The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center has released a threat report cautioning about the dangers relevant to electronic health record systems, which are frequently hit by cyber threat actors.
Cyberattacks on EHRs may be very lucrative for cyber threat actors. EHRs generally consists of all the records needed for several types of scams, such as names, birth dates, addresses, government and state ID numbers, Social Security numbers, medical records, and health insurance data. No other information gives such a broad range of details. The data included in the systems has a great price on the black market and could be quickly offered to cybercriminals who focus on identity theft, tax, and insurance scams. Malware, and particularly ransomware, present a substantial risk to EHRs. Ransomware may be utilized to encrypt EHR information to avert access, which leads to interruption to healthcare services and results in patient safety concerns, which heightens the possibility of the ransom being compensated. Phishing attacks to obtain access to the credentials necessary to access EHRs are likewise prevalent.
A cybersecurity method must be created to safeguard against ransomware and malware attacks. Malware and ransomware attacks frequently begin with phishing emails, thus email security options ought to be put in place, and end-users must get training to help them recognize phishing emails as well as other email threats. Giving the employees frequent security awareness training could develop resistance to cyberattacks that focus on workers, who are one of the weak links in the security chain. Attacks on Remote Desktop Protocol (RDP) are additionally usual. Consider utilizing a VPN solution to avert exposing RDP. Threat actors usually take advantage of unpatched vulnerabilities, therefore it is essential to patch quickly and to prioritize patching to deal with critical vulnerabilities first, specifically vulnerabilities that are recognized to have been taken advantage of in cyberattacks. The Cybersecurity and Infrastructure Security Agency (CISA) keeps a Known Exploited Vulnerabilities Catalog that could inform IT security teams on prioritizing patching work.
A lot of healthcare companies encrypt EHR data. Encryption safeguards information while it is transmitted between on-site users and external cloud programs, however, there can be blind spots in encryption that may be taken advantage of by threat actors to steer clear of being noticed while they carry out their attack. Cloud solutions are today often employed by healthcare institutions, which include cloud-hosted EHRs. All information transmitted to cloud services should be appropriately secured to stick to HIPAA. Cloud access security broker systems can be useful concerning this.
Steps must be taken to stop attacks by outside cyber threat actors, nevertheless, there are likewise internal threats to EHR records. Healthcare workers are allowed access to EHRs and may effortlessly abuse that access to look at or steal patient information. Workers must acquire training on internal guidelines relating to EHR use and information access and how HIPAA forbids the unauthorized accessing of data. The sanctions policy ought to be discussed in addition to the possibilities for criminal charges for unauthorized access of medical data. Administrative policies ought to be enforced to make it hard for workers to access data with no authorization and policies for EHR should be enacted.
There must be tracking of physical and system access, audits ought to be routinely carried out to determine unauthorized access, and device and media settings ought to be enforced to stop the unauthorized duplication of EHR information. An endpoint hardening strategy needs to additionally be created that consists of several layers of protection on all endpoints. The strategy will likewise make sure that any attack is discovered and controlled before attackers could acquire access to EHRs and patient files.
Healthcare providers must take part in threat searches to recognize threat actors who have bypassed the safety perimeter and penetrated endpoints. Penetration testers must be employed for ‘Red Team’ activities that involve the tradecraft of hackers to determine and exploit vulnerabilities. Cybersecurity specialists must also be active in the Blue Team, which is focused on leading the IT security team on enhancements to avoid sophisticated cyberattacks.
There are substantial rewards that result from EHRs, nonetheless risks to information need to be correctly handled. The HHS recommends healthcare leaders to alter their emphasis from prevention to the development of a proactive preparedness program to fully fully grasp vulnerabilities in their EHRs and then employ a framework that will be efficient at identifying and preventing attacks.