Skip to content

Why Have Attacks on Healthcare Organizations Increased?

A news article produced by the newspaper O Estado de São Paulo and replicated by the G1 website has pointed out that approximately 243 million Brazilians had their data exposed on the Internet due to failures by the Ministry of Health. These numbers include people who have already died. 

In practice, anyone registered with the Unified Health System (SUS) or a health plan had data such as individual taxpayer number, full name, address, and telephone number exposed.

In the previous week, 16 million people who had coronavirus had been victims of another leak caused by the same flaw: exposure of login and password that give access to the Ministry of Health’s system.

Also, a study performed by Apura Cybersecurity Intelligence has shown that there are 920,866 suspicious websites with the term “coronavirus”.

By reading this article, you will understand what has driven the recent increase in attacks against healthcare organizations. To facilitate your understanding, we have divided our text into topics that explain the reasons:

  1. More Workers Working Remotely 
  2. Low Investment in Cybersecurity
  3. Lack of Specific Cybersecurity Professionals
  4. Low Awareness 

Read it until the end!

1. More Workers Working Remotely 

Again, we quote a story from G1: according to this report, there were twice as many cyberattacks against hospital and pharmaceutical organizations in 2020 than in the previous year.

That’s because this sector represented 3% of detected digital threats in 2019. In 2020, that number rose to 6.6%. But what has changed from one year to the next? 

In fact, with the Covid-19 pandemic, many professionals have had to adhere to remote work. As a result, they began to access corporate devices from less secure environments, making IT systems more vulnerable. 

2. Low Investment in Cybersecurity

Not all healthcare organizations invest as much as they should in cybersecurity. Often, companies do not even have a department dedicated to this area, ignoring fundamental items, such as:

  • Cybersecurity Policies;
  • Disaster Recovery Plan;
  • Controls for compliance with data protection laws and regulations such as HIPAA.

This lack of investment and old operating systems explain why cybercriminals were already finding loopholes to attack the healthcare industry even before the pandemic. 

To give you an idea, the healthcare industry is one of the main targets of ransomware attacks, along with industries, banking institutions, and government agencies.

3. Lack of Specific Cybersecurity Professionals

We know that having professionals specialized in cybersecurity is essential today. However, these experts are scarce in the job market. It is no wonder this sector has an unemployment rate of 0% and jobs that require knowledge in cybersecurity take an average of 79 days to be filled, surpassing other IT areas.

Data from 2020 indicate that, in order to have an adequate number of professionals with this knowledge in Brazil, we would have to get a 52% increase in the number of employees, from 331,770 to 636,650.

4. Low Awareness 

In addition to everything we have already shown in this article, there is a problem that affects not only the healthcare area, but countless others: low cybersecurity awareness. This means organizations also do not invest in training their employees to deal with cyber threats.

And nowadays, it is extremely important to make teams aware of the risks they assume when accessing IT systems, in addition to promoting training that makes it possible to detect and combat these threats.

These trainings must be performed periodically. That’s because technology constantly evolves, offering increasingly efficient resources to malicious users too. Thus, cybersecurity care must follow this evolution.

By reading this article, you understood the main reasons for the increase in cyberattacks against healthcare organizations. Did you like our content? Share it with someone who may also be interested in the topic.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Passwords: Necessary, but Insufficient for Network Security

The First Form of Security

In the beginning – or at least near the beginning – there was the password. This rudimentary method of security pre-dated computers by at least two millennia, and was commonly utilized by militaries like the Roman Legion to maintain secure access to bases, resources and other high-ranking officers across a wide swath of newly conquered territory.  

As we fast forward to the 20th Century and the advent of the computer, passwords became the primary method of personal identification and access to systems, applications, networks…you name it. As computers became increasingly integrated into the daily lives of people both at work and at home, passwords became even more prevalent and served as the de facto method of security. 

Password Management Today

Today, much to our chagrin, we all juggle passwords across our laptops, tablets and phones in work and personal lives. Remembering the multitude of passwords needed to access different areas of our digital existence has become an onerous, often screen-punching task. It has also become a task rife with security vulnerabilities – particularly at the corporate level. Everyone is now required to remember so many passwords that they resort to insecure practices like writing them down, using easy-to-guess passwords, or using the same password over and over again. 

