Data breaches of health providers highlight the weaknesses in the health sector

May 25, 2022 |

The health sector is a regular target of cyber criminals.  It is also a sector which is notorious for having poor cyber security practices.  That is a terrible confluence.

Data breach today reports that 3 recent health data breaches have affected 1.4 million individuals. The three entities were:

ETCH and PHC were attacked in in March, involving various IT system disruptions, suggesting possible ransomware attacks. ETCH’s reportto Maine’s attorney general claimed the attack  affected nearly 423,000 individuals.  PHC reported its breach affected nearly 855,000 individuals. Acuity International’s breach affected nearly 123,000 individuals

The ETCH breach affected data may include name, contact information, date of birth, medical record number, medical history information and Social Security number.  The PHC breach involve unauthorized access to names, Social Security number, date of birth, driver’s license number, tribal ID number, medical record number, health insurance information, member portal username and password, email address, and medical information including treatment, diagnosis and prescriptions.

Other recent health related cyber incidents around the world include:

Given the breadth and depth of the attacks it is relevant to have regard to a very recent Joint Cybersecurity advisory prepared by cyber security authorities of the United States of America, Canada, New Zealand and the United Kingdom titled “Weak Security Controls and Practices Routinely Exploited for Initial Access”. 

The report sheets home much of the blame on poor security configuration of computer systems,  misconfigured or simply left unsecured, and hackers exploit weak controls and other poor cyber hygiene practices “to gain initial access or as part of other tactics to compromise a victims’ system.”

Some of the techniques used by hackers include:

  • Exploitation of a public-facing application.
  • Exploitation of external remote services such as VPNs, and other methods of accessing the internal network from external locations.
  • Phishing
  • Leveraging trusted relationships.
  • Abuse of compromised credentials.

The Report further notes that these attacks often occur where multi-factor authentication (MFA) is not been enforced, there are mistakes in access control lists, software has not been updated, there are weak passwords, and misconfigured services exposed to the internet.

The advisory describes best practices to defend systems from these common attacks as being:

  • Control access.
  • Harden credentials.
  • Establish centralized log management.
  • Use anti-virus.
  • Employ detection tools.
  • Operate services exposed on internet-accessible hosts with secure configurations.
  • Keep software updated.

Leave a Reply

Verified by MonsterInsights