The increasing number of healthcare data breaches continues to highlight some of the sector’s biggest vulnerabilities.
Cyberattacks are becoming more targeted, sophisticated, and severe. According to a recent report, many healthcare organizations still lack the resources to appropriately protect themselves. Less than 35% of healthcare providers believe they have sufficient budget to support strong IT security and 87% don’t have the personnel needed to achieve a more effective cybersecurity posture.
In September 2020, a ransomware attack shackled US facilities of the Universal Health Services, forcing doctors and nurses to go back to paper and pencil for record-keeping and slowing lab work. We work with the company and experienced their disruption first-hand. That same month, the first known fatality related to ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.
Medical records stolen during data breaches contain personally identifiable information, names, addresses, financial information, and social security numbers. As such, medical records are among the most valuable documents sold on the dark web. Cybersecurity is no longer just a priority but a necessity for modern healthcare organizations.
How cyber criminals get access to healthcare data
Just a few weeks ago, our Washington State client’s care facility system was attacked by cyber criminals. But before we get to that story, let me tell you more about some of the ways cybercriminals can breach your network and exploit your data. The OWASP non-profit foundation (Open Web Application Security Project) is one of the best resources for learning about cyber-security. Every organization serious about protecting their data should make sure that their systems are protected against the following types of attacks:
Injection. Injection flaws, such as SQL, NoSQL, OS, and LDAP occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
Broken Authentication. Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities temporarily or permanently.
Sensitive Data Exposure. Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser.
XML External Entities (XXE). Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.
What happened in our case
In our case, intruders went for the Cross-Site Scripting (XSS) attack, a way of incursion I haven’t yet talked about. It is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It enables an attacker to bypass the origin policy designed to separate different websites from each other.
A combination of measures is usually implemented to effectively prevent XSS vulnerabilities. These include: filtering input on arrival, encoding data on output using appropriate response headers, and applying Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.