After a year of lockdown, or nearly full lockdown, due to the ongoing health crisis, we learned a lot from how our organizations responded when we all had to change our work habits to a home-office setup. Many companies that had only a casual relationship with Virtual Private Network (VPN) technology had to quickly reach expert-level proficiency in how to connect their entire population in order to save, or hang onto, whatever profit margin they could achieve in trying times whilst still trying to provide, as best they could, a “business-as-usual setup” for their employees.
However, while so many of us were able to work remotely, we all recall the cheering and celebrating that we shared for all the brave front-line workers who valiantly toiled to save as many lives as possible, all against insurmountable odds. Healthcare became the busiest branch of the economy, and larger health organizations (both government-owned “NHS” and private) have invested heavily in electronic health and patient record solutions.
These types of investments will undoubtedly increase over the coming years, as Electronic Health Record/Electronic Patient Record (EHR/EPR) solutions will be providing up-to-date, real-time, full and centrally accessible information to all health organizations and staff about their patients. In theory, these solutions will provide all the critical information health care professionals need to carry out their work and procedures.
As such, this critical information needs to be secured completely from cyber-attacks, insider threats and unintentional mistakes in order to secure the integrity of the information being accessed by all that are tasked to make on the spot, life-saving decisions. After all, we trust our doctors, surgeons and other health care staff with our lives, and the more information they have, the better prepared they will be to use their hard-earned expertise to render difficult decisions they must make on a daily basis to save us all.
Doubling-down on Health Cybersecurity, Literally
In cybersecurity, a recurring incantation is that we must “think like an attacker.” Never has that had more importance than during the lessons of the previous year. According to a recent report, attacks against healthcare organizations doubled in the last year, often using pandemic-based themes as a social engineering attack method.
While we all sat behind closed doors, the cybercriminals attacked the busiest branch of the economy, using ransomware as their primary technique for their unjust enrichment. Healthcare organizations are viewed as easy targets simply because they are known for having legacy/unsupported systems, because of a lack of cybersecurity resources from both IT and OT and because of the challenges caused by the pandemic. The available resources had a lot more to deal with.
Medical records are an information-rich target for a ransomware event, especially today's ransomware strains that first steal data and then threaten to publish the information if the victim refuses to pay for the decryption key.
Record-breaking amounts of HEALTH-RELATED Information
When we consider how many people have enrolled in vaccinations in the last year, it is easy to underestimate how many new medical records have been created. Some people who only visit a doctor for emergency treatment have now enrolled in the largest vaccination deployment in history. Although the vaccination process is not tied directly to a person’s primary care provider, the information that's been gathered is no less valuable to a criminal. While seemingly trivial, even the non-descript cards that have been issued to many people contained enough inferential information that authorities had to warn people against posting images of their vaccination records on social media sites.
The sensitivity of the information in all Electronic Health Records are essential to the patient and those who provide health care in emergency and day-to-day work, as all of them need to have the most up-to-date information about the patient. In emergency circumstances, this could be a life or death decision. As such, the sensitivity of the information in all health records is the reason that Electronic Health Records must be carefully protected. These protections are so specific that even those who work in a particular healthcare facility are prohibited from viewing healthcare records of patients who are not under their direct care. There are many cases where an employee was terminated for violating of that rule.
Over the past few years, the criminal value of medical records has surpassed those of personal financial records. With such clear evidence of the increased value of EHR, this emphasizes the need to protect those records with the best methods available.
If you are not a healthcare professional, the myriad criminal uses for medical information may not be obvious. Some ways that a medical record can be used for illegitimate purposes include:
- Targeting a victim with frauds and scams
- Creating fake insurance claims, allowing for the purchase and resale of medical equipment
- Using Protected Health Information (PHI) to illegally gain access to prescriptions for an attacker's own use or resale
- Modification or redirection of medical doses, payment instructions for healthcare products or services
Some EHR Protection Methods Are Not So Good
One of the best ways to protect EHR is with configuration and data integrity monitoring. While this technique is effective in some organizations, the methodology for achieving this may be flawed. Some providers monitor their databases by creating scripts and scheduling them to run. This creates a dangerous time-gap between each scheduled iteration. It is also not the automation that satisfies an audit inspection. What is needed is continuous monitoring.
How Tripwire Can Help
Tripwire’s EHR solution provides a tailored package of products and expertise to alleviate the challenges of monitoring EHR and EPR systems for unauthorized changes; ensure that those systems comply with HIPAA, NIST 800-53 & 171; and maintain the ability to provide bespoke options. The solution leverages Tripwire Enterprise, a proven security configuration management (SCM) and file integrity monitoring (FIM) solution. Tripwire Industrial Visibility and Sentinel help to address the cybersecurity requirements, which are often not addressed, for the Operational Technology part of the estate.
Tripwire Enterprise provides an out-of-the-box solution for healthcare organizations that use many of the industry standard EHR systems such as Epic, Cerner and Allscripts. Some of the other features of Tripwire Enterprise include:
- Audit-ready reports
- Enhanced automation
- Integration with common analytics tools
- Tripwire Professional Services
Tripwire Industrial Visibility and ICS Network Monitoring solves your ICS challenges by:
- Monitoring legacy systems and commonly-used proprietary native industrial protocols
- Analyzing your OT environment without disrupting operations using passive asset discovery
- Employing machine learning to establish a secure baseline of normal behavior
- Comparing your device inventory to CVEs and simulating real-world attack scenarios
Tripwire® Industrial Sentinel is a non-intrusive network monitoring and situational awareness platform that provides in-depth visibility and cyber resilience for industrial control systems (ICS) and SCADA networks, providing visibility of, and protection from, events that threaten safety, productivity and quality.
- Discover and inventory every asset within your industrial control network
- Baseline normal network communication between devices and alert upon deviation, enabling real-time operation and cyber risk management
- Find indicators of compromise in network traffic and protocol messages through a comprehensive industrial threat library
- Assess and report on industrial device vulnerabilities, exposure to cyber threats and existing networking and operational problems
- Analyze network traffic through deep packet inspection for all common industrial protocols and vendors
- Transform raw data into actionable information, helping to facilitate root cause analysis to minimize mean time to repair metrics.
By minimizing the risk of malicious attacks, fraudulent activity and unauthorized changes as well as by gaining exceptional system availability, healthcare providers can depend on Tripwire’s integrity assurance solutions for robust EHR security. As life returns to normal and our doors begin to open again, let Tripwire help your organization to keep a tight lock on your protected health records.
To learn more about our healthcare solutions, visit: https://www.tripwire.com/solutions/solutions-by-industry/healthcare.