Cyber Strategy
Cyber Secure
Cyber Operations
Cyber Response
Cyber Resilience
Menu
Healthcare and BioTech
Industry
Healthcare and BioTech
Industry
Healthcare and BioTech
Cyber security in healthcare, pharmaceutical and biotech is without doubt a critical need in the digital age.
We saw the COVID-19 pandemic accelerated and proliferated the number of cyber-attacks targeting the healthcare sector; only for it to become clear the need to build robust cyber security programs within the healthcare and biotech sector.
The consequential rise of ransomware attacks targeting healthcare saw for the first time how ransomware can impact human lives. The first major incident was the NHS in United Kingdom that was crippled with the WannaCry ransomware. The ransomware attack that impacted the NHS so profoundly in 2017 was a watershed moment for healthcare cyber security in UK and further afield. It was a problem that impacted patient care directly, costing the organisation $116.4M and leading to almost 19,000 cancelled appointments.
We saw the COVID-19 pandemic accelerated and proliferated the number of cyber-attacks targeting the healthcare sector; only for it to become clear the need to build robust cyber security programs within the healthcare and biotech sector.
The consequential rise of ransomware attacks targeting healthcare saw for the first time how ransomware can impact human lives. The first major incident was the NHS in United Kingdom that was crippled with the WannaCry ransomware. The ransomware attack that impacted the NHS so profoundly in 2017 was a watershed moment for healthcare cyber security in UK and further afield. It was a problem that impacted patient care directly, costing the organisation $116.4M and leading to almost 19,000 cancelled appointments.
Why Healthcare?
Hospitals and healthcare clinics have experienced significant data breaches primarily driven by ransomware attacks. First, health data is more valuable to cyber criminals. Health data, including medical records, contain protected health information (PHI), which is more valuable on the dark web than credit card credentials or regular personally identifiable information (PII).
Whereas a credit card number can sell on the dark web for around $1.50, a single electronic health record (EHR) can sell for upwards of $300. This is largely because PHI doesn’t change over time. Healthcare records and patient records often include personal information such as names, Social Security numbers, dates of birth, payment information, insurance identification numbers, and more. Those facts can’t easily be canceled or changed like, say, canceling a credit card.
The permanent nature of this information makes it more valuable to cybercriminals, since they can use it to commit identity theft. Long story short: healthcare hacking is profitable.
Many healthcare organizations don’t invest enough in cybersecurity for this very reason, but cyber criminals know this. They also know that a healthcare organization is more likely to pay up when its data is held for ransom, so medical staff can resume operations as quickly as possible.
Why Healthcare?
Hospitals and healthcare clinics have experienced significant data breaches primarily driven by ransomware attacks. First, health data is more valuable to cyber criminals. Health data, including medical records, contain protected health information (PHI), which is more valuable on the dark web than credit card credentials or regular personally identifiable information (PII).
Whereas a credit card number can sell on the dark web for around $1.50, a single electronic health record (EHR) can sell for upwards of $300. This is largely because PHI doesn’t change over time. Healthcare records and patient records often include personal information such as names, Social Security numbers, dates of birth, payment information, insurance identification numbers, and more. Those facts can’t easily be canceled or changed like, say, canceling a credit card.
The permanent nature of this information makes it more valuable to cybercriminals, since they can use it to commit identity theft. Long story short: healthcare hacking is profitable.
Many healthcare organizations don’t invest enough in cybersecurity for this very reason, but cyber criminals know this. They also know that a healthcare organization is more likely to pay up when its data is held for ransom, so medical staff can resume operations as quickly as possible.
What Is the Main Cause of Healthcare Data Breaches?
The primary reason for the spike in healthcare data breaches last year was due to the rise in ransomware attacks. According to many reports, ransomware attacks accounted for 55% percent of healthcare data breaches in 2020.
The numbers for 2021 are even higher. Hacking incidents and IT incidents (which include malware and ransomware attacks) accounted for 68% of reported breached – but what about undisclosed breached. In April 2021 alone, the top three data breaches were all ransomware attacks and involved 1.3 million healthcare records.
Ransomware groups know that healthcare organizations are especially vulnerable to ransomware attacks during a global pandemic. At the same time, they have also shifted the way in which they conduct ransomware attacks.
