By Morgan Wright, Chief Security Advisor, SentinelOne
The recent ransomware attack on Change Healthcare, a subsidiary of UnitedHealth Group, has highlighted critical vulnerabilities within the healthcare sector. This incident disrupted the processing of insurance claims, causing significant distress for patients and providers alike. Pharmacies struggled to process prescriptions, and patients were forced to pay out-of-pocket for essential medications, underscoring the urgent need for robust cybersecurity measures in healthcare.
The urgency of strengthening cybersecurity is not limited to the United States. In India, the scale of cyber threats faced by healthcare institutions is even more pronounced. In 2023 alone, India witnessed an average of 2,138 cyber attacks per week on each organisation, a 15% increase from the previous year, positioning it as the second most targeted nation in the Asia Pacific region. A notable incident that year involved a massive data breach at the Indian Council of Medical Research (ICMR), which exposed sensitive information of over 81.5 crore Indians, thereby highlighting the global nature of these threats.
This challenge is not one that funding alone can solve. It requires a comprehensive approach that fights fire with fire—or, in modern times, staves off AI attacks with AI security. Anything short of this leaves private institutions, and ultimately their patients, at risk of losing personal information, limiting access to healthcare, and destabilising the flow of necessary medication. Attackers have shown us that the healthcare sector must be considered critical infrastructure.
The healthcare sector: A prime target for cyberattacks
Due to the sensitive nature of the data it handles, the healthcare industry has become a primary target for cybercriminals. Personal health information (PHI) is precious on the black market, making healthcare providers attractive targets for ransomware attacks—regardless of any moral ground they may claim to stand on regarding healthcare.
In 2020, at the beginning of the pandemic, hospitals were overrun with patients, and healthcare systems seemed to be in danger of collapsing under the strain. It was believed that healthcare would be a bridge too far at the time. Hacking groups DoppelPaymer and Maze stated they “[D]on’t target healthcare companies, local governments, or 911 services.” If those organisations accidentally became infected, the ransomware groups’ operators would supply a free decryptor.
Since AI technology has advanced and medical device security lags, the ease of attack and the potential reward for doing so have made healthcare institutions too tempting to ignore. The Office of Civil Rights (OCR) at Health and Human Services (HHS) is investigating the Change Healthcare attack to understand how it happened. The investigation will address whether Change Healthcare followed HIPAA rules. However, in past healthcare breaches, HIPAA compliance was often a non-factor. Breaches by both Chinese nationals and various ransomware gangs show that attackers are indifferent to HIPAA compliance.
Leveraging AI for enhanced cybersecurity in healthcare
As cyber threats become more sophisticated, the healthcare sector must adopt advanced technologies to defend against these attacks. Artificial Intelligence (AI) offers powerful tools to enhance cybersecurity measures. AI-driven solutions can automate threat detection and response, reducing the burden on human analysts and enabling them to focus on more complex tasks. For instance, large language models (LLMs) can process and analyse vast amounts of data in near real-time, identifying threats and providing actionable insights.
AI can also play a crucial role in upskilling employees within healthcare organisations. By leveraging AI-driven insights, even less experienced team members can make informed decisions. Natural language queries allow analysts to gather information, making identifying and mitigating threats easier and quicker. Additionally, AI can automate routine tasks, enabling cybersecurity professionals to focus on strategic initiatives and improving overall efficiency.
Addressing the financial impact of cyberattacks
The financial impact of cyberattacks on healthcare providers can be devastating. The Change Healthcare breach led to significant cash flow disruptions, with providers losing millions daily. In response to this crisis, industry leaders and political figures have called for federal funding to support healthcare providers and ensure the continuity of essential services. The Senate majority leader and the American Hospital Association (AHA) have urged the federal government to provide financial assistance to mitigate the impact of the cyberattack, including accelerated and advanced payments to hospitals, pharmacies, and other affected entities.
This federal funding can help healthcare providers adopt advanced security measures and recover from the financial impact of cyberattacks. However, this approach also raises concerns about moral hazard, where healthcare institutions might rely on government assistance instead of investing in robust cybersecurity measures. Balancing immediate relief with long-term security improvements is essential to ensure the sustainability of the healthcare system.
The cybersecurity arms race
The fight against cybercrime is a constant struggle for advantage, and traditional methods can’t keep pace with ever-evolving threats. This is where Artificial Intelligence (AI) steps in. Only AI’s rapid response capabilities can match the machine speed of modern attacks.
Healthcare attacks in India are a stark reminder of the need for robust cybersecurity, especially for safeguarding sensitive patient information. Training times for new cybersecurity practitioners need to be shortened so they can quickly level up and meet evolving challenges head-on. While government funds alone won’t solve the problem, the right investments made by public and private institutions can bring us closer to securing one of our most critical infrastructures.
