Page 10 - SFHN0219pagesFinalCF.qxp

Page 10 - SFHN0219pagesFinalCF.qxp_Page layout

P. 10

Brace for the Breach:

BDO Cyber Threats

Understanding the landscape of cyber- and processes. Denial of service attacks
security threats and ways to mitigate can sometimes be amplified by criminal
those threats can seem daunting. New services available on the Dark Web, Riggi
threats are emerging all the time, as bad explained, making them more damaging,
actors seek to gain access to the valuable luckily these have not been too prevalent
data collected and stored by healthcare in healthcare. However, a growing cate-
organizations, including health systems gory of threat is supply chain attacks,
and hospitals. Two trusted leaders in the wherein an adversary attempts to com-
field of cybersecurity reveal the most promise a vendor’s technology or net-
underrated threats to the health sector, work connections to penetrate the net-
and offer guidance on building a “cyber- work of the vendor’s customer. Given the
security culture,” including suggested large number of vendors and the variety
policies and procedures. “We have to of technology and services moving in
really start with leadership,” said Shawn and out of hospitals every day, this type BY GREGORY GARRETT, HEAD OF U.S. AND INTERNATIONAL
Belovich, a managing director in the of attack may represent a significant vul- CYBERSECURITY, BDO; PATRICK PILCH, MANAGING DIRECTOR AND
technology and business transformation nerability for hospitals and health sys- NATIONAL LEADER, HEALTHCARE ADVISORY, BDO; SHAWN BELOVICH,
services practice at BDO. “We need to tems. “Before resources are diverted from
embrace cybersecurity and we need to defending against external threats to MANAGING DIRECTOR, TECHNOLOGY
push it across the board.” defending against internal threats, one AND BUSINESS TRANSFORMATION SERVICES, BDO
In the first half of 2018, U.S. health- has to understand what constitutes an
care organizations reported 176 large- internal threat-related incident reported
scale data breaches. With the widespread to HHS,” Riggi said. These types of data Who’s behind the threats? right outside a sensitive government mil-
adoption of electronic health records losses include stolen unsecured laptops Hacktivists, criminals and nation- itary installation,” Riggi said, adding that
(EHRs) and introduction of many other or, for example, staff mistakenly emailing states are the three broad categories of the personnel with high level security
connected technologies in the health set- unencrypted spreadsheets containing cyber adversaries who are conducting clearances and their families associated
ting, hospitals and health systems are protected health information. these types of cyberattacks. For hospitals with this base may be treated at the local
vulnerable to cyberattacks. For instance, Crypto hijacking, on the other hand, is and health systems, criminals are the hospital. “I guaranteed this CEO that his
the number of connected medical a growing threat that is not well-known biggest threat, because they tend to go hospital and all his network connections
devices is estimated at 10 billion, and in the healthcare sector, Riggi said. This after high-value targets of patient health had already been mapped, probably by
will reach 50 billion by 2028, according “cryptojacking” malware harnesses an data, to sell on the dark web and mone- China and Russia, seeking to gain those
to BDO. Meanwhile the cost of cyber lia- organization’s vast computing power, tize through other frauds. Criminals may health records.”
bility insurance continues to climb along network resources, and energy to illegal- also deny access to critical information As with this rural hospital CEO, many
with the number and frequency of ly mine lucrative digital currency While such as patient records by encrypting healthcare leaders underestimate the
attacks. As a result of this threat, health- the malware itself may not intentionally those records through the deployment of threat from nation-states. In a survey by
care organizations are beginning to re- do harm to a computer system, its energy ransomware. However, nation-states are the AHA of 475 hospitals, only 7 percent
evaluate operations, Belovich said. and computing power drain may disrupt also a significant cyber threat and have of respondents named nation-states
important services that hospitals provide increased their targeting of hospitals and among their top three cyber adversaries.
Types of attacks and their and compromise care delivery or patient health systems. “They’re being targeted The most cited were external criminal
prevalence in healthcare safety, Riggi said. by hostile nation-states for theft of intel- cyber adversary (52%), internal threat
In order to adequately prepare, health- Ransomware continues to be the best- lectual property related to medical (38%) and hacktivist (10%). It’s interest-
care organizations should understand the known and perhaps the greatest cyber research, innovations, cancer studies, ing that hacktivists were cited more often
cyber threat landscape, said John Riggi, threat to hospitals. Belovich noted that population health studies, research for than nation states as a top cyber adver-
senior advisor for cybersecurity and risk ransomware services can be purchased precision medicine and clinical trials, sary, but reports show that very few
at the American Hospital Association on the Dark Web, allowing for the easy and also potentially for conversion for hacktivists target hospitals, Riggi and
(AHA). Riggi identified the top seven entry of new threat actors. Another military use such as biological weapons,” Belovich said.
general categories of attacks as: major and perhaps the most significant explained Belovich and Riggi. At BDO, we’re committed to helping
• Denial of service attacks threat to hospitals are computer intru- Additionally, nation-states may be our clients with all their risk mitigation
• Business email compromise sions originating from external, mainly looking for individual health records of demands—and especially with a cyberse-
• Supply chain attacks foreign based criminal organizations. high-value targets such as leaders of our curity risk management program.
• Internal threats Based upon a June 2018 study of Federal military or government, Riggi explained.
• Crypto hijacking data published by the American Medical He recalled having a conversation with Contact:
• Ransomware Informatics Association, hacks account the CEO of a small, rural hospital in the Alfredo Cepero, Managing Partner
• Computer intrusions for just 15 percent of all cyber incidents Midwest who felt that his hospital would 305-420-8006/ acepero@bdo.com
Denial of service attacks make a in healthcare, but 85 percent of stolen never be the target of a nation-state.
machine or network resource unavailable records, Riggi said. “When I asked the location, I realized Angelo Pirozzi, Partner
to intended users, disrupting their work immediately that they were positioned 646-520-2870 / apirozzi@bdo.com

Hello Miamii

Leading, bilingual mental heealthcar e
that’ s close to homee.
s

rogersbh.org/Miami
844-468-9696

10 February 2019 southfloridahospitalnews.com South Florida Hospital News

5 6 7 8 9 10 11 12 13 14 15