SlideShare a Scribd company logo

Healthcare Industry Security Whitepaper

Casey Lucas
Casey Lucas

Healthcare is hot topic for most people; we rely on institutions to maintain our quality of life and well-being. To achieve this, they require very intimate knowledge of a patients’ illness, surgery, prescription, and insurance details. This creates an appetizing target for attackers looking to steal personal information that can be used for identity theft, insurance fraud, and other malicious intentions. In the latest publication from the IBM MSS Threat Research Group, Senior Threat Researcher, John Kuhn reviews threats and recent attacks to the healthcare industry and provides recommendations and mitigation techniques.

Technology
1 of 8
Download to read offline
ii ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER IBM MSS INDUSTRY OVERVIEW: HEALTHCARE
iii ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS ................................................................................................................ 1 SITUATION/WHAT HAPPENED............................................................................................................................ 1 WHO’S BEING TARGETED?.................................................................................................................................. 3 HOW ARE ORGANIZATIONS BEING ATTACKED?................................................................................................... 4 RECOMMENDATIONS/MITIGATION TECHNIQUES ............................................................................................... 5 CONTRIBUTORS ................................................................................................................................................. 5 DISCLAIMER....................................................................................................................................................... 5
1 ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. EXECUTIVE OVERVIEW/KEY FINDINGS Healthcare is hot topic for most people; we rely on institutions to maintain our quality of life and well-being. To achieve this, they require very intimate knowledge of patients’ illness, surgery, prescription, and insurance details. This knowledge is now stored electronically referenced as EMR or Electronic Medical Record. EMRs have become incredibly valuable to attackers. A recent FBI report states that their value could be as much as $50 USD per EMR on the black-market and even more for “high profile” patients.i Social Security numbers or even credit card information is likely to bring significantly less on the open market. This has caused a recent influx of attacks against the healthcare industry as it’s become incredibly lucrative to steal EMRs and resell them on underground channels. This report is an overview of how these data leaks happen, where they happen, and some methodologies on how attacks are carried out. SITUATION/WHAT HAPPENED Mining the public records for data loss reveals key insights into how exactly medical institutions are leaking patient data. The leading source of data leaks is simple negligence. EMRs stored on portable storage devices such as hard drives and USB thumb drives has led to nearly 23 million data records lost or stolen, as seen in Figure 1 below. This data is rarely encrypted, which is a step that any institution should be taking before storing or transferring data onto a portable device. Incidents not specifically called out in disclosure records, including those involving email, are also on the rise. Perhaps employees are getting around restrictive processes through gaps in data loss prevention methods. Incidents involving USB sticks have remained stable, hovering consistently around 25 per year, and we all know they’re a perennial favorite of users to get around restrictions to copying data. Copying data to online storage services like Evernote and DropBox is quite popular, and although there is neither a classification for Cloud yet, nor any documented instances of EMR being compromised on public sharing services, I predict we’ll see this activity in the next few years.
2 ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. Method of Data Loss Records Lost Portable Device 22,916,465 Hacking or malware 6,624,447 Static Device 5,534,794 Unintended disclosure 2,002,091 Malicious Insider 600,385 Physical Loss 473,119 Unknown 164,900 Grand Total 38,316,201 Figure 1. Breakdown of number of EMRs lost and method by which they were lost since 2005.ii As shown in Figure 1 above, over 38 million medical records have been leaked, lost, or stolen. While this may seem like an incredibly high number, it pales in comparison against industries such as financial or retail, whose counts run over 200 million. What’s that say for the medical industry? Medical records have recently become a hot commodity and stealing them a lucrative business. I would expect to see more large scale breeches in the near future and more extremely sensitive personally identifiable information (PII) data traded and sold.
3 ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. WHO’S BEING TARGETED? Let’s take a look at where the breaches are happening. California is the clear leader with over 7,000,000 leaked records since 2005. Figure 2. Number of EMRs lost by state since 2005.iii As shown in Figure 2, lost or stolen portable devices leads the trend per state. Tennessee however suffered a large data loss due to a recent attack that utilized the Heartbleed exploit/vulnerability. This particular attack was not only significant to the healthcare industry. Any industry could be vulnerable to this type of attack. The compromise was one of the first that utilized a vulnerability within OpenSSL to infiltrate a network and steal a large set of data. The attack targeted a specific device manufactured by Juniper that had not been patched. Credentials had been exposed that allowed access into the healthcare organization’s network, where the attacker was given full access to critical systems.
4 ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. HOW ARE ORGANIZATIONS BEING ATTACKED? Managed Security Services has a wealth of information from our worldwide sensor network to see how attacks against any organization are being carried out. Let’s take a look at the healthcare industry specifically. Figure 3. The majority of attacks seen against the health industry via IDS signatures in 2014.iv The data in Figure 3 breaks down into a few noteworthy points. Heartbleed was the most significant attack we witnessed against a health organization in 2014. Due to the nature of the attack, it’s very stealthy and has an abundance of tools that exploit it. This resulted in a low cost, high return investment to the attacker. Most of the world’s vulnerable systems to the attack have been subsequently patched; however it’s critical that your entire network is patched. Web applications are a high target via Command & SQL Injection against public and non-public facing sites. Many medical devices internally use web interfaces (often Windows- based) for monitoring machines, X- Ray, and surgical equipment. Many of these devices contain sensitive patient information locally stored in DBs that can be accessed easily from a remote system over HTTP. Devices like these don’t always follow coding polices with security in mind. This can leave these devices open targets for attacks based on SQL Injection, Command Injection and Cross-site scripting. Patient data can often be easily accessed without credentials. Malicious websites are utilized by attackers as a method to gain internal access into critical systems. Malicious websites are a concern for all industries, as they allow attackers to penetrate networks and potentially evade perimeter defenses the organization may have.
5 ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. Sophisticated spear phishing is often utilized to target personnel inside the network, specifically in the area they want to obtain data from. These attacks often utilize malicious PDFs with payloads that contain malware or send the victim to a malicious website. Malware known as RATs (Remote Administration Tools) are typically the payload, this gives the attacker full control of the victim’s system including access to the webcam and microphone. Penetration into connected systems would follow along with burying more malware to remain a persistent foothold within the network. RECOMMENDATIONS/MITIGATION TECHNIQUES Limit unauthorized access by disabling default user names and passwords. Require unique ID and passwords and preferably implement 2 factor authentication. Limit public and/or unmonitored access to devices by technicians or other trusted users. Assure timely deployment of routine, validated security patches, and methods to restrict software or firmware updates to authenticated code associated with the medical devices. Use anti-virus and other host based protections as suitable. Disable unneeded services and ports. Critical systems should be contained in their own segment within your network and closely monitored for suspicious activity. Ensure secure data transfer to and from the medical device, using encryption when appropriate. Deploy features that let organizations recognize, log, and act upon security compromises. A prime example would be monitoring network access and medical device use through network activity monitoring capabilities. Assure medical device selection processes incorporate cyber security related criteria. Update cyber incident response policies to address medical device compromise use cases. Update facility crisis management plans to incorporate cyber security scenarios. CONTRIBUTORS Chris Poulin - Research Strategist - X-Force Michelle Alvarez - Researcher/Editor, Threat Research Group DISCLAIMER This document is intended to inform clients of IBM Security Services of a threat or discovery by IBM Managed Security Services and measures undertaken or suggested by IBM Security Service Teams to remediate the threat. The data contained herein describing tactics, techniques and procedures is classified Confidential for the benefit of IBM MSS clients only. This information is provided “AS IS,” and without warranty of any kind.
6 ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. i Health Care Systems and Medical Devices at Risk for Increased Cyber Intrusions for Financial Gain, FBI Cyber Division, April 8, 2014. ii Chronology of Data Breaches Security Breaches 2005-Present, Privacy Rights Clearinghouse. iii Chronology of Data Breaches Security Breaches 2005-Present, Privacy Rights Clearinghouse. iv 2014 IDS Data, IBM Managed Security Services.

