I have to tell you something — I’m getting tired of getting these notices in the mail. How many have you received the past few years? In 2024, I got the Change Healthcare letter; a Ticketmaster letter; and most recently, a letter from Walsworth, the publisher of my kids’ yearbooks. A few years ago, I was part of a big breach at DuPage Medical Group (now Duly Health and Care).
A recent survey of 1,309 healthcare IT and security professionals by Netwrix revealed 84% detected a cyberattack or intrusion in the past 12 months.1 According to the survey, 24% of the healthcare organizations are fully cloud-based, 12% have an on-premises IT infrastructure, and 64% have a hybrid infrastructure. Account compromise (74%) topped the list of security incidents for cloud attacks where a user or administrator account was compromised. Phishing was the most common type of incident experienced on premises (63%), but it was also high for cloud-based (62%). Protected health information (PHI) is one of the most expensive types of data sold on the darknet, which makes healthcare organizations a top target for cybercriminals. A PHI breach can include names, birthdays, addresses, Social Security numbers, insurance information, diagnosis/conditions, and other treatment information.
This month, we published the results of our fourth State of the Industry survey on laboratory data analytics. Thank you to all who responded to this survey. Current IT priorities in the lab include infrastructure and platform development/new LIS, data analytics optimization, revenue cycle management optimization, integration of the electronic health record, interconnectivity with reference and public health labs, and a bi-directional system to integrate within a health system. However, laboratory goals are encumbered by issues including staffing challenges, inadequate information technology (IT) support, and cost constraints. We did not ask specific cybersecurity questions, but looking at the incidents above (staff member account compromises and phishing), it would be interesting to know how much cybersecurity training and support healthcare staff are receiving from their organizations.
The February 2024 ransomware attack on UnitedHealth-owned health tech company Change Healthcare is the largest data breach of health and medical data in U.S. history. Originally estimated to affect at least 100 million people, the latest estimate confirmed by UnitedHealth is closer to 190 million. The attack was done by ALPHV (aka BlackCat) — a Russian-based ransomware gang. Its affiliates — contractors who work for the gang — break into victims’ networks and deploy malware developed by BlackCat’s leaders, who take a cut of the profits collected from the ransoms collected from victims to get their files back. Change Healthcare paid a ransom of $22 million, but it looks as though BlackCat still kept the data. Law enforcement advocates against paying ransoms as it allows criminals to profit from cyberattacks.
According to the UnitedHealth CEO’s testimony before the House, the criminal hackers “used compromised credentials to remotely access a Change Healthcare Citrix portal.” Citrix software allows employees to access their work computers remotely on their internal networks. The CEO did not explain how the credentials were stolen, but the user’s account was not set up with multi-factor authentication, which is a basic security feature to prevent password reuse attacks by requiring a second code sent to that account holder’s phone.
Human error is the primary cause of ransomware attacks. And criminals are getting more and more sophisticated and aggressive in getting access. Without regular training, staff members may not recognize the risks associated with suspicious emails, websites, or software downloads. Creating strong passwords and regularly changing passwords are also important.
I welcome your comments and questions — please send them to me at [email protected].
REFERENCES
- Netwrix.com. Accessed January 29, 2025. https://www.netwrix.com/download/reports/Netwrix%20Hybrid%20Security%20Trends%20Report%202024_Healthcare.pdf.
