It didn't take long for the first 2020 breach headlines roll in.
Just three days into January, two healthcare organizations disclosed cybersecurity incidents—and 75,000 patients learned their sensitive records were now compromised.
In both data breaches, email was the attack vector exploited to expose the data. This seems to be endemic in healthcare. In 2019, 178 out of 431 data breach-related incidents reported to the Department of Health and Human Services involved email. That's more than 40 percent!
The provider involved in the larger of the two incidents is Minnesota-based Alomere Health, which runs a hospital and several clinics. The breach affected nearly 50,000 individuals, according to the Department of Health and Human Services' breach database.
What Led to the Successful Attack on Alomere?
Alomere Health said the data breach occurred last November when unauthorized parties accessed two employees' email accounts. After learning about the first compromised email account, the organization hired a computer forensics firm to investigate. In the process, they discovered the other account was first accessed five or six days after the original one was attacked.
The accounts included some patients' personally identifiable information (PII) such as names, birthdates, addresses, and Social Security numbers, as well as protected health information (PHI) that related to treatments, prescriptions, or diagnoses.
The investigation couldn't determine whether the unauthorized party actually viewed the sensitive data. Nonetheless, Alomere may have to deal with implications related to compliance issues around the Health Insurance Portability and Accountability Act (HIPAA) and a number of other consequences, not the least of which may be bad publicity and lack of community trust.
Alomere didn't explain the details of how the attack occurred or why it succeeded, but it likely was the result of a phishing attack at some point, which fooled users into giving away their credentials. Considering the effectiveness of phishing, and how often end-users reuse their credentials for different logins, this is an easy path for attackers to take.
Don’t Be the Next Victim
Organizations know that employees are their biggest threat and greatest challenge. By mitigating this threat, you will significantly strengthen and elevate your overall security posture. Think of your people as part of your attack “surface"—the more successful you are in closing this gap, the less surface there is for attackers to exploit.
We recommend three high-level steps:
1. Conduct vulnerability assessments
It's not enough to scan your technology and systems for vulnerabilities—you also need to assess your people vulnerabilities. This includes activities like simulated phishing campaigns that test the security acumen of your employees along every branch of the corporate tree. Without this step, it's like trying to prescribe a patient treatment without having access to the full diagnosis.
2. Implement employee awareness training
Everyone from nurses and doctors to your human resources and accounting staff should understand how their actions and behaviors impact the privacy and security of patients' data. Consider both general education about basic cyber-hygiene, and role-specific training for those employees who have higher access privileges.
3. Lean more heavily on security experts
Unfortunately, this component is often overlooked. Many healthcare organizations tend to run lean IT and cybersecurity teams—on top of dealing with a talent gap, just like everyone else. Without sufficient cybersecurity staffing, you simply aren't able to cover all the gaps. That’s why it’s often necessary to look for other ways to mitigate this risk.
How Arctic Wolf Helps Strengthen Your People Component
At Arctic Wolf, we fortify your security team and become an extension of your in-house experts. Unlike other providers, we offer security team that’s entirely dedicated to your account. We get to know your business in depth, what your challenges are, as well as the needs that are unique to your business—and that means you can consider Arctic Wolf a true partner rather than just an outsourced service.
We can help you assess vulnerabilities to mitigate risk, and provide threat detection and response capabilities to help you stay secure when attacks do occur. Learn more about Arctic Wolf’s security operations center (SOC)-as-a-service.