Recommended

Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
EMC
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
EMC
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
Anjoum .
 
RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014
EMC
 
Peoplesoft Erp
Peoplesoft ErpPeoplesoft Erp
Peoplesoft Erp
Appsian
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0
Javier Gonzalez
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to Solve
Icomm Technologies
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01
ijmnct
 

Recommended

Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
EMC
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
EMC
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
Anjoum .
 
RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014
EMC
 
Peoplesoft Erp
Peoplesoft ErpPeoplesoft Erp
Peoplesoft Erp
Appsian
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0
Javier Gonzalez
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to Solve
Icomm Technologies
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01
ijmnct
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environment
K Singh
 
50120130406020
5012013040602050120130406020
50120130406020
IAEME Publication
 
Mis3rd
Mis3rdMis3rd
Mis3rd
gopalnb
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
EMC
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
Jaime Manteiga
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
GFI Software
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
Authentic8
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Ali Raza
 
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
David Sweigert
 
ResearchProjectComplete
ResearchProjectCompleteResearchProjectComplete
ResearchProjectComplete
dannyboi17
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
Aviva Spectrum™
 
2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata
Steph Cliche
 
West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10
William Mann
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication Challenge
EMC
 
CMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPERCMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPER
HamesKellor
 
DB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the BoxDB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the Box
Jerry Harding
 
DB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the BoxDB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the Box
Jerry Harding
 
What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security Providers
United Security Providers AG
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
Ban Selvakumar
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
Hokme
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Calgary Scientific Inc.
 

More Related Content

What's hot

Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environment
K Singh
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Ali Raza
 
ResearchProjectComplete
ResearchProjectCompleteResearchProjectComplete
ResearchProjectComplete
dannyboi17
 
2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata
Steph Cliche
 

What's hot (15)

Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environment
 
50120130406020
5012013040602050120130406020
50120130406020
 
Mis3rd
Mis3rdMis3rd
Mis3rd
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
 
ResearchProjectComplete
ResearchProjectCompleteResearchProjectComplete
ResearchProjectComplete
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
 
2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata
 
West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication Challenge
 
CMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPERCMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPER
 

Similar to Healthcare Industry Security Whitepaper

DB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the BoxDB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the Box
Jerry Harding
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network Analysis
IJERD Editor
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM Security
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security Practices
Jerry Harding
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
IBM Security
 

Similar to Healthcare Industry Security Whitepaper (20)

DB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the BoxDB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the Box
 
DB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the BoxDB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the Box
 
What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security Providers
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network Analysis
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MIS
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
UK Cyber Vulnerability Index 2013
UK Cyber Vulnerability Index 2013UK Cyber Vulnerability Index 2013
UK Cyber Vulnerability Index 2013
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industry
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security Practices
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
 

More from Casey Lucas

Pragmatic Works Fast Start Offerings
Pragmatic Works Fast Start OfferingsPragmatic Works Fast Start Offerings
Pragmatic Works Fast Start Offerings
Casey Lucas
 
Predictive Analytics and Azure Machine Learning Case Studies
Predictive Analytics and Azure Machine Learning Case StudiesPredictive Analytics and Azure Machine Learning Case Studies
Predictive Analytics and Azure Machine Learning Case Studies
Casey Lucas
 
Oil & Gas Case Study
Oil & Gas Case StudyOil & Gas Case Study
Oil & Gas Case Study
Casey Lucas
 
LegiTest Paradigm
LegiTest ParadigmLegiTest Paradigm
LegiTest Paradigm
Casey Lucas
 
Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity
Casey Lucas
 

More from Casey Lucas (20)

Pragmatic Works Fast Start Offerings
Pragmatic Works Fast Start OfferingsPragmatic Works Fast Start Offerings
Pragmatic Works Fast Start Offerings
 
