Healthcare Industry

Things going through your head after your workplace was hit by a breach: 

How much Protected Health Information was accessed? Will I have to pay HIPAA penalties? How do I tell my patients? How many of my patients are affected by this data breach? What’s required of me right now, legally?

You weren’t prepared for this level of uncertainty. Even though there’s been a decrease in healthcare breaches, a concerning trend has emerged: a higher number of patients are affected per breach. It’s a bittersweet situation. 

Doctors are locked out of patient files and resort to handwritten notes. Equally challenging, is letting patients know they were affected by the breach. How do you give them a transparent and thoughtful approach to protecting their privacy and well-being? 

Identity theft is a serious crime, and it’s not the only crime committed by using someone else’s Protected Health Information (PHI). Hackers also use PHI to secure benefits, prescriptions, and insurance coverage.

You need to be ready to play offense and defense when it comes to the protection of your patient’s privacy. Security is not a static concept. It’s an ever-evolving strategy that needs preparation and response plans set in place.

The medical industry has been evolving for decades. Reluctancy costs healthcare more than just money.

It’s time for your security and playbooks to evolve, too.

Two indicators that more patients are targeted by cyber attacks

According to the Healthcare Data Breach Report:

• About 30 million health records were exposed in the second half of 2022.
• The average number of patients affected per breach has jumped from 60k to 90k.

Attacks don’t need to be the most sophisticated or a zero-day in order to succeed. 

Hackers are working to find and capitalize on out-of-date security practices in healthcare. And when one attack catches the attention of the security community, it’s even easier to blend into the background and exploit other avenues.

The best way to avoid such an attack is to implement a layered defense system, including physical security measures like employee training on how to identify and avoid phishing scams, social engineering attacks, and other types of threats.

Here’s what hackers don’t want you to know about patching

Unpatched systems and misconfigurations are leaving your PHI vulnerable to attack, leading to theft, encryption, patient impersonation, and even financial fraud.

Hackers want you to be slow to adapt. Old security practices and reluctance builds their ladder inside. They count on your inaction, because scheduling downtime for maintenance is overwhelming, or patching third-party tools is too much.

And if you don’t have the capacity for after-hours…

Will you have the capacity and hours when systems are down?

When should you secure your most important endpoints?

Do you know how many known vulnerabilities are out there? These bugs aren’t from obscure systems. Hundreds of vulnerabilities come from the most popular vendors with Google, followed by Microsoft, Adobe, IBM, Oracle, Jenkins, Apple, Tenda, Huawaie, Cisco, Linux, Siemens, Qualcomm, Intel, Apache, TotoLink, SAP, Dell, Bentley, and Samsung. 

Healthcare providers around the world rely on software and hardware from these vendors. With so many ways to get in, how long can your endpoints wait? 

You need a new way to protect patient data that’s more than just an extension of what you’ve always done before. 

A paradigm shift in how you find and prioritize the patches that keep criminals from exploiting out-of-date applications.

Syxsense Enterprise is cloud-based security with real-time monitoring and instant remediation for every single endpoint in your healthcare environment. The future of patching any device looks like flexible, staggered scheduling that causes as little disruption as possible.

Syxsense is more than just patch management—it’s a suite of security that Universal, Belkin, PBS, Netgear, IBM, Best Western, and others rely on. They knew that securing their most important endpoints was more important than ever, and they knew they couldn’t do it alone.

Do you have any questions about your patch and compliance requirements? We’re happy to talk about how you can stay up to date. Schedule a time to talk with us today. 

“UPDATE EXCEPTION. An error occurred in Chrome’s automatic update. Please install the update package manually later or wait for the next automatic update.”

For many employees, they need to access multiple applications and systems throughout the day, including the Internet. That’s why a recent attack was so powerful. 

Playing on security fears with internet browsers, malicious attackers compromised websites with JavaScript that would produce a fake Chrome update, just like the one above. 

It’s not a real update. And this trick worked on hundreds of people who clicked on the update and infected their network. 

Vulnerabilities Lurk in the Shadow of Popularity

Chrome has 2.65 billion active users. That’s a lot of people… and a lot of potential victims.

Chrome is one of the most popular browsers in the world. Still, there’s bugs in software. Attackers know that and target it. Keeping Chrome up to date is critical.

One common bad habit is leaving Chrome open for too long and pushing off any update messages. When Chrome updates are loaded with zero day fixes, you don’t want to be putting off those notifications.

“What Happens When I Click a Weird Link in My Browser?”

Going back to your rogue Chrome Update message… 

Attacks like this happen when legitimate websites are compromised so that they serve up fake Google Chrome update error messages.

Don’t click on the link. If someone clicks on the link, malware is distributed.

The infection enters through a Zip file that executes a cryptojacker, draining power, degrading performance, and compromising credentials and Personal Health Information (PHI).

