HHS Increases Awareness of Threats to Electronic Health Record Systems

The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center has given a threat alert warning about the threats relevant to electronic health record systems, which are normally attacked by cyber threat actors.

Cyberattacks on EHRs may be really rewarding for cyber threat actors. EHRs normally comprise all the records necessary for various types of fraudulence, which include names, dates of birth, addresses, government and state ID, Social Security numbers, health information, and health insurance details. No other database has such a large selection of data. The details covered in the systems have a big price on the black market and may be effortlessly bought by cybercriminals who are known for identity theft, tax, and insurance fraudulence. Malware, and particularly ransomware, cause considerable danger to EHRs. Ransomware could be utilized to encrypt EHR information to prevent access, which brings about issues to medical services and produces patient safety problems, which raises the chances of the ransom being compensated. Phishing attacks to obtain access to the credentials essential to access EHRs are likewise well-known.

A cybersecurity tactic ought to be made to secure against malware and ransomware attacks. Malware and ransomware attacks frequently start off with phishing emails, therefore email security alternatives ought to be enforced, and end-users need to acquire training to help them distinguish phishing emails plus other email threats. Providing the workforce with regular security awareness training may increase resistance to cyberattacks that aim at workers, who are weak links in the safety chain. Attacks on Remote Desktop Protocol (RDP) are likewise popular. Consider employing a VPN solution to avoid exposing RDP. Threat actors usually take advantage of unpatched vulnerabilities, thus it is important to patch immediately and to prioritize patching to tackle critical vulnerabilities first, specifically vulnerabilities that are identified to have been taken advantage of in cyberattacks. The Cybersecurity and Infrastructure Security Agency (CISA) has a Known Exploited Vulnerabilities Catalog that could advise IT, security teams, on putting patching efforts first.

Numerous healthcare companies encrypt EHR files. Encryption secures data files while it is copied between on-site users and external cloud software, nevertheless, there can be blind spots in encryption that may be used by threat actors to keep away from being seen while they implement their attack. Cloud providers are currently usually employed by healthcare institutions, such as cloud-hosted EHRs. All information sent to cloud services needs to be adequately safeguarded to stick to HIPAA. Cloud access security broker solutions can be helpful regarding this.

Steps should be taken to avert attacks by outside cyber threat actors, however, there are at the same time internal threats to EHR records. Healthcare personnel are given access to EHRs and could readily abuse that access to see or steal patient information. Personnel must get training on internal guidelines with regards to EHR use and data access and how HIPAA discourages the unauthorized accessing of information. The sanctions policy ought to be spelled out together with the likelihood for criminal charges for unauthorized access of medical data. Administrative guidelines must be applied to make it challenging for staff to access information without authorization and policies for EHR must be enforced.

There ought to be monitoring of physical and system access, audits must be continually done to distinguish unauthorized access, and device and media management must be put in place to stop the unauthorized replicating of EHR data. An endpoint hardening strategy must additionally be established that comprises a number of layers of security on all endpoints. The strategy will furthermore make certain that any breach is noticed and contained before attackers may acquire access to EHRs and patient files.

Healthcare companies must participate in threat hunting to discover threat actors who have bypassed the protection perimeter and gained access to endpoints. Penetration testers need to be utilized for ‘Red Team’ activities involving the tradecraft of hackers to discover and exploit vulnerabilities. Cybersecurity experts ought to also be involved in the Blue Team, which is occupied with directing the IT security team on developments to avoid sophisticated cyberattacks.

There are appreciable advantages that are derived from EHRs, however, risks to information should be appropriately managed. The HHS advises healthcare leaders to modify their goals from prevention to the formation of a proactive readiness plan to fully fully grasp vulnerabilities in their EHRs and then use a framework that will be useful at identifying and preventing attacks.