In the past, ransomware groups merely encrypted their victims’ data and then held it for ransom. Today, ransomware attacks also involve data theft prior to encryption. This lets ransomware groups threaten to release and sell that data on the black market, should the victim company refuse to pay for a decryption code.
Even when attackers do receive payment, there is no guarantee that the ransomware groups will provide a decryption code in exchange — leaving healthcare organizations high and dry.
What Is the Main Cause of Healthcare Data Breaches?
The primary reason for the spike in healthcare data breaches last year was due to the rise in ransomware attacks. According to many reports, ransomware attacks accounted for 55% percent of healthcare data breaches in 2020.
The numbers for 2021 are even higher. Hacking incidents and IT incidents (which include malware and ransomware attacks) accounted for 68% of reported breached – but what about undisclosed breached. In April 2021 alone, the top three data breaches were all ransomware attacks and involved 1.3 million healthcare records.
Ransomware groups know that healthcare organizations are especially vulnerable to ransomware attacks during a global pandemic. At the same time, they have also shifted the way in which they conduct ransomware attacks.
In the past, ransomware groups merely encrypted their victims’ data and then held it for ransom. Today, ransomware attacks also involve data theft prior to encryption. This lets ransomware groups threaten to release and sell that data on the black market, should the victim company refuse to pay for a decryption code.
Even when attackers do receive payment, there is no guarantee that the ransomware groups will provide a decryption code in exchange — leaving healthcare organizations high and dry.
Why Hackers target Healthcare?
The healthcare industry has unique cybersecurity vulnerabilities that make it more prone to cyberattacks in general. The cause of healthcare data breaches may include malware, ransomware, hacking, phishing, insider threats, third-party data breaches or the loss or theft of laptops and other devices.
Network server incidents, most of which involved ransomware or malware, have surpassed phishing as the most common cause of healthcare data breaches. Phishing emails, however, are often the root cause of many of these ransomware attacks.
Phishing occurs when malicious actors send emails from email accounts purporting to be from reputable sources, to trick individuals into revealing personal information such as log-in credentials. The pilfered information is then used to access a system and upload ransomware.
Even on secured devices, a medical facility’s own staff is vulnerable to phishing attempts. A medical professional without cybersecurity training might inadvertently open a phishing email using a secured device, leading to a ransomware attack. Furthermore, the risk in smart medical equipment which are network connected pose a big risk where the segmentation between the corporate network and healthcare network may not be sufficiently isolated.
A typical healthcare should always implement zero-trust network architecture by ensuring not only security zones are created to isolate; visitor, guest, medical staff, IoT, corporate and smart medical devices, laboratory networks respectively. A compromise on the corporate network can easily propagate to the sensitive networks where your MRI scanners – leaving you exposed if the right segregation is not performed.
Threat actors have also shown a preference for exploiting known vulnerabilities that have been left unpatched. A ransomware group might scan for known vulnerabilities and hit a large number of healthcare organizations with opportunistic ransomware attacks; or it might specifically scan healthcare facilities for such vulnerabilities. Either way, the attacker will quickly latch onto and exploit unpatched vulnerabilities as an entry point.
So, what can healthcare organizations do to protect themselves against future ransomware attacks and protect their patient data?
Regulations on Healthcare Cyber Security
Many healthcare organizations structure their cybersecurity efforts around ADHICS compliance.
The Department of Health (DOH) established the Abu Dhabi Healthcare Information and Cyber Security (ADHICS) Standard. The ADHICS is a strategic initiative in support of DOH’s vision and federal mandates and is endorsed by DOH’s Executive Committee. ADHICS is aligned with industry and international expectations on information security. It complements the government’s initiatives on Health Information Exchange (HIE) towards greater security and public trust. DOH regulates healthcare entities adoption of ADHICS and enhances data privacy and security in Abu Dhabi’s health sector.
Applicability
All DOH regulated health care entities and services within the emirate of Abu Dhabi.
