data continues to be one of the most highly desirable information by cybercriminals around the world today. Not only do healthcare data have a high value on the dark web, but it can also lead to serious implications if the information is exposed or made public.
What makes more worrying about healthcare data is the amount of information that it carries. From medical history records to personal information to even banking details, failure to secure this data properly can lead to organizations facing huge fines and losses should they be breached.
In fact, since the Covid-19 pandemic started, healthcare institutions are now becoming increasingly targeted by cybercriminals. And now with a new variant making data even more important for contact tracing purposes, keeping it secure is a prerogative healthcare companies can’t afford to miss. Part of the reason for this is that healthcare companies simply do not have sufficient skills or experience in dealing with healthcare data. In the US, more than 40 million patient records have been compromised this past year by incidents reported to the federal government in 2021.
At the same time, the use of more IoT devices in healthcare, telemedicine services, and other modern technologies have also led to growth in data which can be hard to be managed by current systems in most healthcare devices. Most medical professionals, aim to only treat patients and often do not understand the importance of keeping data safe and secured.
As such, there have been increasing data breaches in medical facilities with cybercriminals targeting healthcare data to not only steal it but also lock systems that can cripple hospital operations. Some recent examples of a healthcare data breach include the data breach at Fullerton Health, a leading integrated healthcare platform.
The hackers claimed they managed to steal the data of 400,000 people, including the insurance policy details of Singaporeans. A sample of the data uploaded by the unidentified hackers included customer names and identity card numbers, as well as information about bank accounts, employers, and medical history. It also had the personal details of the customers’ children.
Improve healthcare systems or protect healthcare data?
According to Kamal Brar, Vice President and General Manager, Asia Pacific and Japan at Rubrik, no one expected healthcare to see a massive spike in cyberattacks. Kamal feels there are two reasons for this.
Firstly, the sensitivity of patient data and the critical stress on medical facilities and the service providers massive increased. So with that, the focus came onto patient care instead of security systems and data. And with a new variant, which becomes difficult to manage, from a patient care perspective, data becomes crucial because it’s how the data can be used to understand the new variant and patients.
“There is so much data fragmented across different systems. The trend in healthcare is an area of weakness and no one was thinking of it as a new requirement. And when you have such a scenario, bad actors will look for the most sensitive form of data and that’s patient care data. The lucrative nature of getting access to this data is one part while the speed at which the stress on systems goes through led to exploits. Each country had their own challenge in managing data, especially in securing it, which led to ransomware going up three to five folds more,” said Kamal.
The value of the data is now at its highest. As new variants come in, there are processes already in play for countries to follow to manage the situation. Contact tracing, safety protocols have been around for some time. But some of this data needs to be shared. And this data needs to be shared digitally, like for travel and such. Sharing data efficiently continues to be a huge challenge.
“Fundamentally, it is not just patient data. Airlines, insurance companies need data. There is so much information going around multiple ecosystems. And securing them is a big challenge. There have been breaches in the past. Across the board, we are living in a data-driven world and we need to make sure the data in all circumstances,” added Kamal.
Unfortunately, healthcare also has many legacy devices and systems. And there are also IoT devices that are connected to the WiFi or Internet. Telemedicine is also becoming increasingly demanding in some countries. All these components can have vulnerabilities. Legacy systems like patient care systems may not be updated and are heavily exposed to any type of threats.
“There are modernized healthcare devices that are built on a zero-trust architecture. For some of the patient care devices, no one thought that these could be hacked. And when hospitals suffer a ransomware attack, it’s not just financial systems impacted but patient care as well,” explained Kamal.
Visibility and recovery is key
Healthcare needs to look towards a zero-trust policy. Kamal highlighted three guiding principles of the zero-trust policy. First, trust no one, always validate all connections. It was the other way round in the past, but this mindset needs to change. The other part is understanding the impact of a data breach. Healthcare facilities need to understand a data breach or ransomware attack to build their security. Finally, it is about automating the context and response. They need to understand how to trace the impact and what it means. This is where visibility is key and having appropriate recovery and backup systems.
“A lot of companies forget data protection. They need to think of the problem inside out. The most important thing is how quickly can they recover from an attack. If you look at healthcare incidents in the past, it is all about locking the systems. What’s key is how quickly can they recover those systems and get them back up and running,” said Kamal.
At the end of the day, the reality is healthcare data is becoming highly sought after by cybercriminals, and the only way healthcare facilities and service providers can protect their data and systems is to ensure they have full visibility on it. They also need to ensure that employees are fully aware of the importance of keeping data safe and secure.
For healthcare industries and service providers, new variants will only mean higher demand for data. Legacy infrastructures and IoT devices need to be protected. Backup and recovery systems should also be a key feature they look into. Ransomware recovery could not just save the organization but lives as well.
- Micron Technology invests RM1 Million for semiconductor research at Malaysian universities
- Shein, Shopee and Meesho overtake Amazon in 2021
- Data security is an expectation for APAC consumers
- Malware exploits Microsoft’s e-Signature verification
- What’s spooking Tencent and making them sell their shares off?