Documente Academic
Documente Profesional
Documente Cultură
EMAIL VULNERABILITY
IN HEALTHCARE
Executive Summary This paper explains the pervasive nature of email compromises
and sheds light on the quantity, variety, sources, and consistent
While it should come as no surprise, security and growing growth of these threats.
regulatory burdens are the top concerns for healthcare CIOs.
The study results are eye opening. Overall, 68% of all analyzed
Ransomware, denial of service, and data theft attacks are in the
covered entities and their business associates have employees
headlines every day. The estimated annual cost of ransomware
with visibly compromised accounts 76% of which include
payments in 2016 was over one billion dollars. In fact, the number
actionable password information.
of ransomware attacks in 2016 was up by more than 4 times.
PHI security, data breaches and data theft remain critical issues. The bottom line: Be prepared
Cybercriminals have learned to follow the path of least resistance.
The survey findings illustrate the need for 100% reliable and
Rather than trying to penetrate network security fortifications,
responsive business continuity solutions and rapid-response
they seek access to systems through the compromise of valid
disaster recovery. How your reactive protection is set up makes
user accounts. Stealing credentials and using them to access a
the difference between a minor glitch and a major catastrophe.
network is easier, less risky, and ultimately more productive than
exploiting a perimeter vulnerability.
What do the results mean?
The most common starting point is e-mail attacks, such a phishing.
According to Verizons 2016 Data Breach Investigations Report : The potential for monetary loss is significant
30% of phishing messages were opened by the target across Healthcare firms are under attack new data published to
all campaigns the Dark Web every day provides a window into the volume
of new email and passwords that criminals have accessed.
About 12% went on to click the malicious attachment or link
and thus enabled the attack to succeed. Controlling human behavior is the underlying challenge
Given these numbers, its no surprise that emails are the number There is a constant need to monitor for vulnerabilities and
one contributor to data breaches. In fact, 63% of breaches in the train personnel regarding email best practices.
US are the result of a compromised email credential. The need for data backups and disaster recovery is clear
While no industry is safe, the threat to the healthcare industry is Ransomware is a billion dollar program and growing.
equally astonishing and growing.
Gaps in security have allowed phishing attacks to become
Based on findings in the Ponemon Institutes 2016 Study on Privacy more effective.
and Security in Healthcare, 90% of healthcare organizations have
had a data breach in the past two years. The study estimates A
s the volume and quality of data elevates, malicious efforts
that the resulting cost of these breaches to the U.S. Healthcare are experiencing increased success.
industry alone is $6.2 billion.
2
EMAIL VULNERABILITY IN HEALTHCARE
THE CLOUD SERVICES COMPANY TM
Healthcare Providers - 53% Healthcare Providers - 61.9% Regional Health Plan - 80.4%
TPAs - 76.5% Medical Billing/Collections -55.6%
IT/Software Providers - 15%
Health Centers - 72% Hospitals - 72.3%
Hospitals - 8% IT/Software Providers - 76%
TPAs - 7%
Passwords are easy to steal
Regional Health Plan - 7%
What % Of Stolen Credentials Include Passwords?
Medical Billing/Collections - 7%
Health Centers - 3%
Passwords Available
76%
How do criminals use stolen credentials?
Passwords Not Available
There is a fairly common exploit lifecycle:
1. Gain access to data from emails that have been exploited via
24%
phishing, malware, data breach, social engineering, or some
other form of attack
3
EMAIL VULNERABILITY IN HEALTHCARE
THE CLOUD SERVICES COMPANY TM
The remaining 77% were cryptographically hashed passwords. The goals can be boiled down into three basic categories that
Simply hashing the password does not meet todays needs for every organization should embrace.
security. Hackers can easily use a variety of methods (many of
1. Proactive Threat Intelligence
which are available online) to crack hashes, including dictionary
attacks, brute force attacks, lookup tables, reverse lookup tables 2. Continuous Security Management
and rainbow tables.
3. Rapid Incident Response and Recovery
This is why strong, unique passwords are paramount for each
account and why passwords should change over time. 1. Proactive Threat Intelligence
The objective is to identify and controlnot just to observethe
What type of compromise exposed the user technical threats and vulnerabilities by understanding and limiting
credentials? the volume of viable environmental threats.
