With cyberattacks on the rise among healthcare delivery organizations (HDOs), it can be daunting to witness yet another organization fall victim to a cyber attack. But what happens when an organization faces two large cyber incidents merely weeks apart?
On February 21 of this year, Change Healthcare, one of the largest payment processing hubs between healthcare providers and payers, was targeted by a ransomware attack that brought down important reimbursement services across the healthcare industry. This led to several immediate impacts, like claims unable to be processed and difficulty determining eligibility.
Change Healthcare fell victim to a second attack only weeks later, during which the attackers threatened to sell the data of US military personnel and patients, including medical information and private financial records.
These two incidents underline how one cyber attack can expose vulnerabilities that may entice other adversaries to exploit the unsecured system, leading to subsequent incidents. Therefore, time is of the essence to respond to attackers before others become aware of vulnerabilities.
We’re uncovering what the Change Healthcare cyberattack means for the healthcare industry at large and the steps your organization can take today to learn from this incident.
The Change Healthcare ransomware attack was significant because it impacted thousands of other healthcare delivery organizations through a ripple effect. This shows that taking the necessary steps to protect your own organization also means you could be protecting the partners your work touches by extension. The inverse of this, however, is that any incidents your trusted partners have could inadvertently impact your organization as well.
It has never been more important to protect your cyber-physical systems (CPS). This refers to the connected assets within critical infrastructure organizations, which are outside of traditional IT devices and tend to be unmanaged. In healthcare environments, for example, a cyber-physical system can range from anything to a medical device, such as an infusion pump or imaging systems, to an IoT device, such as a clock or a fire alarm, to operational technology such as HVAC systems, electrical panels, and building automation controls.
The current administration has been doubling down at the federal level on CPS security and a Zero Trust strategy. As a result, more organizations are required to prepare for cyber attacks and follow new mandates and guidelines. The Change Healthcare incidents underscore the reason why these regulations are being created and may lead to more ways HDOs will need to comply to protect critical infrastructure.
Other long term impacts include public policy and market demand forcing both healthcare providers and device manufacturers to utilize uniform security standards from all software vendors to ensure the protection of the network and devices.
The future of Internet of Medical Things (IoMT) cybersecurity is largely believed to be systems that are secured by design and default to ensure that devices come secure out of the box. Until this is standardized, extra precautions must be taken at all times.
Taking as many common sense security measures as possible, paired with a reliable CPS protection platform, is an important step in preventing a ransomware incident from hitting your organization.
Common sense measures include:
Training staff members to recognize attempts to infiltrate your network, including phishing.
Reinforcing your organization's cyber hygiene by making sure passwords are changed regularly.
Adopting a Zero Trust mindset by defining and enforcing role and policy-based access.
As important as taking common sense precautions may be, nothing will secure your healthcare organization better than a dedicated protection platform. Not all CPS protection platforms offer the same amount of security, however. That’s why it’s important to select one that excels in the following areas:
Device discovery: You can’t protect what you can’t see on your network. Depend on comprehensive device discovery to offer complete visibility into the devices connected to your network and easily notice when new devices are connected without proper authorization.
Network protection: Improve your security posture by applying the right policy to the proper device, including assigning network policies for clinical devices based on user-defined device groups, observed traffic, and recommendations.
Threat detection: Respond quickly to the earliest indication of threats with monitoring that is purpose-built for the healthcare environment.
Working with a CPS protection platform like Medigate by Claroty, which is designed to protect healthcare critical infrastructure, is one of the most important measures you can take to protect your organization and those partners that connect to your network.
To gain a better understanding of whether your current security measures are sufficient, talk to a member of our team.
Claroty Products Remain Secure During Global Outage; Guidance for Customers
Public Exploits for MOVEit Vulnerabilities Increase Exposure
How to Protect Your Business From Emerging Cyber Threats