Whether these links come to you via email or directly in your web browser… we advise thinking twice before clicking on any unusual links.

What Does Structured Patch Management Look Like?

How well do you know your patch management process?

So many healthcare establishments get hacked or held for ransom because:

• They’re clinging to manual processes.
• It’s hard to keep up with the amount of patches for Chrome and other software. 
• No support for third-party software.
• On-premises patch management tools fail.
• No one really knows the true patch management process from A-Z.
• No complete visibility into all devices, including the devices running Chrome.

These are only some of the reasons why IT healthcare teams choose to deploy Syxsense Enterprise. 

Now they let Syxsense automatically scan and detect misconfigurations that are missing on Chrome. After a speedy three-hour timeframe from issuance, all new patches are thoroughly tested and prepared for deployment.

With live Patch Tuesday updates, Syxsense users gain exclusive access to the latest need to know patches.

Ready to experience powerful endpoint and patch management with vulnerability scanning and remediation-all from a single agent? Schedule a demo today.

“Hello! We have 2 million records and we’ll publish them if they don’t pay. Each time, we’ll post more and more records at once.”

This was the message left behind ransomware group Money Message after stealing 5.8 million PharMerica patients’ data. 

It’s hard to believe we’re still dealing with people who think it’s okay to steal protected health information (PHI) and then demand a ransom in exchange for its return. Messages like that aren’t unusual for ransomware groups. They’re meant to be infuriating and very much on purpose. 

Protected Health Information (PHI) is a precious commodity for them, and unfortunately, a tool for extortion. 

In the world of cyberattacks, there’s no such thing as a “one size fits all” solution.

Data Breach Hits Pharmacy Services in 50 States

50 states.

3,100 medical facilities.

4.7 TB of data exposed.

5,815,591 patients.

The attacks in the early half of 2023 have looked like:

• 50,000 patients impacted at Rise Interactive Media & Analytics.
• 11,000 patient records were spotted after Arizona Health Advantage employees couldn’t access some company servers.
• Wentworth Health Partners Garrison Women’s Health (GWH) had a network outage that affected the IT infrastructure, applications, and electronic medical records.

While these are just a few of the attacks that have been reported, they represent a larger problem for an industry that is already struggling to maintain security standards.

As for GWH’s network outage—information was made inaccessible. And there were no backups available. While IT eventually restored radiology and ultrasound data and applications, as well as some electronic medical records, about nine months of medical records were lost in the attack due to file corruption.

What Kinds of Attacks Cause Outages and Hold PHI Hostage?

These attacks can be carried out in a variety of ways, but the most common types fall into three categories:

Malware — Malicious software designed to infiltrate and damage systems.

Phishing — Sending emails that appear to be from legitimate sources but are actually designed to trick into providing their login credentials, bank account information, or credit card numbers.

Ransomware — A type of malware that encrypts files on your computer and holds them hostage unless you pay a ransom fee.

They can range from minor inconveniences to major disruptions that can cost millions.

Threat actors accessed and posted names, addresses, emails, birth dates, Social Security numbers, health insurance, diagnoses, and other private information.

But you can protect yourself by considering the foundational steps below.

What Actionable Steps Can I Take to Secure Healthcare Systems?

Now you know about the loss of patient records, how threat actors get inside, and cause the disruption of day-to-day operations. But are you doing anything to protect yourself?

If you want to protect healthcare systems and records from cyberattacks, check out these five foundational security steps:

1. Firewalls: There are a bunch of next-gen firewalls out there that work great for healthcare. Not only do they protect the perimeter, but they also give alerts, suggest ways to remediate, keep wireless networks safe, and are easy to manage.
2. Cloud Backup: Secure backups are a must in your cybersecurity strategy. There are plenty of cloud-based tools to choose from that protect you from data loss, ransomware attacks, human bloopers, and hardware failures.
3. Extended Detection and Response: Extended Detection and Response (XDR) is the next evolution of endpoint detection and response (EDR). It detects threats on endpoints, networks, and users. Triggers are built to automate threat identification and investigation.
4. Security Awareness Training: Security awareness training solutions for healthcare personnel go beyond traditional methods. They incorporate simulated phishing attacks to assess susceptibility to phishing, provide training to identify various attack vectors, and even offer tools to promptly thwart phishing attempts.
5. Unified Security and Endpoint Management (USEM): One console that has real-time endpoint, patch, vulnerability, and configuration management. Syxsense Enterprise is the ultimate USEM solution for healthcare, because it includes a powerful drag-and-drop workflow builder (Syxsense Cortex) that makes building complex workflows and remediation processes easier than ever before. Syxsense is proactive and gives you 24/7 control over what happens and where, for teams needing consistent, accurate, and quick results.

Trust is the cornerstone of any strong relationship, including the one you have with your patient’s data. It’s a symphony of security that protects them. Find out more about how Syxsense can help you by scheduling a demo today.