Medical data security faces serious challenges

01 Healthcare data breaches on the rise

Recent statistics show that the amount of personal medical information exposed in data breaches has increased by 300% in the past three years.On the dark web, personal medical information (PHI) can be sold for up to $1,000 each.According to a report by Critical Insight, more than 45 million patient profiles were exposed in data breaches in 2021.That means about one in seven Americans had information such as names, home addresses, Social Security numbers, and even biometric data stolen last year.Medical information breaches alone now account for 30% of all large data breaches.

Since the 1990s, medical information data technology has continued to develop, and the Health Insurance Portability and Accountability Act (hereinafter referred to as HIPAA) has been formally enacted.Minimizing the risk of patient information leakage has become a top priority for medical service organizations.

02Cyber ​​threats are getting harder to spot

On January 23, 2021, Kroger Pharmacy executives were notified of the Bullock gang intrusion.A week later, Kroger received another $5 million ransom demand and evidence that the personal health information of more than 500,000 Kroger customers had been stolen.The massive data breach occurred despite all of their systems being online and the network showing no signs of a malicious attack.

How exactly did this cyber attack work?

CLOP used a known Accellion file sharing vulnerability as an attack vector to attack Kroger's network.CLOP uses a zero-day attack to gain entry and then deploys the DEWMODE web shell in device memory to access and infiltrate hundreds of thousands of personal health information without triggering any endpoint security solution alerts.This situation is becoming more and more common.As the attack surface of the healthcare services industry continues to expand, and healthcare zero-day attacks are at an all-time high, attackers have more places to enter the network and hide once they get there.

According to IBM, it takes an average of 329 days for a healthcare organization to detect and contain a data breach.However, threat actors are increasingly using malware that does not generate signatures or relies on disk executables.Last year, the rate of fileless attacks using signatureless tools like Cobalt Strike beacons soared 900%.Such threats may bypass tools such as EDR or AV by signing and identifying known threat behaviors.

03 Cyber ​​AttackYesMedical institutionsSevere losses

For small healthcare organizations, the cost of downtime from a cyberattack may be lower.But for a mid-sized healthcare organization, the average cost of downtime for a full breach is $45,700/h.In this threat environment, it is highly undesirable for healthcare providers to continue to rely on reactive strategies.Obviously, in order to cope with the increasing number of medical cyberattacks, data security in the medical field needs to explore new development directions.

How to ensure data security in the medical field? 

01Cybersecurity defense in the medical field needs to change direction

Improving the security posture of healthcare networks requires a move toward a zero-trust environment and a defense-in-depth (DiD) strategy.However, even basic zero-trust requirements, such as mandating multi-factor authentication (MFA) or disabling accounts after a certain time limit, are difficult to enforce.Healthcare workers have little tolerance for safety controls that affect their productivity or affect their lives.Overcoming these obstacles presents procedural and political challenges for security teams.

02 Effective measures to safeguard medical data

It is now technically and economically feasible to strengthen Zero Trust and deepen DiD.Morphisec's lightweight, revolutionary Moving Target Defense (MTD) technology proactively blocks advanced fileless and runtime attacks that Next Generation Antivirus (NGAV), Endpoint Detection and Response (EDR) cannot consistently detect.Moving Target Defense (MTD) technology brings zero-trust protection to healthcare servers and endpoints without compromising the user experience.

03 Moving Target Defense (MTD) Technology How to achieve zero trust protection?

Moving Target Defense (MTD) technology turns application memory into a trustless environment, randomly changing trusted runtime application code andAutomatically block unauthorized codes.It keeps changing the real entry, leaving fake entries, but without affecting any authorized applications and processes.If unauthorized code attempts to execute on the target, it opens a "false door" trapping it for forensic analysis.Without prior identification or analysis, MTD proactively stops the most advanced destructive attacks before they are deployed and cause damage.Additionally, MTD adds an ultra-lightweight active defense layer that fills security gaps for runtime vulnerabilities that other security solutions cannot effectively address.Therefore, MTD has no impact on device performance and does not require monitoring.This is very important for a healthcare organization's cybersecurity environment.