- Healthcare services
- Health insurance services (including brokerage and other related administrative services)
- Healthcare IT services
- Diagnostic labs
- Pharmacies
- Hospitals
- Third Party administrators
- Any other services and activities directly or indirectly related to healthcare or health e-data
- Identity and Access Management
- Data Center operations and Disaster Recovery Planning
In other locations various other frameworks may apply but as of writing this article ADHICS was the primary standard addressing cybersecurity within the healthcare sector for all entities within this sector in the Emirates of Abu Dhabi.
Why Hackers target Healthcare?
The healthcare industry has unique cybersecurity vulnerabilities that make it more prone to cyberattacks in general. The cause of healthcare data breaches may include malware, ransomware, hacking, phishing, insider threats, third-party data breaches or the loss or theft of laptops and other devices.
Network server incidents, most of which involved ransomware or malware, have surpassed phishing as the most common cause of healthcare data breaches. Phishing emails, however, are often the root cause of many of these ransomware attacks.
Phishing occurs when malicious actors send emails from email accounts purporting to be from reputable sources, to trick individuals into revealing personal information such as log-in credentials. The pilfered information is then used to access a system and upload ransomware.
Even on secured devices, a medical facility’s own staff is vulnerable to phishing attempts. A medical professional without cybersecurity training might inadvertently open a phishing email using a secured device, leading to a ransomware attack. Furthermore, the risk in smart medical equipment which are network connected pose a big risk where the segmentation between the corporate network and healthcare network may not be sufficiently isolated.
A typical healthcare should always implement zero-trust network architecture by ensuring not only security zones are created to isolate; visitor, guest, medical staff, IoT, corporate and smart medical devices, laboratory networks respectively. A compromise on the corporate network can easily propagate to the sensitive networks where your MRI scanners – leaving you exposed if the right segregation is not performed.
Threat actors have also shown a preference for exploiting known vulnerabilities that have been left unpatched. A ransomware group might scan for known vulnerabilities and hit a large number of healthcare organizations with opportunistic ransomware attacks; or it might specifically scan healthcare facilities for such vulnerabilities. Either way, the attacker will quickly latch onto and exploit unpatched vulnerabilities as an entry point.
So, what can healthcare organizations do to protect themselves against future ransomware attacks and protect their patient data?
Regulations on Healthcare Cyber Security
Many healthcare organizations structure their cybersecurity efforts around ADHICS compliance.
The Department of Health (DOH) established the Abu Dhabi Healthcare Information and Cyber Security (ADHICS) Standard. The ADHICS is a strategic initiative in support of DOH’s vision and federal mandates and is endorsed by DOH’s Executive Committee. ADHICS is aligned with industry and international expectations on information security. It complements the government’s initiatives on Health Information Exchange (HIE) towards greater security and public trust. DOH regulates healthcare entities adoption of ADHICS and enhances data privacy and security in Abu Dhabi’s health sector.
Applicability
All DOH regulated health care entities and services within the emirate of Abu Dhabi.
- Healthcare services
- Health insurance services (including brokerage and other related administrative services)
- Healthcare IT services
- Diagnostic labs
- Pharmacies
- Hospitals
- Third Party administrators
- Any other services and activities directly or indirectly related to healthcare or health e-data
- Identity and Access Management
- Data Center operations and Disaster Recovery Planning
In other locations various other frameworks may apply but as of writing this article ADHICS was the primary standard addressing cybersecurity within the healthcare sector for all entities within this sector in the Emirates of Abu Dhabi.
What you should do.
Healthcare organizations should budget for cybersecurity programs accordingly. Although the upfront cost of investing in cybersecurity might seem high, it is far less than the cost of recovering from a cyber attack (especially a ransomware attack, where you have remediation costs plus whatever ransom you might be tempted to pay).
Healthcare organizations should also prioritize and remediate the vulnerabilities that are most likely to be targeted by coordinated ransomware attacks, and assure that continuous monitoring and patching is in place.
Healthcare providers need to assess the cybersecurity of any third-party vendors and business associates thoroughly as well.
Here are some more specific things your organization can do to prevent healthcare data breaches:
-
Control access to sensitive healthcare information and systems. The best way to keep data secure is to make it available only on a need-to-know basis. Your healthcare organization should determine what information is relevant and who should have access, and set access controls accordingly.