Predictive Analytics and Azure Machine Learning Case Studies
Predictive Analytics and Azure Machine Learning Case StudiesPredictive Analytics and Azure Machine Learning Case Studies
Predictive Analytics and Azure Machine Learning Case Studies
 
Oil & Gas Case Study
Oil & Gas Case StudyOil & Gas Case Study
Oil & Gas Case Study
 
LegiTest Paradigm
LegiTest ParadigmLegiTest Paradigm
LegiTest Paradigm
 
Growing Up Hybrid -- Accelerating Digital Transformation (Cloud)
Growing Up Hybrid -- Accelerating Digital Transformation (Cloud)Growing Up Hybrid -- Accelerating Digital Transformation (Cloud)
Growing Up Hybrid -- Accelerating Digital Transformation (Cloud)
 
IBM Watson IoT - New Possibilities in a Connected World
IBM Watson IoT - New Possibilities in a Connected WorldIBM Watson IoT - New Possibilities in a Connected World
IBM Watson IoT - New Possibilities in a Connected World
 
IBM Total Economic Impact Study - Cost Savings and Business Benefits
IBM Total Economic Impact Study - Cost Savings and Business BenefitsIBM Total Economic Impact Study - Cost Savings and Business Benefits
IBM Total Economic Impact Study - Cost Savings and Business Benefits
 
The Total Economic Impact of IBM Connections
The Total Economic Impact of IBM ConnectionsThe Total Economic Impact of IBM Connections
The Total Economic Impact of IBM Connections
 
Amplifying Employee Voice: Better Connect to the Pulse of your Workforce
Amplifying Employee Voice: Better Connect to the Pulse of your WorkforceAmplifying Employee Voice: Better Connect to the Pulse of your Workforce
Amplifying Employee Voice: Better Connect to the Pulse of your Workforce
 
IBM Analytics: Thought Leadership White Paper
IBM Analytics: Thought Leadership White PaperIBM Analytics: Thought Leadership White Paper
IBM Analytics: Thought Leadership White Paper
 
Customer Experience with IBM z Systems
Customer Experience with IBM z SystemsCustomer Experience with IBM z Systems
Customer Experience with IBM z Systems
 
Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services Overview
 
CIO Insights from the Global C-suite Study
CIO Insights from the Global C-suite StudyCIO Insights from the Global C-suite Study
CIO Insights from the Global C-suite Study
 
Global transformation from the inside out - Optimizing the entire ecosystem
Global transformation from the inside out - Optimizing the entire ecosystemGlobal transformation from the inside out - Optimizing the entire ecosystem
Global transformation from the inside out - Optimizing the entire ecosystem
 
IBM Enterprise 2014 - System z Technical University - Preliminary Agenda
IBM Enterprise 2014 - System z Technical University - Preliminary Agenda IBM Enterprise 2014 - System z Technical University - Preliminary Agenda
IBM Enterprise 2014 - System z Technical University - Preliminary Agenda
 
IBM Enterprise 2014: Power Systems Technical University - Preliminary Agenda
IBM Enterprise 2014: Power Systems Technical University - Preliminary AgendaIBM Enterprise 2014: Power Systems Technical University - Preliminary Agenda
IBM Enterprise 2014: Power Systems Technical University - Preliminary Agenda
 
IBM Enterprise 2014 - Technical University Abstract Guide
IBM Enterprise 2014 - Technical University Abstract GuideIBM Enterprise 2014 - Technical University Abstract Guide
IBM Enterprise 2014 - Technical University Abstract Guide
 
15 Lessons In Social Business Strategy from the Biggest Brands in the World
15 Lessons In Social Business Strategy from the Biggest Brands in the World15 Lessons In Social Business Strategy from the Biggest Brands in the World
15 Lessons In Social Business Strategy from the Biggest Brands in the World
 
