Trustwave Blog

Defending Healthcare Databases: Strategies to Safeguard Critical Information

Written by | Feb 23, 2024

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s incumbent upon healthcare organizations to limit their exposure, and minimize the likelihood of cyberattacks.

 

According to the HIPPA Journal, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reported 725 healthcare-related data breaches in 2023, exposing 133 million records in 2023. HHS noted an almost continual upward trend in these numbers every year since the data was first tracked 14 years ago. In 2023, OCR reported a 239% increase in hacking-related data breaches between January 1, 2018, and September 30, 2023, and a 278% increase in ransomware attacks over the same period. In 2019, hacking accounted for 49% of all reported breaches. In 2023, 79.7% of data breaches were due to hacking incidents.

 

Obviously, threat actors are upping their game while healthcare institutions are struggling to protect their data, but an offensive and defensive approach to security can improve resilience and reduce risk.

 

 

Database Security Starts with having Solid Cybersecurity Practices

 

In its report, Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape, Trustwave’s elite SpiderLabs team covered the Techniques, Tactics, and Procedures (TTPs) attackers use to gain the access that results in a ransomware attack or data breach, which in the end will likely expose elements found in the victim’s database. This means the first step in database security is often making sure cybersecurity basics are covered.

 

Phishing and business email compromise (BEC) attacks are the most common and generally successful. These can target anyone inside an organization and contain malicious attachments or links that lead to an attacker injecting malware. Other methodologies are finding credentials either on the Dark Web or in the network itself, exploiting system software vulnerabilities, or gaining access through a third party or the supply chain. Essentially, finding a poorly secured partner with access to the primary target and then using that access as a gateway.

 

On the defensive side, SpiderLabs has many recommendations a healthcare or any organization can implement either on its own or by partnering with a security firm. These include:

  • Regularly back up data to help ensure the ability to recover from a ransomware attack or other types of data loss. Be sure to store backups offsite and verify that they can be restored.
  • Utilize vulnerability assessments and penetration testing to identify vulnerable servers. Pay close attention to systems that store PHI, like DICOM systems.
  • Databases that store patient PHI should be a priority for system and software patching.
  • Place all servers behind the firewall and practice proper network segmentation for enhanced access control.
  • Strengthen access controls to the minimum necessary levels for authorized users.
  • Promptly patch critical vulnerable systems.

Recognize the significance of patching in the healthcare sector, where it can be challenging due to reliance on legacy systems.

  • Ransomware and other malware gangs target Remote Desktop Protocol (RDP), the Microsoft protocol that allows users to execute remote operations on other computers. So, secure exposed RDP services, patch known vulnerabilities, and/or disable them if unnecessary.
  • Trustwave’s DbProtect solution can assist in finding and protecting sensitive data on-premises or in the hybrid world.

Zero Trust and Database Security

Organizations should also adopt a Zero Trust Architecture approach to protect databases on the principle of “never trust, always verify.” As defined by NIST, the gist is that no person, system, network, or service is ever trusted, no matter where it’s located (within corporate walls vs. the Internet) or who owns it. That means organizations must verify anything and everyone attempting to establish access to the network and/or resources.

 

Zero Trust, then, also applies to the databases where the most crucial data are stored. In addition to the authorization and authentication that takes place before anyone should be granted access to any of the resources, in a Zero Trust environment, additional measures are needed to ensure the security of data.

 

Those measures are required to:

  • Identify vulnerabilities in on-premises or cloud databases that attackers could exploit to gain access to sensitive data.
  • Limit user access to the most sensitive data.
  • Alert on suspicious activity, intrusions, and policy violations.

 

Trustwave’s DbProtect and AppDetectivePRO

 

Since databases are where the crown jewels are kept, database security is paramount. Database auditing tools like Trustwave’s DbProtect and AppDetectivePRO deliver seven times more database-specific security and compliance checks vs. vulnerability assessment tools.

 

DbProtect accomplishes this by proactively assessing database threats to gain visibility into the vulnerabilities in on-premises or cloud databases that could lead to a data breach. It automates critical data security by uncovering vulnerabilities that would-be attackers could exploit, limiting user access to the most sensitive data, and alerting on suspicious activities, intrusions, and policy violations. As a result, clients can spend less time chasing database security alerts and more time on activities that drive value, like remediating risks and reducing the attack surface.