Restrict access to data and applications with two-factor authentication and other methods beyond usernames and passwords; encrypt all sensitive data; log and monitor all access attempts; adopt role-based access controls (RBAC); secure all mobile devices; lock down all remote-access connections by using virtual private networks (VPN); and isolate Internet of Things (IoT) / Smart Medical Devices (SMD) that connect to healthcare networks
-
Perform continual risk assessments. Healthcare risk assessments help hospitals, clinics, and doctors’ offices identify where they’re vulnerable to cyberattacks. They will allow your healthcare organization to locate potential threats from within and outside an organization, estimate the damage such threats could inflict if exploited, and measure the likelihood of an attack.
ADHICS and other regulations require risk assessments, which will allow your organization to better understand your weaknesses and vulnerabilities so you can protect yourself. Ultimately, risk assessments allow healthcare organizations to act preemptively to prevent security breaches, stop network and system shutdowns, and circumvent other security incidents.
-
Educate users about their role as the first line of defense. Most ransomware attacks require users to take some sort of action such as following a link, opening an email, or downloading a file. Increasing awareness about threats to data security can help healthcare providers make more secure decisions.
All healthcare organizations should invest in employee training for cybersecurity in healthcare. Train your employees to identify emails that attempt to trick them into clicking on a link or performing some other action that infects the network with a virus; focus employee training on security policies designed to reduce human errors, and educate employees to recognize the techniques that cybercriminals use to breach healthcare systems and plant ransomware or other malware; and teach workers how to spot other social engineering techniques that cybercriminals use to plant ransomware in healthcare networks.
-
Prepare for an attack and breaches with a backup and recovery plan. Planning for worst-case scenarios will allow your healthcare organization effectively to limit the potential damage of a ransomware attack. ADHICS and other regulations mandate that healthcare organizations have data backup plans, disaster recovery plans, and emergency operation plans.
Your contingency plan should include the following: the use of off-site data backups to protect against natural disasters as well as cyberattacks, ransomware attacks, and data breaches; a method for applying the latest patches and upgrades as soon as they are available to keep all applications and systems current; and the ability to restore full backups quickly in the event of a breach or ransomware attack.
-
Adopt a zero-trust security model. Zero-trust security models operate under the premise that everything requires verification before being allowed to connect to your organization’s system, and periodically during access. Using tools like multi-factor authentication, encryption, and analytics to evaluate the security of a request for access, zero-trust models provide only the bare-minimum access needed to accomplish tasks.
For healthcare organizations, where operations are focused on life and death situations, preparing for a ransomware attack can easily become overwhelming.
Healthcare providers and their business associates must balance the protection of patient privacy while also delivering quality patient care and meeting the strict regulatory requirements.
What you should do.
Healthcare organizations should budget for cybersecurity programs accordingly. Although the upfront cost of investing in cybersecurity might seem high, it is far less than the cost of recovering from a cyber attack (especially a ransomware attack, where you have remediation costs plus whatever ransom you might be tempted to pay).
Healthcare organizations should also prioritize and remediate the vulnerabilities that are most likely to be targeted by coordinated ransomware attacks, and assure that continuous monitoring and patching is in place.
Healthcare providers need to assess the cybersecurity of any third-party vendors and business associates thoroughly as well.
Here are some more specific things your organization can do to prevent healthcare data breaches:
-
Control access to sensitive healthcare information and systems. The best way to keep data secure is to make it available only on a need-to-know basis. Your healthcare organization should determine what information is relevant and who should have access, and set access controls accordingly.
Restrict access to data and applications with two-factor authentication and other methods beyond usernames and passwords; encrypt all sensitive data; log and monitor all access attempts; adopt role-based access controls (RBAC); secure all mobile devices; lock down all remote-access connections by using virtual private networks (VPN); and isolate Internet of Things (IoT) / Smart Medical Devices (SMD) that connect to healthcare networks
-
Perform continual risk assessments. Healthcare risk assessments help hospitals, clinics, and doctors’ offices identify where they’re vulnerable to cyberattacks. They will allow your healthcare organization to locate potential threats from within and outside an organization, estimate the damage such threats could inflict if exploited, and measure the likelihood of an attack.
