Author: Stephanie Kille, Customer Success Manager, Plixer
Recent years have seen a disturbing trend of healthcare data breaches, with cybercriminals targeting organizations across the industry. These breaches not only compromise sensitive personal information but also erode trust in healthcare institutions and expose individuals to various forms of fraud and identity theft. Against this backdrop, the recent breach at UnitedHealth, affecting a substantial portion of the American population, serves as a stark reminder of the urgent need for robust cybersecurity measures in healthcare.
UnitedHealth, a leading health insurer in the U.S., fell victim to cybercriminals who infiltrated its systems and exfiltrated sensitive health data, highlighting an urgent need for advanced cybersecurity measures. The breach involved sophisticated tactics that outmaneuvered traditional security defenses, pointing to the necessity for more comprehensive and adaptive cybersecurity strategies.
At Plixer, we understand the pressure on NetOps and SecOps teams and how their relentless efforts to keep the network performant and secure can be overlooked or taken for granted until something major happens. That’s why we build solutions that redefine what it means to know your network. As data continues to grow, today’s networks are becoming infinitely larger and more dynamic. If you do not know what is happening on your network, your entire business is at risk. It is no wonder why attack surface expansion is a top security trend according to Gartner.
How Plixer Could Have Helped:
Plixer’s network security and analytics solutions could have offered significant protection in this scenario. Our technology provides deep visibility into network traffic and user behaviors, enabling the detection of anomalies that often precede a breach. Here’s how specific Plixer technologies could have made a difference:
- Data Ingestion and Analysis: The Plixer One Platform can ingest vast amounts of data from various sources across your network. By analyzing this data, Plixer can identify unusual patterns such as sudden spikes in data access or unusual outbound traffic, which are indicative of a data breach.
- FlowPro Defender: This tool could have been pivotal by monitoring DNS requests and responses for signs of exfiltration or command and control (C2) communications, which are common in such breaches. By intercepting these attempts, FlowPro Defender can alert administrators to potentially malicious activity.
- Replicators: These are used to capture and replicate traffic to a central point where it can be analyzed. The replicators would help in maintaining a redundant flow of information in real-time, ensuring that no single point of failure could blind the security operations center (SOC) to ongoing attacks.
- Advanced Threat Detection Technologies: These technologies use machine learning and behavioral analytics to detect anomalies. For instance, if a user suddenly accesses a large volume of data, or there is an unrecognized command and control communication, The Plixer One Platform could alert and initiate preventive measures in real-time.
- Reporting and Filtering: The customizable reporting and filtering capabilities of The Plixer One Platform would have allowed UnitedHealth to fine-tune which types of data are monitored and alerted upon, making it easier to detect and respond to threats specific to the healthcare industry.
UnitedHealth isn’t alone:
In 2023, the healthcare industry in the United States was the most targeted by cyber-attacks, more than doubling to 809 data compromises
- Ransomware Attacks: One of the most prominent examples occurred in 2017 when the WannaCry ransomware attack affected more than 150 countries, including significant disruption to the UK’s National Health Service (NHS). Hospitals and clinics were forced to turn away patients and cancel appointments as the malware locked access to files.
- Data Breaches: In 2019, a major data breach at Anthem Inc., one of the largest health insurance companies in the U.S., exposed the personal information of nearly 80 million people. This included names, dates of birth, Social Security numbers, and healthcare IDs.
- Phishing Attacks: Spear-phishing campaigns often target healthcare providers by mimicking legitimate emails from trusted sources. An example is the 2018 incident involving UnityPoint Health, where attackers gained access to email accounts containing personal and medical information of about 1.4 million patients.
- DDoS Attacks: Distributed Denial of Service (DDoS) attacks are also a threat, as seen in the 2014 attack on Boston Children’s Hospital by the hacktivist group Anonymous. The attack was part of a protest against a medical custody case, significantly disrupting hospital operations.
As cybersecurity threats in the healthcare sector continue to escalate, it is crucial for healthcare organizations to prioritize robust cybersecurity solutions and adopt a proactive stance in protecting sensitive data. By remaining vigilant and embracing cutting-edge technologies, these organizations can effectively mitigate the risk of data breaches and uphold the privacy and security of their patients’ information.