By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: Meeting the healthcare sector’s unique challenges
Share
Aa
TechgoonduTechgoondu
Aa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Cybersecurity > Meeting the healthcare sector’s unique challenges
CybersecurityEnterpriseSoftware

Meeting the healthcare sector’s unique challenges

Techgoondu
Last updated: February 17, 2022 at 7:18 PM
Techgoondu Published January 18, 2022
7 Min Read
SHARE

Brought to you by IntSights

By Paul Prudhomme, head of Threat Intelligence Advisory, IntSights, a Rapid7 company

PHOTO: Fernandozhiminaicela from Pixabay

In August 2021, as many citizens in Manila looked to get vaccinated against Covid-19, the city’s vaccination website was attacked by hackers 133 times.

The city’s mayor later told news outlets that “troll farms” were possibly behind the hit on the vaccination registration site, seeking to deny real users from using it.

The attacks were not the only cyber threats facing the Philippines’ healthcare sector during the pandemic, as it tried to help citizens navigate the crisis.

Earlier, in November 2020, a software tool that healthcare workers in the Philippines used to share data about Covid-19 cases was found to contain multiple flaws that could potentially expose patient data.

Researchers at a laboratory at the University of Toronto discovered vulnerabilities in the Covid-Kaya platform’s Web and Android apps that allowed unauthorised users to access private data about the platform’s users, according to cybersecurity news website Threatpost.

These incidents are reminders of the need to manage cybersecurity risks as healthcare providers digitalise rapidly to improve patient care and meet the urgent demands of a pandemic.

The Philippines is certainly not alone here. In the Italian city of Lazio, cyber attackers managed to disable the Covid-19 vaccination booking system last year, preventing citizens from getting their vaccination appointments for days.

Hackers likely believed this would pressure the Italian authorities to pay up the ransom to unlock the systems they had disrupted through a cyberattack.

Unsurprisingly, during the pandemic, cyber attackers have sought to exploit the confusion and fear of citizens and government agencies, hoping to cash in as victims often became desperate in life-and-death situations.

In 2020, more large healthcare data breaches were reported than in any other year, according to an IntSights report released recently.

In addition, 2021 saw five consecutive months (March through July) in which industry data breaches have been reported at a rate of two or more per day.

While cybersecurity is a threat to all organizations, healthcare providers face some unique challenges, particularly during the pandemic.

For starters, the personal details in protected health information (PHI) are useful for criminal groups that wish to commit identity and insurance fraud.

Once data such as social security numbers of medical records are leaked on underground criminal forums on the Dark Web, they can be reused and exploited repeatedly.

While it is true that the healthcare sector is highly regulated in terms of security and data protection, this can sometimes work against organisations in the sector.

For instance, cyber attackers may count on victims in the healthcare sector to pay up a ransom because they would otherwise incur a hefty fine from government regulators for losing patient data.

This could give them additional leverage compared to, say, a victim in another sector that does not have the same stringent regulatory oversight.

Another unique feature of the healthcare sector is the medical devices that are connected to a network all the time.

IntSight’s study in the United States found that some healthcare providers had not been updating their devices with the latest firmware because they were worried this might void the approval already received from the Food and Drug Administration.

Although the authorities only ask that significant modifications be sent for approval, some providers become “over compliant” and end up not updating the software on their devices.

As a result, these devices could be left in a vulnerable state for years – many of them run for a decade or more – and act as a perpetually open door for cyber attackers to enter.

There is yet another worrying thing for the healthcare sector. Despite the value of highly personalised data that can be stolen here, the price of unauthorised access to a healthcare organisation is relatively low among criminals.

The lowest price in a data sample that IntSights obtained, from monitoring underground criminal networks, was just US$240, for access to a Colombian healthcare organization.

This could be because of a perception that it is relatively easy to steal data from a healthcare organisation or simply that there is an oversupply of such information.

These findings from IntSight’s global study offer valuable lessons for Southeast Asian healthcare organizations, particularly on how to reduce their risk and improve their security posture.

Here are four important steps:

1. Establish priorities: Find and address the most critical vulnerabilities first, then identify which assets are most likely to be targeted.

2. Integrate cyber threat intelligence: Discover threats before they arrive at your doorstep, then tailor defences against them.

3. Build robust ransomware defense: Use offline backups and strong encryption; avoid the temptation to pay off a ransomware gang.

4. Balance usability and cybersecurity: Use multi-factor authentication on a mobile app and limit remote access to a bare minimum, for example, to reduce risk.

Increasingly, cyber criminals are seeking more effective ways to pressure their victims to cough up ransoms. Besides stealing and locking up precious data, they also extort victims by threatening to expose sensitive data.

For healthcare organisations, the key to overcoming such new cybersecurity challenges is first understanding the unique risks that the sector faces and trying to keep a step ahead. Constant vigilance has to be the norm.

Learn more about the healthcare and pharmaceutical cyber threat landscape from IntSight’s research report here.

You Might Also Like

Foodpanda to use Gogoro electric scooters in battery swapping trial with Cycle & Carriage

RedCap: A new cellular IoT technology for the 5G era

Debate on computational photography misses what’s real, what’s lived outside a frame

Q&A: Delivering movies digitally and securely from around the world

In remote Taiwan, firefighters use a 5G base station “in a box” when responding to emergencies

TAGGED: dark Web, healthcare sector, IntSights, malware, medical record, pandemic, pharmaceutical

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Techgoondu January 18, 2022
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Copy Link Print
Share
Previous Article OCBC scam: Make banks share risks by setting standard for login security, fraud detection
Next Article How your laptop can help boost your enterprise security posture
Leave a comment

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

Facebook Like
Twitter Follow

Latest News

Foodpanda to use Gogoro electric scooters in battery swapping trial with Cycle & Carriage
Enterprise Internet March 23, 2023
RedCap: A new cellular IoT technology for the 5G era
Enterprise Software Telecom March 23, 2023
Sony Playstation VR2 review: An immersive experience awaits
Gaming March 21, 2023
Debate on computational photography misses what’s real, what’s lived outside a frame
Cellphones Imaging Mobile Software March 19, 2023
//

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
Follow US

© 2023 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact

Join Us!

Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Lost your password?