ADHICS and other regulations require risk assessments, which will allow your organization to better understand your weaknesses and vulnerabilities so you can protect yourself. Ultimately, risk assessments allow healthcare organizations to act preemptively to prevent security breaches, stop network and system shutdowns, and circumvent other security incidents.
-
Educate users about their role as the first line of defense. Most ransomware attacks require users to take some sort of action such as following a link, opening an email, or downloading a file. Increasing awareness about threats to data security can help healthcare providers make more secure decisions.
All healthcare organizations should invest in employee training for cybersecurity in healthcare. Train your employees to identify emails that attempt to trick them into clicking on a link or performing some other action that infects the network with a virus; focus employee training on security policies designed to reduce human errors, and educate employees to recognize the techniques that cybercriminals use to breach healthcare systems and plant ransomware or other malware; and teach workers how to spot other social engineering techniques that cybercriminals use to plant ransomware in healthcare networks.
-
Prepare for an attack and breaches with a backup and recovery plan. Planning for worst-case scenarios will allow your healthcare organization effectively to limit the potential damage of a ransomware attack. ADHICS and other regulations mandate that healthcare organizations have data backup plans, disaster recovery plans, and emergency operation plans.
Your contingency plan should include the following: the use of off-site data backups to protect against natural disasters as well as cyberattacks, ransomware attacks, and data breaches; a method for applying the latest patches and upgrades as soon as they are available to keep all applications and systems current; and the ability to restore full backups quickly in the event of a breach or ransomware attack.
-
Adopt a zero-trust security model. Zero-trust security models operate under the premise that everything requires verification before being allowed to connect to your organization’s system, and periodically during access. Using tools like multi-factor authentication, encryption, and analytics to evaluate the security of a request for access, zero-trust models provide only the bare-minimum access needed to accomplish tasks.
For healthcare organizations, where operations are focused on life and death situations, preparing for a ransomware attack can easily become overwhelming.
Healthcare providers and their business associates must balance the protection of patient privacy while also delivering quality patient care and meeting the strict regulatory requirements.
Our Services
As healthcare innovation continue to strive it is equally important to keep on top of the global cyber threat landscape by having the ability to proactively detect and remediate such threats before health records, medical transactions and data are compromised. DTS Solution has the expertise to help you protect your assets and reputation as you transform operations and embrace technical innovation.
Our Services
As healthcare innovation continue to strive it is equally important to keep on top of the global cyber threat landscape by having the ability to proactively detect and remediate such threats before health records, medical transactions and data are compromised. DTS Solution has the expertise to help you protect your assets and reputation as you transform operations and embrace technical innovation.
Enhancing healthcare services security will help you:
- Protect valuable intellectual property and healthcare data from cyber criminals
- Develop strategies to enhance healthcare cybersecurity compliance while reducing regulatory pressures
- Extend the skill set and capabilities of your IT and cybersecurity staff
- Enhance continuous monitoring and rapidly implement cyber-attack countermeasures
- Reduce the time it takes to respond to persistent threats
Some of the services we have successfully delivered
- ADHICS Compliance Gap and Risk Assessment
- Development of ADHICS compliance policies, processes, procedures, and standards
- Virtual CISO as a Service
- Conducting Vulnerability Assessment and Penetration Testing
- Healthcare network security architecture review
- Firewall configuration review
- ERP and EHR Security Assessment
- Mobile Application Security Assessment
- IoT / SMD Security Assessment
- Red Team Operations
- Source Code Review
- Cloud Security Assessment
- CSOC Maturity Assessment
- Enterprise Security Architecture