The Truth About Application Release and Deployment - Top 10 Myths Exposed
The Truth About Application Release and Deployment - Top 10 Myths ExposedThe Truth About Application Release and Deployment - Top 10 Myths Exposed
The Truth About Application Release and Deployment - Top 10 Myths Exposed
 

Recently uploaded

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
WSO2
 

Recently uploaded (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 

Healthcare Industry Security Whitepaper

  • 1. ii ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER IBM MSS INDUSTRY OVERVIEW: HEALTHCARE
  • 2. iii ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS ................................................................................................................ 1 SITUATION/WHAT HAPPENED............................................................................................................................ 1 WHO’S BEING TARGETED?.................................................................................................................................. 3 HOW ARE ORGANIZATIONS BEING ATTACKED?................................................................................................... 4 RECOMMENDATIONS/MITIGATION TECHNIQUES ............................................................................................... 5 CONTRIBUTORS ................................................................................................................................................. 5 DISCLAIMER....................................................................................................................................................... 5
  • 3. 1 ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. EXECUTIVE OVERVIEW/KEY FINDINGS Healthcare is hot topic for most people; we rely on institutions to maintain our quality of life and well-being. To achieve this, they require very intimate knowledge of patients’ illness, surgery, prescription, and insurance details. This knowledge is now stored electronically referenced as EMR or Electronic Medical Record. EMRs have become incredibly valuable to attackers. A recent FBI report states that their value could be as much as $50 USD per EMR on the black-market and even more for “high profile” patients.i Social Security numbers or even credit card information is likely to bring significantly less on the open market. This has caused a recent influx of attacks against the healthcare industry as it’s become incredibly lucrative to steal EMRs and resell them on underground channels. This report is an overview of how these data leaks happen, where they happen, and some methodologies on how attacks are carried out. SITUATION/WHAT HAPPENED Mining the public records for data loss reveals key insights into how exactly medical institutions are leaking patient data. The leading source of data leaks is simple negligence. EMRs stored on portable storage devices such as hard drives and USB thumb drives has led to nearly 23 million data records lost or stolen, as seen in Figure 1 below. This data is rarely encrypted, which is a step that any institution should be taking before storing or transferring data onto a portable device. Incidents not specifically called out in disclosure records, including those involving email, are also on the rise. Perhaps employees are getting around restrictive processes through gaps in data loss prevention methods. Incidents involving USB sticks have remained stable, hovering consistently around 25 per year, and we all know they’re a perennial favorite of users to get around restrictions to copying data. Copying data to online storage services like Evernote and DropBox is quite popular, and although there is neither a classification for Cloud yet, nor any documented instances of EMR being compromised on public sharing services, I predict we’ll see this activity in the next few years.
  • 4. 2 ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. Method of Data Loss Records Lost Portable Device 22,916,465 Hacking or malware 6,624,447 Static Device 5,534,794 Unintended disclosure 2,002,091 Malicious Insider 600,385 Physical Loss 473,119 Unknown 164,900 Grand Total 38,316,201 Figure 1. Breakdown of number of EMRs lost and method by which they were lost since 2005.ii As shown in Figure 1 above, over 38 million medical records have been leaked, lost, or stolen. While this may seem like an incredibly high number, it pales in comparison against industries such as financial or retail, whose counts run over 200 million. What’s that say for the medical industry? Medical records have recently become a hot commodity and stealing them a lucrative business. I would expect to see more large scale breeches in the near future and more extremely sensitive personally identifiable information (PII) data traded and sold.
