NEW DELHI : Although the pandemic led to a rapid digital transformation in the healthcare sector, it also increased the sector’s vulnerability to cybercrime. Hospital, pharmaceutical, healthcare and insurance companies have faced increasing attacks as healthcare data can fetch considerable sums on the dark web. In an interview, Aimee Cardwell, chief information security officer at United Health Group, explained how vulnerable the industry is and what it needs to do to prevent cyberthreats. Edited excerpts:
Do you see a significant gap in the security readiness of companies in India compared to those in the US?
The difference is not only between the US and India, but also between South America and many other different markets. It is up to every company that has patient or partner data to keep it safe, no matter what market they are in. Sometimes it’s safer to have data on paper and pencil, but then you’re not serving patients as well. It’s complicated, but it’s important to us to make sure we apply best practices to protect data in every market we operate in.
How to fight against the increasing cases of ransomware attacks?
Over 11% of ransomware attacks target healthcare. It depends on where the attack occurs. If it happens on an individual’s computer, which is often the case, it’s not hard to defend. It requires us to filter emails before they arrive. More than 90% of the emails that reach our servers are discarded, since most of them are malware or ransomware. Reduce the burden on people of not clicking the wrong link. But that burden on people is also important, as sometimes that filter can miss some emails. Education is an important aspect of it. It’s also important to look at the system so we can isolate something once we detect it. We want to keep the blast radius as small as possible because lateral movement is one of the things that makes it worse.
Do you think that companies should pay the ransom when they are victims of these types of attacks?
Most companies pay the ransom, but most of them do not get your data back. It’s like negotiating with terrorists. You can’t trust them. Even if you give them the money, most systems won’t be restored. Only 60% of them are restored in most cases. Many companies are attacked again by the same groups. Companies should think about what would happen if they get caught in such a situation and spend money on preventive measures instead of paying the ransom.
How can healthcare companies minimize disruption after a ransomware attack?
The best way is to back up more often. We are talking about backing up (data) every hour and not months or weeks. The more regularly you back up your data, the less likely it is to be disrupted. We used to think that the best form of disaster recovery is to have two nodes: active-active. If one node fails, you switch to the other. The problem is that if one of them is attacked by ransomware, since they are talking all the time and they both go down. Now, we are thinking of having a second node that is ready but not active. In case of attack, we isolate the first to limit the attack and show the second.
Is the need for cybersecurity professionals growing? Are there enough domain experts available?
Unfortunately, there are not enough cybersecurity professionals in the world. There are over 3.5 million job openings worldwide right now and it is only projected to grow. It’s one of the reasons our team is global. But imagine if you run a small hospital, you may not have access to the same talent.
What about Internet of Things (IoT) devices used in healthcare? We know they can be vulnerable, doesn’t that increase the threats?
It is not difficult to protect IoT devices. It just isn’t done. It is important to know where all the devices are. There are all kinds of software that can see all network traffic and what device is sending traffic. We also know that IoT companies are not updating their software. Knowing where the devices are can help prevent something bad from happening. So if a glucose monitor suddenly sends something different than it usually does, it’s a red flag and our systems instantly alert us to it.