Healthcare Sector to See Rise in Cyber Misbehavior Connected to Cloud Migration

Grant Wernick

After historically having kept the cloud at a distance, hospitals and healthcare organizations were forced to enter a new era last year when they arrived at the front lines to fight the COVID-19 pandemic. After transitioning to remote patient care, many have accelerated their digital transformation, migrating to the cloud and the use of different SaaS technologies. These shifts became necessary overnight; the healthcare sector, like many others, had no time to think through the consequences of how they could be left vulnerable to cyber threats.

After seeing only 11% of patients virtually in 2019, healthcare providers saw 46% of patients via telehealth in 2020, according to the American Medical Association. A survey by Intel found the number of healthcare leaders who adopted SaaS grew from 37% in 2018 to 84% in 2020; in that same survey, 16% of respondents said that their telehealth systems are still in developing stages, and many are worried that their businesses will suffer from new software vulnerabilities.

The sector that constitutes 18% of the U.S. gross domestic product, nearly $4 trillion, according to CMS, is struggling to keep up with a rapidly evolving SaaS environment.

What does this mean for patients?

Cybercriminals can seize a wealth of information to blackmail patients, access prescriptions, create fake identities, tamper with medical equipment, records, and diagnoses, and even stop pacemakers.

Hackers could sell patient data on the black market for thousands of dollars, or they could hold data hostage with an intent to destroy it so that healthcare institutions would pay ransom to the criminal organization. If patient data is leaked, the affected patients may be denied insurance coverage depending on the nature of information getting revealed. No matter the scenario, organizations risk their reputation and their patients’ trust and will run into issues regarding cyber insurance companies and getting coverage.

Last year, 91.2% of the healthcare breaches involved hackers stealing sensitive patient data. Since 2019, the number of healthcare breaches in the United States rose by 55.1%, most of which were caused by hackers or IT disturbances. Given the rise in healthcare data leaks from cloud services, healthcare leaders must ramp up their security efforts tenfold.

Why Are Attackers Targeting Healthcare More Than Other Industries?

Around 2014, hackers realized that big healthcare organizations that amass an abundance of confidential patient records, like Kaiser and Blue Shield, were not as secured as hackers’ usual targets.

Financial institutions and the National Security Agency, for instance, have traditionally been earmarked by attackers and thus use more mature security programs than other sectors. As attackers started to discover the many ways they can use sensitive information that is trickier to secure by healthcare providers, healthcare organizations started to become more aware of the issue at hand and became more diligent about security.

Last year, when a pandemic ensued, healthcare institutions that were already hustling to secure themselves better had to ramp on telehealth solutions and many new cloud services. Doctors and nurses who are not necessarily tech-savvy had to adapt quickly, doing upwards of 20 virtual health screenings per day, while IT teams were strapped just to get the new infrastructure in place. In the meantime, legacy medical equipment and old-school hardware are expensive to replace, can’t necessarily be updated as cloud-based infrastructure can, and are inherently vulnerable.

What the sector ends up with is a lot of fragilities.

We’re witnessing an unprecedented transition overload where too much is happening at once, and security teams are having trouble keeping their heads above water.

How should healthcare CISOs and CIOs change their IT strategy based on newly added cloud-based software applications? To properly secure cloud-based infrastructure, aside from hiring more IT and security personnel, healthcare leaders should evaluate how they do business using cloud applications and figure out which applications contain the most sensitive information, and prioritize those.

Specifically, CISOs and CIOs should:

• Reduce the landscape of cloud applications they need to accomplish business functions. Are there overlapping functions that can be attributed to one or fewer cloud applications?
• Focus on the SaaS applications that hold the most sensitive data and are thus the most susceptible to insider threats. Monitor who touches the controls and accesses this data.
• Disable features within cloud applications that are unlikely to be used.
• Focus on the weakest link--people. Implement user behavior analytics to weed out abnormalities.
• Automate wherever possible.

It won’t serve an organization to solve everything at once. That’s why business leaders need an opportunity to invest in tools that expedite auditing of cloud applications in a much easier fashion than how it’s being done now. Less grunt-work from personnel means fewer vulnerabilities. Ideally, you won’t have to work for the analytics and instead have the analytics work for you.

About the Author and Fletch

Grant Wernick is a multi-time founder who is currently working on his third venture, Fletch, which is his second venture in data analytics and cybersecurity. Fletch is pioneering a new category called ready-to-use analytics. It is the product of 10+ years of work to productize natural language, machine learning and search technologies to solve some of the most challenging data problems. If interested in joining our private beta, please reach out directly or join our waitlist at fletch.ai.