Healthcare Security: Life, Death, and Log Files

healthcare security - log and stethoscope on a keyboard

The ability to detect, track, and define an attack helps detect issues early, reduces potential damages, and makes remediation easier.

To this end, every organization needs to make sure their key assets are creating sufficient log files to enable intelligent defense and investigation.

However, this is more than just an IT problem, since technology is now so extensively intertwined with various business processes.

Though many managers try to segregate their IT budget for convenience, some wait until failures occur before recognizing how critical IT is for business continuity.

However, failure should never be an option for your organization. There’s no reason to wait until it’s too late.

If you’re a healthcare provider, that becomes even more crucial as healthcare security can truly impact life-or-death situations.

Let’s break it down.

Attacks & Consequences to Healthcare Security

Already, the world has witnessed a child’s death in connection to a ransomware attack.

However, even in non-fatal situations, the consequences of an attack can be harmful in devastating ways.

For instance, a 2020 ransomware attack on the University of Vermont Medical Center (UVMC) disabled electronic healthcare records for a month. This forced the UVMC cancer center to deny treatment of hundreds of chemotherapy patients who had no options for treatment anywhere else.

Any disruption to healthcare IT systems directly impacts patient care – the core focus for any provider.

In fact, the Emergency Care Research Institute (ECRI) listed cybersecurity attack disruption as 2022’s #1 health technology hazard, while respondents to a Ponemon study cited measurable impacts from ransomware attacks including:

  • Longer length of stay for patients (71%)
  • Procedure and test delays resulting in poor outcome (70%)
  • Increase in patients transferred or diverted to other facilities (65%)
  • Increases in medical procedure complications (36%)
  • Mortality rate increase (22%)

But, healthcare security managers face many other attacks that also affect patients. Distributed Denial of Service (DDoS) attacks on hospital networks shut down systems just as effectively as a ransomware attack, and compromised credentials can expose patient records.

Lessons from Data Breaches

Shields Health Care Group provides medical services such as diagnostic imaging (MRI/PET/CT), radiation oncology and ambulatory surgical services. This third-party healthcare provider suffered a breach that exposed the personal information of 2 million people.

And yet, only 27% of critical and high-risk third-party vendors receive annual cybersecurity audits. With liability becoming increasingly shared, organizations of all types and sizes should more actively measure third-party provider risks.

Organizations also suffer data breaches directly.

One attacker accessed one Kaiser Permanente employee’s email account for several hours, and potentially accessed the information from 69,000 individuals.

Though Kaiser promptly stopped the breach and dutifully provided notice to affected individuals, it was unable to confirm or deny what data was breached.

This common issue typically stems from a lack of auditing controls in critical IT systems, such as access reports or log files.

Supply chain attacks via malware
Related -Are you vulnerable to supply chain attacks? Click the image to read more.

Critical Auditing Log Files and Reports

Most IT resources generate log files and reports including apps, containers, databases, email software, endpoints, firewalls, network devices, servers, and web services. Even Internet of Things (IoT) and Operation Technology (OT) can generate log files.

Log files track access, events, changes, availability, resources, and threats. Log files provide the data to trigger security monitoring alerts and the evidence tracked by cybersecurity investigators.

Even as information transforms businesses to make them stronger and more responsive, IT security teams still suffer with an incomplete IT environment picture.

To do their jobs effectively, security experts need access to reports and audit logs that provide information critical to showing who accessed the data of interest and when the access occurred.

However, log files must also be optimized so that they don’t overwhelm a security team with useless noise. A careful balance must be maintained to avoid too much information and too little.

Security and Compliance Optimization

Setting up useful log files, accurately monitoring them, and tracing them during an incident takes expertise and experience, whether you’re dealing with healthcare security or any other operation.

However, when done effectively, it results in faster detection of threats, reduced monitoring costs, and more accurate assessments of an intruder’s activities.

Outsourcing to a security expert like Blue Bastion, along with the support of Ideal Integrations, provides project-specific and long-term expertise at a fraction of the cost of in-house expertise.

Our security experts optimize log files, provide ongoing monitoring, investigate incidents, and remediate attacks.

Our deep knowledge of tools and techniques allows us to generate incident reports that satisfy law enforcement or compliance auditors, and we can even help to generate questionnaires or directly conduct 3rd-party vendor audits.

Contact Blue Bastion today at 412-349-6680 or fill out the form below and we can provide a no-obligation consultation on your current and future needs.

Secure Your Business With Blue Bastion - Contact Us Today!