Three ways to stop cyber criminals targeting patient data

The warning comes as New York state announces that hospitals will be required to have a CISO to tackle the rising threats to healthcare providers. 

Commenting on the news, Simon Bain, CEO at data expert OmniIndex, said: “The threat to critical infrastructure such as hospitals is growing, as criminals adopt a policy of maximum interference and destruction for maximum reward.

“As is the case with all healthcare attacks and breaches, the impact here goes far beyond the IT department and the financial cost. Patients are potentially left vulnerable with their details exposed to criminals while hospital infrastructure is often held hostage and immobilised meaning the necessary care can’t be administered.”

Among victims of the group are a cosmetic dentistry practice as well as Rocky Mountain Gastroenterology where more than 330GB of data is claimed to have been stolen. The HIPAA Journal reports that Trinity engages in the act double extortion, stealing data before then encrypting files and giving victims a day to pay the ransom in order to obtain the decryption keys before publishing it on the dark web.

Bain continued: “The biggest issue is that healthcare data infrastructure and data management has stagnated while criminal attackers have continually adopted new and emerging technologies to gain access to organisational systems. Appointing a CISO is the first step in tackling the problem at hand, hospitals have no choice but to counter threats with new technology of their own cyber security providers and new technologies to seek support in combatting the threats facing health and life science companies.”

Below, Bain outlines his three key insights into what organisations can do to protect themselves and their customers' data in 2024. 

Immutable patient data

Bain: “Once into a system, a ransomware attacker can add their own encryption to stolen data to prevent anyone but themselves from being able to access and use it. In this scenario, a hospital or other healthcare provider is told they have to pay a hefty ransom in order to regain access to that highly sensitive and highly important patient data. 

“Blockchain technology can ensure that stored data cannot be altered or deleted – neither maliciously, nor accidentally. This not only prevents the ability for an attacker to then hold the data to ransom, but also prevents unauthorised tampering with patient records, safeguarding their privacy and the integrity of medical information.

“While there have been historic concerns with this technology around its speed and scalability, there are ways to ensure it can be integrated into existing infrastructures and systems without compromising speed or authorised accessibility to those who need it.”

Least privileged access

Bain: “Least privileged access is a security principle that dictates users should not have access to any data or resources that are not strictly necessary to perform their job functions. However this practice is still vulnerable if someone breaches the system using an administrator account which has access to all information – as is the default in legacy infrastructure with super users.  “An alternative way of managing this is through the use of fully homomorphic encryption (FHE). This is because with FHE, encrypted data can be searched and analysed without that data being decrypted. This means sensitive health information can remain fully protected while patient records are processed and while insights can be generated from them with nobody being granted permission to decrypt the data and view it all.

“In such a system, all data would be fully encrypted by default meaning if anyone’s account is compromised, including a super-user or admin, the attacker would still not be able to actually read the data.”

Real-time threat detection

Bain: “There are a number of cyber security systems in place today that can provide real-time threat intelligence and actionable insights on stored data to alert users if an attack is underway but some systems can open up new vulnerabilities in the process.

“For example, log files are a crucial building block in cyber defence as they are automatically generated records from every action and resource in a company’s IT infrastructure. However, they are also a valuable target for attackers as they contain information that can be used to gain entry into a system and identify weaknesses. 

“This is why it’s crucial that log files are both protected in the right way, ensuring they are immutable and encrypted at all times even while being used, and that insights are generated from this information in real-time. The only way to achieve this, is to use an AI engine that can analyse the encrypted log files with FHE and does not share any of that data externally of the system. 

“Private SLM AI such as these can analyse encrypted log files in real-time to identify potential security threats with machine learning algorithms able to detect anomalies, suspicious activities, and emerging threats, enabling timely responses to protect health data.”

Final thoughts

Bain: “The technologies outlined can significantly bolster healthcare data defences, ensuring that patient data is accessible only to those with a legitimate need and right to view and utilise it.

“While a degree of caution regarding emerging technologies is understandable, continued reliance on outdated systems in the face of persistent attacks and known vulnerabilities can pose a serious risk. It is therefore imperative to strike a balance between cautious evaluation and proactive adoption of innovative solutions to safeguard sensitive patient information.”