The Workgroup for Electronic Data Interchange (WEDI) has released a new primer that outlines steps that healthcare delivery organizations (HDOs) can take to thwart would-be cyber attacks. Titled “Perspectives on Cybersecurity in Healthcare,” the document covers three key areas of cyber security: the life cycle of cyber attacks and defense, the anatomy of an attack, and building a culture of prevention.
Many technological advancements such as cloud networks and interconnected medical devices are transforming the delivery of care in positive ways, but they also have opened the door to more sophisticated and complex cyber crimes that can involve personal health information being accessed, monitored, and exchanged by unwanted parties. According to WEDI, many HDOs lack the security, governance, or risk management to effectively detect, mitigate, and prevent frontline cyber threats.
“Cybercrime used to be limited to stolen laptops and USB drives—but today, threat adversaries are exploiting vulnerabilities and human error on a massive scale,” said Tony Giandomenico, senior security strategist at Fortinet, in the report.
In a recent announcement, WEDI described the anatomy of an attack, listing several techniques used by threat adversaries during infiltration such as reconnaissance, weaponization, delivery, exploitation, command and control, internal reconnaissance, and maintenance. WEDI reports that cyber criminals “will seek to maintain a foothold inside the network, exfiltrate data from servers, and install rootkits to hide activity for as long as possible.”
The group recommends erecting a security architecture that, at minimum, is capable of stalling adversarial efforts, thwarting attacks at each phase, and facilitating a rapid response.
Three defensive strategies outlined by WEDI in the new primer include:
- Mitigating threats before they enter a network. HDOs should institute basic controls, including “ensuring that operating systems and anti-malware, web filtering, and antivirus software on servers and endpoints are updated and patched to reduce the risk of vulnerabilities and infections.”
- Discovering threats that have entered or tried to enter systems. Although conceding that no organization can prevent every cyberattack, building a “response system that can alert your security staff, rapidly identify a breach and its scope, and notify other enforcement points so that a breach can be contained without extensive collateral damage” is important.
- Responding to threats that have breached the network. HDOs should deploy “sandbox appliances” that can test and detect novel threats, and depending on the extent to which data are stored on internal or external servers, “organizations may need to develop coordinated responses to a breach with other entities.”
According to WEDI, the issue of cyber security is a key business issue that must be addressed by the C-suite. The primer can be downloaded here.
We seem to be increasingly mixing up different types of cyber threats.
I count at least the following:
1. Access to information in the EHR (or other data base) to capture or alter
2. Access to information in a device to capture or alter
3. Access to a device as a gateway to 1
4. Manipulating the functions of a device, and which functions
5. Access to (through) a device to manipulate other like devices
6. Access to (through) a device for other purposes