Ryan Witt is a healthcare cybersecurity leader at Proofpoint with more than 15 years of experience advising healthcare institutions.
The COVID-19 pandemic represents the largest public health crisis in a century. As cyber attackers seek to exploit the crisis, it has also become a major security issue for healthcare organizations.
Attackers do not view the world in terms of a network diagram; rather, they seek out people. Therefore, we are seeing an uptick in the adoption of social engineering techniques that create more compelling lures for those they are targeting. To meet these new security threats, there is a need to deploy security tools that provide visibility into who is being targeted in your organization, how they are being attacked and whether they have clicked on a malicious link.
Considering the individual risk each user represents, tools that unmask malicious emails and messages can help end-users more easily identify potential threats.
Heightened risks for healthcare organizations
The pandemic has created new opportunities for cybercriminals and exposed broader security risks in the healthcare industry.
According to Proofpoint’s 2020 Healthcare Threat Landscape report, which analyzed thousands of threat campaigns targeting healthcare organizations in the first half of 2020, 77% of those campaigns used a malicious message. And by the summer of 2020, nearly 20 countries were seeing a jump in COVID-19-themed lures.
There has been an overwhelming increase in cyber-related incidents involving the healthcare industry as a whole. Recently, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and Health and Human Services raised the alarm on a Ryuk ransomware threat that may be sitting on the networks of more than 400 healthcare institutions. This ransomware, where denotated, has taken down medical systems and caused significant interruptions to patient care.
More than ever, healthcare workers have become the first and last line of cyberdefense. Security tools today need to reflect that by protecting the end-user, on whom attackers are spending the lion’s share of their time to exploit.
For example, IT leaders need to consider adopting solutions that spot and block an inbound email threat before it reaches the inbox and stops outside threats that use your domain to target customers. Additionally, having an effective email data loss prevention tool helps keep data secure and accessible.
Social engineered attacks
With the help of LinkedIn, Facebook and search engines, bad actors now orient their strategies to look at people’s profiles and understand how an organization is likely to operate. They look at mission, job functions and organizational hierarchy to gather intel that lays the groundwork for their attack.
As IT security leaders construct their defenses, it is important to remember that socially engineered attacks seek out information first, making the victim an unwitting helper in furthering the threat actor’s ability to infiltrate the network. This approach allows cyberthreat actors to create compelling lures, which reflect very closely the organization they’re attacking, the people being targeted or even the individuals they are trying to mimic in an impostor-style attack. And the sophistication of these attacks means that it’s not just executives now being targeted.
Though impostor-style attacks can be hard to detect with conventional security tools, by training users how to spot and report malicious emails, organizations can reduce risk in two key ways. First, they equip users to stop many attacks. Second, they help reveal users who may be especially vulnerable.
And a modern security solution allows organizations to manage emails based on custom quarantine and blocking policies, for both external and internal email. And because attackers may use compromised accounts to trick users, your solution should deploy domain-based message authentication, reporting and conformance email authentication (DMARC), to stop spoofed email before it defrauds employees.
Taking a people-centric approach to security
Now that people are the edge of the network, so to speak, adopting a security strategy should focus on protecting people.
That doesn’t just mean protecting someone’s email environment or trying to stop a ransomware attack. It means adopting authentication techniques while unmasking technology with tools that have a high rate of success to understanding current exploits.
Additionally, organization leaders need to divorce this notion that compliance equals security. Though compliance is important to prevent fines and lawsuits on data protection, it categorically does not make an organization secure.
The high value of healthcare data, combined with the porous nature of healthcare defenses, as cited by the HIMSS survey, are the major reasons the healthcare industry is a target. Today, merely being compliant with HIPAA guidelines will not be enough to protect your organization.
Learn more about how Proofpoint can help your organization align with healthcare security best practices.