Cybersecurity in Healthcare: Companies Need to Bolster Digital Supply Chains

On March 1, 2024, Change Healthcare, a brand of OPTUM/UnitedHealthcare, paid approximately $22 million to cybercriminals. They were victims of ransomware. This is a malicious cyberattack that locks out access to company systems, data, or both until a hefty ransom is paid, usually in cryptocurrency. That's precisely what happened in this instance. A ransomware "gang" calling themselves BlackCat briefly took responsibility, and the incident was confirmed after an affiliate of the group posted on a hacker forum complaining about being scammed. There is no honor among thieves, it seems. The implications of this attack are devastating for healthcare organizations that haven't considered the potential vulnerabilities within their systems and networks. Implementing cybersecurity in healthcare needs to be a top priority for responsible business leaders. 

Why Cybercriminals Target Healthcare Organizations

Cybercriminals recognize that healthcare data is crucial for several reasons, including maintaining ongoing treatment and ensuring patient confidentiality. Organizations in other industries can potentially take weeks or even months to address crises. Often, they must leverage costly specialists to unlock systems. Cybersecurity in healthcare must be more efficient. Patient well-being is at stake if someone can't access patient data, treatment plans, or necessary medication.

Unfortunately, malicious actors are all too aware of this. They target firms they know are likely to pay ransoms. The consequences of not doing so could mean the difference between life and death.

Vulnerabilities in the Digital Supply Chain

In part, healthcare organizations are vulnerable to these attacks because they handle increasingly vast volumes of data. That data has to flow from one end of a communication chain to another—and rarely is that a straightforward journey. While more organizations are switching to secure electronic health record (EHR) systems, many access points remain for determined cybercriminals.

IoMT

The Internet of Medical Things (IoMT) is a rapidly growing network of interconnected medical and healthcare devices, ranging from remote blood pressure monitoring devices to smartphone-based appointment booking apps. Each of these applications and devices must adhere to rigorous data protection and cybersecurity standards, yet vulnerabilities can still occur. For example, businesses can't control if a user updates an app to the latest version, which could create a small window of opportunity for a threat actor to access patient data. 

Human Error and Malice

Users who use the same passwords for everything could place healthcare networks at risk. If a completely unrelated system is hacked and that password is stolen, a single threat actor only needs to try those credentials on the relevant healthcare system to discover they have a way in.

Unfortunately, not all these types of breaches happen by accident. Accenture discovered that 18% of healthcare employees would be willing to sell confidential data to third parties for as little as $500, in some cases.

Unsecured Networks

When considering cybersecurity in healthcare, it's essential to remember that not everyone is always connected to a fixed, secure network. Particularly in ambulatory healthcare, devices may cross multiple networks every day. Training medical staff to distinguish between genuine secure networks and potential scam networks is one way to reduce the risks.

Subpar Systems

Shifting protected health information (PHI) between various systems also creates risks. Many legacy systems utilize communication methods that don't meet current cybersecurity standards, so it's critical to consult a specialist about secure and practical NextGen EHR systems.

Mitigating Risk and Improving Cybersecurity Posture

The OPTUM/UnitedHealthcare breach is the most significant and alarming of its kind, but it's essential to note that the organization didn't simply sit back and let it happen. Their 8K document (a disclosure that must be filed with the Securities and Exchange Commission) shows that impacted systems were isolated to minimize impact as soon as a threat actor was identified. Of course, it was too little, too late in this situation. OPTUM paid the threat actors to release their systems and data, although the "scammed" affiliate claims still to have 4TB of Change Healthcare's data.

How can organizations prevent incidents like this and create disaster backup plans that avoid paying ransoms?

1. Identify vulnerabilities: Start with the list above, but don't stop there. Work with IT consultants and specialists who have experience with cybersecurity in healthcare to record and document all potential vulnerabilities.

2. Prioritize resilience and patient experiences: This can be a tricky balance. You want to give your patients easy ways to contact you, book appointments, or even view their health records. However, you must also prioritize minimizing vulnerabilities. It is essential to work with trusted partners to understand how to manage both.

3. Plan for the worst: Always have a disaster recovery plan in place. Ideally, consider creating a team dedicated to handling cybersecurity risks. Ensure they have the time and budget to remain upskilled on the latest techniques and procedures in case of a cyberattack.

At TempDev, we work with numerous healthcare professionals and organizations to help them get the most out of their various NextGen systems. As a NextGen preferred partner, we can consult with you and your IT teams to ensure your systems are secure and safe for you, your employees, and your patients. Contact us to learn more.