New Delhi : Although the pandemic led to rapid digital transformation in the healthcare sector, it also increased the sector’s vulnerability to cybercrimes. Hospitals, pharma, healthcare and insurance companies have come under increasing attack, as healthcare data can fetch a good amount of money on the dark web. In an interview, United Health Group’s Chief Information Security Officer Amy Cardwell explained how vulnerable this sector is and what it needs to do to stop cyber threats. Edited excerpt:
Do you see a big difference in the security preparedness of companies in India compared to the US?
The difference is not only between the US and India, but also between South America and many other different markets. It is up to each company that holds patients’ or partners’ data to keep it safe, no matter what market they are in. Sometimes it’s safe to have data in pen and paper, but then you’re not even serving patients. It’s complicated, but it’s important for us to make sure we’re bringing best practices to protect data in every market we operate.
How to fight the rising cases of ransomware attacks?
More than 11% of ransomware attacks target healthcare. It depends on where the attack takes place. If it happens on a person’s computer, which is often the case, it’s not that hard to defend. We need to filter the email before it comes in. More than 90% of the emails that come to our servers are rejected because most of them contain malware or ransomware. This eases the burden on individuals not to click on the wrong links. But this burden on individuals is also significant because sometimes that filter can miss some emails. Education is an important aspect of this. It is also important to monitor the system so that once detected we can isolate something. We want to keep the blast radius as small as possible because lateral motion is one of the things that makes it worse.
Do you think companies should pay ransom if they fall victim to such attacks?
Most companies pay the ransom, but most of them do not get their data back. It’s like negotiating with terrorists. You can’t trust them. Even if you pay them, most systems will not be restored. In most cases only 60% of them are restored. Many companies are attacked again by the same groups. Companies should think about what would happen if they were caught in that situation and instead of paying the ransom, spent the money on preventive measures.
How can healthcare companies reduce disruption after a ransomware attack?
The best way is to back up more often. We are talking about backing up (data) on hourly basis and not for months or weeks. The more regularly you are backing up your data, the less disruption there will be. We used to think, the best way to recover from disaster is to have two nodes: proactive. If one node goes down, you switch to another. The problem is that if one of them gets hit by ransomware because they’re talking all the time they both go down. So now, we are thinking of creating another node which is ready but not active. In case of attack, we isolate the first one and bring up the second one to limit the attack.
Is the need for cyber security professionals increasing? Are there enough domain experts available?
Unfortunately, there are not enough cyber security professionals in the world. There are currently over 3.5 million open roles globally and this is only expected to grow. This is one of the reasons why our team is global. But imagine if you are running a small hospital you might not have access to the same talent.
What about Internet of Things (IoT) devices used in healthcare? We know they can be unsafe, doesn’t that add to the danger?
Securing IoT devices doesn’t have to be difficult. It just hasn’t been done. It is important to know where all the equipment is. There are all kinds of software that can see all the network traffic and which device is sending the traffic. We also know that IoT companies are not updating their software. Knowing where the tools are can help prevent something bad from happening. So, if a glucose monitor is suddenly sending something different than it usually does, it is a red flag and our systems alert us about it immediately.