  • 5. 3 ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. WHO’S BEING TARGETED? Let’s take a look at where the breaches are happening. California is the clear leader with over 7,000,000 leaked records since 2005. Figure 2. Number of EMRs lost by state since 2005.iii As shown in Figure 2, lost or stolen portable devices leads the trend per state. Tennessee however suffered a large data loss due to a recent attack that utilized the Heartbleed exploit/vulnerability. This particular attack was not only significant to the healthcare industry. Any industry could be vulnerable to this type of attack. The compromise was one of the first that utilized a vulnerability within OpenSSL to infiltrate a network and steal a large set of data. The attack targeted a specific device manufactured by Juniper that had not been patched. Credentials had been exposed that allowed access into the healthcare organization’s network, where the attacker was given full access to critical systems.
  • 6. 4 ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. HOW ARE ORGANIZATIONS BEING ATTACKED? Managed Security Services has a wealth of information from our worldwide sensor network to see how attacks against any organization are being carried out. Let’s take a look at the healthcare industry specifically. Figure 3. The majority of attacks seen against the health industry via IDS signatures in 2014.iv The data in Figure 3 breaks down into a few noteworthy points. Heartbleed was the most significant attack we witnessed against a health organization in 2014. Due to the nature of the attack, it’s very stealthy and has an abundance of tools that exploit it. This resulted in a low cost, high return investment to the attacker. Most of the world’s vulnerable systems to the attack have been subsequently patched; however it’s critical that your entire network is patched. Web applications are a high target via Command & SQL Injection against public and non-public facing sites. Many medical devices internally use web interfaces (often Windows- based) for monitoring machines, X- Ray, and surgical equipment. Many of these devices contain sensitive patient information locally stored in DBs that can be accessed easily from a remote system over HTTP. Devices like these don’t always follow coding polices with security in mind. This can leave these devices open targets for attacks based on SQL Injection, Command Injection and Cross-site scripting. Patient data can often be easily accessed without credentials. Malicious websites are utilized by attackers as a method to gain internal access into critical systems. Malicious websites are a concern for all industries, as they allow attackers to penetrate networks and potentially evade perimeter defenses the organization may have.
  • 7. 5 ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. Sophisticated spear phishing is often utilized to target personnel inside the network, specifically in the area they want to obtain data from. These attacks often utilize malicious PDFs with payloads that contain malware or send the victim to a malicious website. Malware known as RATs (Remote Administration Tools) are typically the payload, this gives the attacker full control of the victim’s system including access to the webcam and microphone. Penetration into connected systems would follow along with burying more malware to remain a persistent foothold within the network. RECOMMENDATIONS/MITIGATION TECHNIQUES Limit unauthorized access by disabling default user names and passwords. Require unique ID and passwords and preferably implement 2 factor authentication. Limit public and/or unmonitored access to devices by technicians or other trusted users. Assure timely deployment of routine, validated security patches, and methods to restrict software or firmware updates to authenticated code associated with the medical devices. Use anti-virus and other host based protections as suitable. Disable unneeded services and ports. Critical systems should be contained in their own segment within your network and closely monitored for suspicious activity. Ensure secure data transfer to and from the medical device, using encryption when appropriate. Deploy features that let organizations recognize, log, and act upon security compromises. A prime example would be monitoring network access and medical device use through network activity monitoring capabilities. Assure medical device selection processes incorporate cyber security related criteria. Update cyber incident response policies to address medical device compromise use cases. Update facility crisis management plans to incorporate cyber security scenarios. CONTRIBUTORS Chris Poulin - Research Strategist - X-Force Michelle Alvarez - Researcher/Editor, Threat Research Group DISCLAIMER This document is intended to inform clients of IBM Security Services of a threat or discovery by IBM Managed Security Services and measures undertaken or suggested by IBM Security Service Teams to remediate the threat. The data contained herein describing tactics, techniques and procedures is classified Confidential for the benefit of IBM MSS clients only. This information is provided “AS IS,” and without warranty of any kind.
  • 8. 6 ©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States, other countries or both. Other company, product or service names may be trademarks or service marks of others. i Health Care Systems and Medical Devices at Risk for Increased Cyber Intrusions for Financial Gain, FBI Cyber Division, April 8, 2014. ii Chronology of Data Breaches Security Breaches 2005-Present, Privacy Rights Clearinghouse. iii Chronology of Data Breaches Security Breaches 2005-Present, Privacy Rights Clearinghouse. iv 2014 IDS Data, IBM Managed Security Services.