- Cyber Security Engineering – Products and Solution Implementation
- Cyber Risk Maturity Assessment
- Conducting Cyber Security Awareness and Training across all staff
Enhancing healthcare services security will help you:
- Protect valuable intellectual property and healthcare data from cyber criminals
- Develop strategies to enhance healthcare cybersecurity compliance while reducing regulatory pressures
- Extend the skill set and capabilities of your IT and cybersecurity staff
- Enhance continuous monitoring and rapidly implement cyber-attack countermeasures
- Reduce the time it takes to respond to persistent threats
Some of the services we have successfully delivered
- ADHICS Compliance Gap and Risk Assessment
- Development of ADHICS compliance policies, processes, procedures, and standards
- Virtual CISO as a Service
- Conducting Vulnerability Assessment and Penetration Testing
- Healthcare network security architecture review
- Firewall configuration review
- ERP and EHR Security Assessment
- Mobile Application Security Assessment
- IoT / SMD Security Assessment
- Red Team Operations
- Source Code Review
- Cloud Security Assessment
- CSOC Maturity Assessment
- Enterprise Security Architecture
- Cyber Security Engineering – Products and Solution Implementation
- Cyber Risk Maturity Assessment
- Conducting Cyber Security Awareness and Training across all staff
Our Services
Our Services
Cybersecurity Program and Framework Development
- Develop Cybersecurity Policies, Processes, Procedures
- Institutionalize Cybersecurity Management System
- Establish Robust Cyber Risk Management Practices
- Ensure Cyber Resilience and Disaster Recovery
- Executive Management Support for Cybersecurity
- Establish Data Governance and Protection Controls
- Establish Identity Governance and Access Management
- Enterprise and Cloud Security Architecture Blueprint
- Enterprise and Cloud Security Strategy
- Cybersecurity Controls Reference Architecture
- Cybersecurity Maturity Enhancement
- Human-Centric Cybersecurity Awareness and Training Program
- High-Performance Cybersecurity Metrics
Cybersecurity
Assessment
- Cybersecurity Risk Assessment
- ISMS Compliance and Gap Assessment
- IT Audit and Health Check
- Data Protection and Security Assessment
- Vulnerability Assessment
- Penetration Testing
- Social Engineering
- OSINT and DARKINT Assessment
- Red Teaming
- Blue Teaming
- Purple Teaming
- Ransomware Simulation
- Network Security Architecture Review
- Network and Security Configuration Assessment
- Systems Security Configuration Assessment
- Third-Party Risk Management
- Supply Chain Security Assessment
- Identity Access Management Assessment
- Privileged User Access Management Assessment
- Database Security Assessment
- IaaS and PaaS Cloud Security Assessment – AWS, Azure, OCI
- SaaS Cloud Security Assessment – Salesforce, Informatica
- Social Media Risk Assessment
- CSOC Cyber Threat Monitoring Risk Assessment
- Secure Software Maturity Assessment
- Business Continuity and Disaster Recovery Assessment
- Attack Simulation Assessment
- Incident Response and Digital Forensic
Cybersecurity
Controls
- Network and Infrastructure Security
- Zero Trust and Private Access
- Endpoint and Server Protection
- Data Protection
- Application Security
- Secure Software and DevSecOps
- Cloud Security
- Identity Governance
- Risk and Compliance
- Security Intelligent Operations
See also:
Solutions
Network and Infrastructure Security
Zero Trust and Private Access
Endpoint and Server Protection
Vulnerability and Patch Management
Data Protection
Application Security
Secure Software and DevSecOps
Cloud Security
Identity Access Governance
Governance, Risk and Compliance
Security Intelligence Operations
Incident Response
Accreditations
Accreditations
Dubai
Abu Dhabi Office 7, Floor 14
Makeen Tower, Al Mawkib St.
Al Zahiya Area
Abu Dhabi, UAE
Kuwait Mezzanine Floor, Tower 3
Mohammad Thunayyan Al-Ghanem Street, Jibla
Kuwait City, Kuwait
+971 4 3383365
[email protected]
London 160 Kemp House, City Road
London, EC1V 2NX
United Kingdom
Company Number: 10276574
The website is our proprietary property and all source code, databases, functionality, software, website designs, audio, video, text, photographs, icons and graphics on the website (collectively, the “Content”) are owned or controlled by us or licensed to us, and are protected by copyright laws and various other intellectual property rights. The content and graphics may not be copied, in part or full, without the express permission of DTS Solution LLC (owner) who reserves all rights.
DTS Solution, DTS-Solution.com, the DTS Solution logo, HAWKEYE, FYNSEC, FRONTAL, HAWKEYE CSOC WIKI and Firewall Policy Builder are registered trademarks of DTS Solution, LLC.