The study aimed to dig deeper than just how many names were The ability to see vulnerabilities is critical for identifying hidden
compromised per organization. ID Agents analysis evaluated
Dark Web threats before criminals exploit them. ID Agent
where the data originated and from where it was stolen. There
provides this visibility on a regular basis and allows real-time
are numerous points of attack, each raising a unique degree of
response to urgent keylogging and phishing related compromises.
concern. The majority of the data (55%) is the result of known
With ID Agents information, you can understand when malware
data breaches where user credentials were stolen in bulk (often in
removal, forced password changes, or training of employees
widely publicized events) and then published by the perpetrators.
may be required. This data also allows firms to understand user
However, the most concerning finding is the relatively small
activity and behavior over time which helps compliance teams see
segment of email credentials (6%) directly related to phishing or
whether their efforts are making an impact. Are you seeing fewer
keylogging attacks. While the percentage is in single digits, keep
credentials on the Dark Web? Is there rapid growth in activity?
in mind that this represents over 450 individual incidents where
Proactive vulnerability reports highlight the answers.
companies in our study had exposures, any one of which could
lead to ransomware, denial of service attacks, or PHI breaches This type of monitoring enables preemptive threat resolution
and cuts off threats at the pass by:
How are Email Credentials Being Stolen?
Enabling immediate response to keylogging or phishing
compromises that may be actively bypassing your security
Keylogged & Validated
barriers
1%
Providing alerts and ongoing monitoring of corporate emails
Known Data Breach and IP addresses that are being traded by hackers
55% Identifying individual instances of email policy violations as
Undetermined well as general user training issues
Email vulnerability is a significant contributor to the tremendous Evolve IPs approach is designed to quickly incorporate:
range of threat vectors that are confronting healthcare
New security standards and regulations
organizations. The rest of this paper will look at security best
practices that help organizations avoid costly email-related Changes to existing authoritative sources
breaches and also help establish a systematic and structured
Information about recent data breaches
security posture that is consistent with world-class enterprises.
Industry feedback, best practices, and lessons learned
4
EMAIL VULNERABILITY IN HEALTHCARE
THE CLOUD SERVICES COMPANY TM
The best practice for ensuring ransomware protection and Offsite Tape
Backups
business continuity is to proactively create multiple, secure, and
physically separate copies of all servers, applications, and data.
On-site Tape
This approach allows rapid restoration of your business operations or Virual
in the event that your systems are compromised by an attack. The Backups
FBI agrees, as illustrated by this excerpt from a recent blog post On-site Virual
Backups/
on their website: Internal Team
1. B
ack up data regularly and verify the integrity of those The proper preparation to create this capability includes:
backups regularly.
Creating a reliable backup process. Create rapid, frequent
2. S
ecure your backups. Make sure they arent connected to system backups in a secure, offsite location.
the computers and networks they are backing up.
E
nsuring data recoverability. Backups can also be infected
By following this advice, and arming your organization with the by the malware virus if not detected immediately after
right backups, you can prevent the attackers from taking away infection.
access to your systems.
Confirming data availability. Ask yourself how quickly can
we access and use the backup that we created?
5
EMAIL VULNERABILITY IN HEALTHCARE
THE CLOUD SERVICES COMPANY TM
Sources
1. http://www.csoonline.com/article/3154714/security/
ransomware-took-in-1-billion-in-2016-improved-defenses-may-
not-be-enough-to-stem-the-tide.html
2. http://blog.hubspot.com/marketing/password-statistics#sm.
00001b32716x2f9pva824b1rcdt1n
About Evolve IP
Evolve IP is The Cloud Services Company. Designed from the
beginning to provide organizations with a unified option for cloud
services, Evolve IP enables decision-makers to migrate all or
select IT technologies to its award-winning cloud platform. Evolve
IPs combination of security, stability, scalability and lower total
cost of ownership is fundamentally superior to outdated legacy
systems and other cloud offerings. Today, over 130,000 users
across the globe depend daily on Evolve IP for cloud services
like virtual servers, desktop services, disaster recovery, unified
communications, contact centers and more.