Using Threat Intelligence to Prevent Healthcare Data Breaches

July 12, 2019 • The Recorded Future Team

The healthcare industry is no stranger to cyberattacks. In recent years, hardly a week has gone by without a breached general practice, medical charity, or hospital hitting the headlines.

One of the most shocking cases came in 2017, when the infamous WannaCry ransomware outbreak caused massive disruption to the U.K. National Health Service, forcing the cancellation of 19,000 appointments and costing an estimated $115 million.

Plagued by a combination of high-value data and minimal cybersecurity budgets, healthcare organizations have been forced to address their security shortcomings or suffer the consequences. Unfortunately, all too many have (unintentionally) opted for the second option.

The Healthcare Industry’s Cyber Epidemic

According to a study completed a few years ago by the Ponemon Institute, by 2016, a massive 89% of healthcare organizations had experienced a data breach. Given that healthcare breaches are still a common occurrence, that figure has likely only increased.

A separate study by Cybersecurity Ventures in 2017 found that healthcare is targeted by more ransomware attacks than any other industry. Incredibly, the study also predicted that attacks would quadruple by 2020.

And attack volume isn’t the only problem. According to Ponemon’s 2018 Cost of Data Breach Study, healthcare data breaches cost more per record to resolve than in any other industry.

Source: Ponemon Institute

Data breaches cost healthcare organizations $408 per record to contain — almost twice the cost suffered by financial institutions, which came in a distant second place.

To make matters worse, the healthcare industry also has the highest data breach “churn rate” of any industry — the rate at which customers abandon breached organizations in favor of their competitors. When a healthcare organization is breached, it can expect to lose 6.7% of its customers, compared to an average of 3.4% across all industries.

Given all of this, the next statistic shouldn’t come as any great surprise: According to a study by Accenture, cybercrime costs a typical healthcare organization $12.47 million each year, compared to an $11.7 million average across all industries.

Why Is Healthcare Such a Popular Target?

Given the strict requirements placed on healthcare organizations by legislation like HIPAA and HITECH, you’d be forgiven for expecting healthcare breaches to be few and far between.

Unfortunately, for a variety of reasons, successfully securing a healthcare organization is far easier said than done. Here are four major reasons why healthcare organizations continue to be such a popular target for cyberattacks:

1. Healthcare records are highly valuable.

As with most industries, the overwhelming majority of cyberattacks on the healthcare industry are financially motivated. And one of the most common methods attackers use to make money is to steal and sell healthcare records. The exact value of stolen records varies, but it’s reliably hundreds of times higher than that of stolen credit card or social security numbers.

2. They’re vulnerable to ransom demands.

Healthcare organizations do important work — the type of work that can’t wait until tomorrow.

This is a major reason why healthcare organizations are so heavily targeted by ransomware. It works. Many healthcare providers have little option when faced with a ransom demand because they simply cannot afford to have their operations disrupted.

3. Environments are complex and difficult to secure.

Healthcare organizations (hospitals in particular) often have sprawling, complicated IT environments, with many moving parts. They also employ a large number of staff, many of whom have access to highly sensitive patient records. This combination makes them susceptible to cyberattacks, particularly those based on social engineering.

4. Security budgets remain comparatively low.

No organization has an infinite budget for cybersecurity. Historically, though, the healthcare industry has lagged behind others in terms of security spending, leaving many healthcare organizations vulnerable to cyberattacks. Security budgets in the industry are now starting to rise, but still fall short of what’s needed to ward off cyberattacks.

The Value of Threat Intelligence for Healthcare Organizations

Being a security professional in the healthcare industry isn’t an easy job. The industry faces a constant barrage of cyberattacks, against which security professionals must protect highly complex medical environments with (generally) not enough resources.

For these reasons, it’s essential that the resources they do have are used to maximum effect.

This is where threat intelligence comes in: it helps security teams make better decisions about how and where to allocate their resources — both human and financial. By investing in threat intelligence, healthcare organizations can:

Respond Faster to Security Incidents: The typical incident response or SOC analyst spends a huge amount of time responding to (and eventually discarding) false positive alerts from SIEMs, EDRs, and other security technologies. Threat intelligence helps analysts rapidly distinguish between important and unimportant alerts, enabling them to respond more quickly to genuine cyber threats.
Drastically Improve Breach Identification and Containment Times: The average healthcare organization takes 255 days to detect a data breach, and a further 103 days to contain it. And the longer it takes, the more it costs. Threat intelligence helps healthcare organizations minimize losses by enabling security teams to identify compromised assets (including patient records) the moment they turn up for sale on the dark web.
Allocate Resources Appropriately: When resources are limited, making good decisions about how to invest them is essential. Threat intelligence helps security leaders in the healthcare industry make informed decisions about which technologies to invest in, who to hire, and which initiatives to prioritize in order to minimize cyber risk.

Taking the First Steps

Threat intelligence provides healthcare organizations with an opportunity to improve nearly every aspect of their security operations, from planning and prevention, all the way through to breach identification and containment.

If your organization isn’t currently using threat intelligence, there’s an easy way to get started. Sign up for our free Cyber Daily newsletter, and you’ll receive the top cybersecurity intelligence direct to your inbox each morning. That includes: