Well-trained teams and basic training are the best forces against health data attacks, according to critical infrastructure experts.
Ransomware attacks on health care information yielded $121 million for hackers in the past six months, according to Don MacLean, Institute for Critical Infrastructure Technology (ICIT) Fellow and chief cybersecurity strategist of DLT Solutions. MacLean stated at ICIT’s briefing on “The Deep Web Exploitation of Health Sector Breach Victims” that returning to basic “blocking and tackling” was important for organizations’ cyber hygiene.
Ryan Brichant, ICIT Fellow and vice president and chief technology officer (CTO) of FireEye, agreed that returning to the basics was a key defense in an age when hackers can steal someone’s data to buy prescription drugs and resell them on the black market.
“Get your bowstring,” Brichant said. “Get to ground zero where you start building a security posture.”
While ransomware attacks pose one threat to health sector data, breaches can come in many forms, according to several ICIT fellows. James Scott, co-author of ICIT’s brief titled “Your Life, Repackaged and Resold: The Deep Web Exploitation of Health Sector Breach Victims,” said that hacker groups representing nation-states in Eastern Europe and Asia research possible exploits by day and freelance attacks by night.
The ICIT fellows said that cyber criminals will, among other crimes, create counterfeit documents, such as passports, and sell them for up to thousands of dollars. With online marketplaces like Valhalla, they can buy and sell powerful drugs like regular people buy books on Amazon. Scott stated that criminals purchase 100 profiles of deceased people in the hopes that 10 or 20 will fall through the Federal government’s cracks. They also steal children’s Social Security numbers, which is profitable because kids’ SSNs do not get checked very frequently, according to Scott.
“There’s a lot they can do with the myriad of information they’ve aggregated,” said Rob Bathurst, ICIT Fellow and worldwide managing director of Cylance. “If you’re in a reactive mind-set, you’ve already lost the data.”
However, with the proper teams and rigorous testing, the health sector’s information can remain safe, according to the experts. Scott said putting a strong cybersecurity team together is one of the most difficult and important things an agency can do. He also recommended that agencies run stringent tests on their own systems. If they can replicate the efforts of malicious nation-states, then they will be better suited to protect themselves.
“Putting the team together is one of the most important things,” Scott said. “Good teams will go after valuable data with the same stealth as Russia and the same desperation as China. They’ll be able to see all the vulnerabilities that would give adversaries success.”
The National Institute of Standards and Technology has been publishing guides and hosting briefings alongside ICIT to discuss best cybersecurity practices. Ron Ross, ICIT contributor and NIST Fellow, said that, as the world of apps constantly expands, agencies must focus on how to manage and reduce complexity.
Ross also stated the senior leaders, rather than outsourced tech experts, must become more engaged in the cybersecurity posture of their organizations. According to Ross, cybersecurity must start early and involve agency leaders.
“The culture is compelling, but we’re building a very dangerous world that we’re going to have to live with,” Ross said. “This is going to be a heavy lift.”