There’s no question about it: When it comes to cybercrime facing the health care sector, ransomware rules the roost. This crippling cyberthreat has the potential to become a $1 billion market on the dark web by the end of 2016, according to the FBI.
That said, there’s another somewhat alarming cybersecurity trend that up until recently has been widely ignored. It’s called simply “unauthorized access” and, according to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), it’s the top cause of data breaches in health care organizations so far in 2016.
What is unauthorized access?
Unauthorized access is exactly what it sounds like. However, unlike a cyberattack, this access is often arrived at by means other than hacking or malware. It’s a type of privilege escalation in which network access is mistakenly granted to unauthorized users, who are then free to take all the sensitive data they want and sell it on the dark web. Between Jan. 1, 2016 and June 1, 2016, there were 47 such incidents. Some of them involved the misplacement of physical documents; however, many of them were the result of digital unauthorized access.
“It’s essentially like forgetting to close the front door.”
For instance, HealthITSecurity noted that 21st Century Oncology experienced a data breach earlier this year when its databases were “inappropriately accessed.” In a separate incident, California Correctional Healthcare Services reported a breach in May that could have exposed protected health information of as many as 400,000 people after a company laptop was stolen from an employee’s car. A similar snafu befell Premier Healthcare, LLC – which also involved a stolen laptop – affecting over 200,000 individuals.
The problem with these events is that firewalls and other preventative cybersecurity measures won’t necessarily remediate them. It’s essentially like forgetting to close the front door when you’re in a hurry to get to work on time, and then getting burgled. People, and organizations, make mistakes – it doesn’t mean they deserve to be victimized by criminals.
The only way to fight this is to know when it’s happening
The assumption is that once unauthorized access has occurred, there’s not much that can be done to stop someone from stealing data, especially if the machine they stole has all the proper certificates and credentials to freely access company databases. However, this isn’t necessarily true.
An emerging market space called Managed Detection and Response provides network monitoring to organizations, as well as cybersecurity guidance from a team of security engineers and response plans should a breach or infection occur. The MDR provider logs and tracks all activity within a network and the corresponding databases. For instance, if a database is accessed at an unusual time, or a user suddenly begins to issue an unusually high number of download requests from a device, the MDR provider can look into it, contact the organization and prescribe immediate action to stop the breach in its tracks.
We live in a very imperfect world, as health care organizations are all too aware. But the solution is not to build bigger walls around our problems, especially when those problems are self-made. It’s to be aware of them when they arise, and to know how to handle them so as to mitigate potential damages.