Healthcare News & Insights

Best practices for warding PHI against a cyberattack

It’s no secret that the scope and frequency of cyberattacks is growing. And now there’s some extra help for hospital leaders to safeguard their patients’ protected health information (PHI). 

ThinkstockPhotos-481004001Recent research has shown that cyberattacks are now the leading cause of healthcare data breaches, replacing the era where breaches were limited to stolen or lost devices. It’s estimated that about half of health organizations in the country have experienced a breach in the last 12 months.

This problem is expected to grow as providers continue to implement new health IT devices, and as a result create new openings for hackers to access PHI.

However, the Workgroup for Electric Data Interchange (WEDI) recently released a primer to help organizations better understand and prevent cyberattacks.

Anatomy of cyberattacks

In the primer “Perspectives on Cybersecurity in Healthcare June 2015,” the authors state that understanding the “anatomy” of a cyberattack can give facility leaders a better idea of how to guard their systems.

The primer then breaks down some of the common steps hackers take when infiltrating organizations:

  1. Gathering info and creating a weapon — Hackers will study their targets well in advance of attacks, looking at user behavior and how systems are accessed and used in regular operations. From there, hackers will build a malicious code that will exploit system vulnerabilities.
  2. Infiltrating the system (the cyberattack) — Hackers will then look at how best to implant their code. Often the more information they’ve gathered initially, the more complex the attack will be. Often, hackers will use email phishing schemes to gain access to workers’ usernames and passwords. Many times the emails also include an embedded link which will can trigger malware to be downloaded onto the system.
  3. Evading detection and controlling the system — Once a malicious link gets clicked, or the malware is installed with some other method, hackers will then take steps to bury the virus even further using obfuscation or data fragmentation. Meanwhile, the malware will regularly communicate with the hacker’s servers. More malicious software may be downloaded and hidden during this time by using encrypted communication protocols such as SSL, TOR, ICMP or DNS, the report says.
  4. Digging for data — Often the information hackers are searching for isn’t immediately available, requiring hackers to search through systems. Often they look for ways to get to administrators’ credentials and access authorizations through tools like keystroke loggers, which record activity like typing in a password to access the most valuable data.
  5. Maintaining access — Hackers often take steps to keep a presence in systems in order to hide activity and facilitate future attacks.

Creating a culture of prevention

To counteract this, the authors say its important that organizations create a culture of data security by developing robust policies and procedures around PHI and system safety. This can include tactics like staff training to raise awareness of common cyberattack methods.

Additionally, a strong cyber defense strategy will include how to monitor and respond to attacks at each phase of the infiltration. The authors note there are cybersecurity framework leaders can use as guidelines, including ISO, COBIT, and NIST, to develop a secure IT infrastructure.

The point the primer drives home is that data security shouldn’t be limited to only implementing technical safeguards, but must also involve ongoing effort to ensure physical and administrative security measures are also taken.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.