Most security experts see passwords as one of the weakest links in the security system, but many of the procedures that IT teams undertake with the intent of improving security – like requiring frequent password changes – makes the problem worse. If a hacker guesses a password or gains access to a password from one breach, they can try it again across other applications. Such tactics became household names in IT. For example, inputting a bunch of common passwords is known as “password spraying,” and reusing previously breached passwords is known as “credential stuffing.” 

Password-focused attacks are extremely common. For instance, in the well-publicized campaign of attacks on SolarWinds and many other vendors in 2019, the US  Cybersecurity and Infrastructure Security Agency (CISA) noted that “incident response investigations have identified that initial access in some cases was obtained by password guessing, password spraying…” 

The Move to Single Sign-On (SSO)

As corporate employees found themselves needing to log into more and more different devices, applications and network types, IT teams began leveraging SSO technology to help simplify the process and eliminate the need for people to remember every single password use. At its core, SSO intended to allow employees to have one password that provided them access to all necessary corporate resources.   

For several few years, while most applications still resided inside of a local IT datacenter, many organizations turned to tools like Microsoft’s Active Directory (AD) to manage user identity and access policies. The rise of AD adoption pushed other application vendors to support AD, further supplanting SSO as the then go-to method for password management and access security. 

Then along came Software as a Service (SaaS), and the game changed. SaaS apps went from novel to common incredibly quickly thanks to the simplicity, efficiency and cost effectiveness they promised. As cloud services like Amazon Web Services (AWS) and Microsoft Azure made it easier to build SaaS apps, these tools went from common to ubiquitous. Today, most companies have so many SaaS applications in use that their IT teams need to subscribe to other SaaS apps to help them discover and manage their active SaaS app portfolio.  

Every one of these new SaaS apps now in use utilized passwords. While early on some of these apps supported MS AD or its successor, Microsoft Azure AD (Azure AD), most did not at first. A such, it quickly became clear that successfully rolling out SSO universally was a daunting undertaking for most mid-sized businesses with complex IT environments and limited internal IT resources. After all, a company-wide password manager doesn’t eliminate the proliferation of passwords, and compromised SaaS apps can serve as gateways into the larger corporate network. 

The Rise of Multi-Factor Authentication (MFA)

The explosion of passwords and password-based attacks has created a market for password management software. There are a plethora of vendors who deal solely with simple passwords (e.g., LastPass, Keeper Security, Dashlane), SSO (e.g., Okta, SailPoint, One Identity), or the third and most recent phase in the evolution of the password: MFA (e.g., Cisco Duo).   

Out of SSO emerged MFA, which compliments and strengthens password management and network security efforts by introducing another means of identity verification on top of a person’s username and password. Most MFA vendors today provide mobile-based authentication, which can include methods such as push-based, QR code-based, and one-time password authentication (event-based or time-based), as well as SMS-based verification.  

MFA, like SSO, has its own shortcomings. Mobile-based authentication is particularly vulnerable as mobile devices can be cloned, and apps often run simultaneously across several mobile devices. Advanced hackers can, in theory, intercept an MFA code sent via SMS or email. While this added layer of security raises the necessary skill level to execute a successful attack against a company’s network, critical vulnerabilities still exist. 

The Gold Standard: Network Access Control (NAC)

With enterprise SaaS adoption and corporate networking eco-systems expanding and becoming more complex, MFA alone simply isn’t equipped to provide the secure access and authentication functionality needed to maintain an effective network security posture. 

As we enter a period of unprecedented device proliferation, network expansion, and increased threat sophistication, NAC has emerged as the gold standard for establishing secure access and authentication to corporate networks, applications and other internal resources. NAC, for lack of a better word, has raised the bar and left hackers with their work cut out for them.  

NAC systems evaluate whether a user and their device should be allowed onto a network, based on a series of security checks, MFA included. NAC combines MFA with other unique data points, such as the location of the device or the MAC address of the device to either grant or block their access to the network. Once connected, a NAC goes a step further by continuously measuring the security posture of each device, taking steps to either quarantine or boot the device off the network should it surpass the organization’s desired risk threshold. Additionally, a NAC can control which segment of the network a device can access, further limiting any impact of an intrusion.  

As such, a NAC is a strong addition to tighter password management and MFA because its security controls are complimentary rather than overlapping. NACs were once thought to be powerful, yet complex and hard to manage. With the advent of cloud-native NAC such as Portnox CLEAR NAC-as-a-Service, however, companies can access that power without the hassle. 

