When looking for an easy meal, predators often go after the weakest animal in the herd. The same often holds true for cyber criminals. They talk amongst themselves, discuss failures and successes and share stories on what to do and not to do. Right now, the healthcare industry seems to be the easiest prey.
According to the FBI, if you’re working for an organization in the healthcare industry, the cyber attack incident response measures taken by your security team may not be up to snuff. Perhaps a major security overall was completed 4-5 years ago but, that may not defend confidential information from the malware produced in the last 8 months.
“The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely,” The Federal Bureau of Investigation said in a private notice it has been distributing to healthcare providers. Source: Reuters.
Since the Target infiltration back in December, retailers and financial institutions have taken additional steps to fortify cyber defense efforts. The good news for companies like Amazon that warehouse credit card information is that the flood of credit card numbers on the market has caused a glut in the market and as a result, criminals are drastically dropping their prices to $1-$2 per number and looking for ways to increase the value of their stolen customer information.
Stolen health insurance credentials can bring as much as $20 each causing a bit of a surge in the volume of attacks against health care providers. Loaded with the right health care identify, some stolen identities allow the purchase of prescription drugs and other controlled substances. Stolen health care details can include medical conditions and social security numbers and allow the purchaser to more easily hang onto the identity should the true owner of the information come into dispute.
In February, the FBI sited a two page document from SANS-Norse which stated that the healthcare industry was not prepared well to fight growing cyber threats. The document pointed to hundreds of attacks on radiology imaging software, video conferencing equipment, routers and firewalls.
Key SANS-Norse Report – Cyber attack findings:
- Every type of healthcare organization was represented, from hospitals to insurance carriers to pharmaceutical companies
- Compromised devices included everything from radiology imaging software, to firewalls, to Web cameras, to mail servers.
- A significant number of compromises were due to very basic issues such as not changing default credentials on firewalls
Regular Cyber Defense Updates
Firewalls require updates several times per year and password rotation has to be enforced. Two-factor authentication seems to be gaining popularity as is educating employees on the dangers of phishing attacks and why they need to question every email they open and link they click on. More recently, Network Behavior Analysis is playing a significant role in helping security professionals sleuth out suspicious behaviors on the network.
Cyber Attack Incident Response
Most financial institutions and other organizations storing highly sought after consumer information have taken on the assumption that they are always carrying infections. When the firewall, IDS or the FBI send warnings about suspicious activities, companies need a way to go back in time, observe communication behaviors and investigate suspicious activities. For this reason, investments in an Incident Response System is on the rise.