The Importance of Data Loss Prevention in Healthcare

As healthcare providers battle an ongoing global pandemic, behind the scenes another war wages; one with their data security. The healthcare industry is no stranger to cyberattacks. Not only do healthcare providers account for 30% of all large data breaches, they experience the highest data breach costs and are the most targeted organizations across all sectors. Data loss prevention in healthcare has always been important, but in 2021 the situation became even more dire. As COVID raged, HIPAA-covered entities began reporting data breaches at a rate of two or more per day. And the risks have only escalated since then.

The outlook may seem grim, but lessons can be learned from healthcare providers taking a proactive approach to their data security. Looking at an endpoint monitoring use case, we can see how one healthcare organization did just that. 

The Use Case

One of the most commonly used cyberattack varieties threatening the healthcare industry is the Emotet Botnet. Hackers are known to use sophisticated phishing emails targeting healthcare workers with Emotet trojan infected Word documents or Zip files attached. Once opened, the trojan wreaks havoc on the computer and makes its way through the network, then adds the computers to a compromised network that’s then leased to the highest bidder for further malware or ransomware attacks. 

While the Emotet Botnet was disabled in a high-profile, multi-agency takedown in 2021, the threat hasn’t gone away. Just months after news broke that the Emotet Botnet was put out of action, security analysts witnessed a rebuilding of the botnet, making it a top threat to healthcare providers in 2022. 

Our use case comes from an urgent care group heeding this warning. 

After seeing a neighboring healthcare provider lose access to its systems and become unable to provide patient care after falling victim to a ransomware attack made possible by the Emotet botnet, the technology manager of an urgent care facilities group decided it was time to take action. Knowing the malware was most commonly distributed through phishing emails targeting employees, the technology manager decided it was time to beef up their endpoint data loss prevention strategy. 

In order to strengthen their email security and protect their employees from opening malicious links and attachments that may contain malware, the urgent care group decided to roll out an endpoint user activity monitoring software with a focus on email monitoring. 

The capabilities and features of the endpoint activity monitoring provided the added protections the care group wanted and thensome. 

To satisfy their email monitoring focus, system administrators enacted behavior rules and policies that prohibited the download of email materials from any non-whitelisted email addresses. Then, additional alerts and restrictions were put into place to strengthen their email security. Since the monitoring agent was capable of tracking all email usage, any incoming emails with attached Word documents and Zip files were automatically flagged for admin attention. Administrators also set up notifications to ping the system whenever emails were received from suspicious addresses. 

The group’s IT admins then co-opted the monitoring agent’s capabilities and features to strengthen their compliance management. Using the predefined rules and policy behaviors built into the monitoring suite, administrators set up notifications and alerts for whenever patient PHI was being shared or accessed in an unauthorized and noncompliant manner. 

With all of the rules and policies in place, system administrators watched and waited. Their endpoint security soon paid off. 

During the first week of deployment, administrators were alerted to over 4,000 emails containing suspicious downloadable materials. From these emails, 13 attempts to click on or download these attachments were blocked. Additionally, the monitoring agent found seven instances of patient PHI being mishandled and shared outside of the protected file sharing system the urgent care group had in place. 

The monitoring suite’s uses for the urgent care facility group didn’t stop there. Seeing the amount of data and screen recordings of the risky behaviors empowered the technology management department to take their cybersecurity practices a step further. 

Armed with the data provided by the monitoring suite, they created more informed and frequent cybersecurity training sessions for their top risky users and used the emails that resulted in unauthorized download attempts as examples for what to avoid. Activity logs produced by the monitoring agent also played a role in hardening their cybersecurity posture. With more activity data available, they were able to conduct deeper forensic investigations and enrich the department’s threat intelligence. 

The monitoring agent gave the urgent care immediate resolutions to their data loss and cybersecurity needs and the ability to create long-term solutions with more exacting cybersecurity training and provided more context to their security system alerts. 

Data Loss Prevention In Healthcare

Data loss prevention in healthcare does more than protect patient PHI, it also ensures consistency in patient care by making sure the systems are running and available. As we saw in the use case, single solutions like endpoint monitoring help combat the most common threats facing the sector but can also give rise to other security benefits. This is a crucial strategy when it comes to data loss prevention in healthcare. With attack frequency on the rise and threat actors taking advantage of the stressed system, dynamic solutions that improve security readiness are necessary.

 


Harness Data & Analytics With Teramind

Optimizing your business starts with securing your organization’s data. Now you can get data loss prevention tools  along with access to key productivity data such as app and online activity and behavior analysis in a single solution. Teramind is an enterprise grade employee monitoring platform providing business intelligence, workflow optimization and security your business needs.

But don’t just take our word for it…

Author

Connect with a Teramind Expert

Get a personalized Teramind demo to learn how you can help your organization with insider threat detection, productivity monitoring, employe monitoring, data loss prevention, and more.

Table of Contents