Mark Gaudet from the Canadian Internet Registration Authority (CIRA) bears some grim news about Canadian healthcare organizations today. The move to electronic data records has made healthcare organizations a real target of cyber criminals, he said in a recent webinar Preparing for the Big Hack in Healthcare.
“Healthcare data in the form of patient records and information about doctors provides cyber-criminals with all the information they need to do identity theft, to commit fraud, and to cross-reference personal information to implement other kinds of cyber crime.”
Gaudet agreed with ITWC CIO Jim Love’s opinion that hacking, which was once done by “vandals” and other such troublemakers, is now a big business, and that those — like healthcare organizations — that are in high-value areas have cause to be concerned.
“Patient records are of a high resale value, so they show up for sale on the dark web,” said Gaudet. “In large bulk sets, they’re in the order of a dollar per record, but can go as high as $1,000 per record for specific individual records.”
“Patient data is a high-value asset that needs to be protected, and if access to records is lost, a hospital or doctor’s office can just shut down.”
Gaudet presented a Stats Canada survey comparison of four sectors — Hospitals, Utilities, Air Transportation, and Finance — when it comes to anti-malware, web security, email security, and network security. “In this survey,” he said, “it looks like hospitals have a really good security posture, and have taken steps across multiple layers to protect themselves.”
There was cause for concern, however, when — consulting the same Statscan survey — Gaudet found that each hospital in Canada experienced an average of 15 cybersecurity incidents last year:
- Unauthorized access: 6
- Ransom or theft: 4
- Defacement of web presence: 1
- Theft of information: 1
- Theft of intellectual property or business data: 1
- Unknown: 2
“These weren’t just regular incidents,” he said, “these were ones that impacted their day-to-day operations.”
Despite having a high security posture and implementing different layers, healthcare organizations appear to be experiencing a significant number of security incidents. This fact begs the question of what must be done to plug the holes and cut down drastically on the number of breaches that are happening. Gaudet’s answer: defence in depth.
“The organizations we’re working with are really focusing on defence in depth — implementing multiple layers of defence. No one layer is, on its own, going to be perfect, but the overall level of security increases as you add layers.”
“What we’re seeing is that DNS is emerging as a key critical layer of defence. It has high value, requires a low level of effort to implement, and is really effective.”
Gaudet is crystal clear on why DNS is so highly effective.
“It’s used by every application, whether malicious or good. It’s used by every device on a network, from laptops to phone and any other device that uses DNS for communication. It’s basically built into the fabric of the Internet.”
A key point is that over 91 per cent of malware uses DNS for command and control. “So by observing the DNS,” said Gaudet, “you can see what malware is inside the network, and can provide another layer from which you can disable it. DNS is a layer of both defence and intelligence.
Download a copy of the presentation to find out how DNS helps organizations in the healthcare sector better secure their data.