The Future of Password Management

While there are efforts to eliminate the need for passwords altogether, most business software will continue to require a username and password to gain access. Therefore, businesses must do more to secure their environments in the face of so many passwords.  

No combination of security controls can guarantee protection, but if an organization operates with a limited IT budget and staff, a combination of password management, MFA, and cloud-native NAC will substantially reduce its risk of cyberattacks. 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

What is an Insider Threat? Definition, Examples and Solution

An insider threat is a data breach security risk caused by people that have legitimate access to an organization’s data. Insider threats can be either unintentional or malicious. Insider threats are on the rise and are intensified by digital workspaces, flexible and remote work, and the agile behavior of companies without strict policies.

What is insider threat?

Insider threat is a malicious or unintentional threat to an organization that originates from internal operations or people who have access to an organization’s data.

The overall costs of an insider threat incident have increased from $11.45 million in 2020 to $15.4 in 2021. For even better context, overall costs were $8.76 million in 2018 (Ponemon). The longer it takes to detect an internal threat, the higher the costs. On average, it takes nearly three months (85 days) to contain an insider threat incident. Incidents that took more than 90 days to discover cost companies $17.19 million, the average cost of incidents that were discovered in less than 30 days was $11.23 million.

Insider threats are on the rise due to digital workspaces, flexible and remote work, agile and BYOD approaches. The overall number of incidents has increased by 44 percent in the last two years. Most of these threats are unintentional – 56% were caused by negligent insiders, whereas 26% were malicious.

The motivations for malicious insiders to misuse company data may vary. They either want to harm the company or make money. Employees might also be negligent and send data outside the company by accident.

If you process personal data and there are names, contact details, security numbers, card numbers etc. in your CRM, the data could be sold on the dark web where anyone can buy it. Your company is at risk if you sell products or services, or collect application data from customers.

If you have customer databases, your data might be sold directly to a competitor, who would then have access to valuable information about your clients and could easily lure them away. This might happen, for example, if you provide financial services, leasing, etc.

Types of Insider Threats

Insider threats can be divided into the following categories:

  • Data reseller – an employee who is financially motivated to sell a company’s data. Such an employee might willingly harm your company. Your company’s data can be sold on the dark web (if you work with personal data), or directly to your competitors (i.e., customer databases).
  • Lazy worker – an employee who is negligent and does not follow a company’s security policies. This type of employee is only doing their job and does not comprehend all the complexity behind data security. If a company’s policies are too strict and make daily business more complicated, the risk of non-compliance increases.
  • Owner – exiting employees who think that everything they created during their employment is their own property. They may take data with them to show to future employers, or take a company’s customers to a competitor.
  • Gullible employee – an employee who is a victim of a phishing campaign. For example, an employee opens an attachment or clicks through an email sent by an external social engineer, who steals the employee’s credentials and accesses company data. This type of leak is very difficult to spot since the thief then acts under the identity of the employee. A good DLP software might help with this.

 

How can I protect against Insider Threats?

Keeping sensitive data secure requires a combination approach. However, it is easier than it might sound to protect your data against insider threats.

policy 

Evaluate your security policies

Make sure that your security policies are clear and easy to understand. The more complicated your policies are, the higher the chances employees will ignore them. It is also important that your employees understand why data security is important and why they should handle sensitive data with care.

badge 

Screen new hires and monitor your compromised employees

Make sure that you perform a background check on your new hires. Create a secure off-boarding process to make sure that exiting employees will not take any data with them. If you are aware of any employees who might be compromised, keep an eye on them and check what type of data they have access to and if they need it.

school 

Educate your employees

The importance of data security might be too abstract for some employees, so it is important to constantly educate them. They should be aware of what type of data your company considers sensitive and how it can be misused. However, make sure you are also clear about the consequences of stealing your data. Your goal is to motivate people to protect your data, and to not take it outside.

search

Investigate past incidents

Have you ever experienced an insider initiated data leak? Then you know how unpleasant the process of investigating can be. When this happens, it is imperative that you investigate it properly and set appropriate measures after the incident. Also, notify fellow employees about the incident and advise them on how to comply with security policies.

verified_user

Implement a data security solution

All the steps above can help you with data security, but your most powerful tool is a software solution that helps you do it all. One advantage of such software is that it will not interrupt the daily work flow or lower the productivity of your employees in any way. The solution runs in the background and keeps data secure at all times.

