The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s incumbent upon healthcare organizations to limit their exposure, and minimize the likelihood of cyberattacks. According to the HIPPA Journal, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reported 725 healthcare-related data breaches in 2023, exposing 133 million records in 2023. HHS noted an almost continual upward trend in these numbers every year since the data was first tracked 14 years ago. In 2023, OCR reported a 239% increase in hacking-related data breaches between January 1, 2018, and September 30, 2023, and a 278% increase in ransomware attacks over the same period. In 2019, hacking accounted for 49% of all reported breaches. In 2023, 79.7% of data breaches were due to hacking incidents. Obviously, threat actors are upping their game while healthcare institutions are struggling to protect their data, but an offensive and defensive approach to security can improve resilience and reduce risk. In its report, Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape, Trustwave’s elite SpiderLabs team covered the Techniques, Tactics, and Procedures (TTPs) attackers use to gain the access that results in a ransomware attack or data breach, which in the end will likely expose elements found in the victim’s database. This means the first step in database security is often making sure cybersecurity basics are covered. Phishing and business email compromise (BEC) attacks are the most common and generally successful. These can target anyone inside an organization and contain malicious attachments or links that lead to an attacker injecting malware. Other methodologies are finding credentials either on the Dark Web or in the network itself, exploiting system software vulnerabilities, or gaining access through a third party or the supply chain. Essentially, finding a poorly secured partner with access to the primary target and then using that access as a gateway. On the defensive side, SpiderLabs has many recommendations a healthcare or any organization can implement either on its own or by partnering with a security firm. These include: Recognize the significance of patching in the healthcare sector, where it can be challenging due to reliance on legacy systems. Organizations should also adopt a Zero Trust Architecture approach to protect databases on the principle of “never trust, always verify.” As defined by NIST, the gist is that no person, system, network, or service is ever trusted, no matter where it’s located (within corporate walls vs. the Internet) or who owns it. That means organizations must verify anything and everyone attempting to establish access to the network and/or resources. Zero Trust, then, also applies to the databases where the most crucial data are stored. In addition to the authorization and authentication that takes place before anyone should be granted access to any of the resources, in a Zero Trust environment, additional measures are needed to ensure the security of data. Those measures are required to: Since databases are where the crown jewels are kept, database security is paramount. Database auditing tools like Trustwave’s DbProtect and AppDetectivePRO deliver seven times more database-specific security and compliance checks vs. vulnerability assessment tools. DbProtect accomplishes this by proactively assessing database threats to gain visibility into the vulnerabilities in on-premises or cloud databases that could lead to a data breach. It automates critical data security by uncovering vulnerabilities that would-be attackers could exploit, limiting user access to the most sensitive data, and alerting on suspicious activities, intrusions, and policy violations. As a result, clients can spend less time chasing database security alerts and more time on activities that drive value, like remediating risks and reducing the attack surface. Take the first step towards a more secure database by clicking here or the image above.Database Security Starts with having Solid Cybersecurity Practices
Zero Trust and Database Security
Trustwave’s DbProtect and AppDetectivePRO
The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...
The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...
The US Justice Department conducted a court-authorized operation in January that thwarted an on-going Russian GRU botnet campaign that used unchanged publicly known default administrator passwords to...