With Safetica, for instance, you can even label your sensitive data by context and see how your employees access and work with it. You can set specific security policies – block file operations, data capture (like screenshots), or specific email domains, restrict usage of external devices, restrict data upload to the cloud and so on. On top of that, Safetica is super simple to implement, integrate and use. If you are interested, check out this link for more information.

Insider threats examples

#1 Ubiquiti

Ubiquiti is one of the top worldwide producers of wireless communication devices. The company had a malicious insider among its employees. Nickolas Sharp stole gigabytes of company data and tried to ransom his employer.

Nickolas Sharp used his cloud administrator credentials to clone and steal confidential data. He tried to hide his activity and changed log retention policies so his identity would remain unknown. When he obtained the data, he demanded almost $2 million from Ubiquiti in exchange for the return of the files. However, the company refused to pay, found him and changed all of the employees’ credentials.

In January 2021, Ubiquiti issued a data breach notification, and Nickolas Sharp was arrested for data theft and extortion.

#2 Amazon

In October 2021 a few Amazon employees were responsible for leaking customer data, including email addresses, to an unaffiliated third-party. This behavior violated company policies. The company fired these employees and referred them to law enforcement. Amazon never announced how many customers were impacted.

#3 The Swedish Transport Agency (STA)

In September 2015, the Swedish government had a data leak and the data of millions of citizens were exposed. The Swedish Transport Agency (STA) outsourced the management of its database and IT services to companies outside of Sweden. STA uploaded their entire database onto these companies’ cloud servers and some of their employees received full access to the database. The leaked data included all Swedish drivers’ licenses, personal details of Sweden’s witness relocation program, elite military units, fighter pilots, pilots and air controllers, citizens in a police register, details of all Swedish government and military vehicles and information about road and transportation infrastructure.

The director of the STA, General Maria Ågren, resigned and was found guilty by a Swedish court. She had to pay a fine of half of her monthly salary, which was, according to some citizens, not sufficient.

The data is still under the management of the two non-Swedish companies.

#4 Coca-Cola

In 2018, The Coca-Cola Company announced a data breach. A former employee was found to have an external hard drive that contained information stolen from Coca-Cola.

“We are issuing data breach notices to about 8,000 individuals whose personal information was included in computer files that a former employee took with him when he left the company,” a Coca-Cola spokesperson told Bleeping Computer.

#5 Trend Micro

In 2019, Trend Micro experienced a leak of personal data caused by a malicious insider. The company learned that some of their customers were getting scam calls claiming to be Trend Micro support.

An investigation was launched right away, and it confirmed that it was an insider threat. An employee got access to a customer support database with names, email addresses, Trend Micro support ticket numbers and telephone numbers. The employee sold the sensitive data to a third-party malicious actor.

The employee was fired immediately, and customers were advised not to react to the scam calls.

Summary

Insider threats are on the rise due to various “new normal” ways of working. When protecting your data, keep in mind that there are two types of employees that can put your data at risk.

The first group is aware that sensitive data is a valuable commodity that can be sold to a third party. These employees are constantly trying to find ways to steal data while remaining undetected.

The second risk group may not be aware that data is an important asset, and thus does not handle it properly, or they misuse it (by taking documents to a new employer). The risk of accidental data loss increases if a company does not use a DLP solution or has unclear security policies. Keep in mind that this is the largest risk group and accidental data leaks are very common.

Protect your data by adopting appropriate measures that will help you to keep your sensitive information safe. Perform an audit of your data and check who can access it and for what purpose. Take care of your employees as well. Education about data security can help a lot, as can easy-to-understand security policies.

Your greatest data security asset is the right software. Find one that combines all the important features and protects your critical data as well as your employees. Remember that if people feel safe, your company’s data will be safe too.

Safetica offers a solution that helps you keep your data safe – from initial (and continuous) discovery of sensitive or other business-critical data in your digital workspace through the efficient dynamic data leak and insider threat protection, to easy integration with other tools and into a multi-domain enterprise environment.

Finally, Safetica is super easy to implement and integrate. And this isn’t just our opinion, but our customers think the same! We placed at the top in 2021 Data Loss Prevention Data Quadrant by SoftwareReviews.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×