VGM & ASSOCIATESHealthcare MSO
Full Menu Search

Strengthening Cybersecurity in Business Operations: Lessons from Recent Healthcare Incidents

Published in Complex Rehab on December 18, 2024

Strengthening Cybersecurity in Business Operations: Lessons from Recent Healthcare IncidentBy Ryan Wood, Chief Information Security Officer (CISO), VGM Group, Inc.

In today’s digital age, cybersecurity is no longer just an IT concern; it is a critical aspect of business operations. The recent cybersecurity incidents involving Change Healthcare and Medicare breaches have highlighted the vulnerabilities in our systems throughout the industry and the urgent need for robust cybersecurity measures.

The Medicare breaches exposed the personal information of nearly one million beneficiaries.

Understanding the Incidents

The Change Healthcare incident, which occurred in February 2024, was a significant ransomware attack that compromised 4TB of data. Despite a $22 million ransom payment, the malicious actors did not delete their copy of the breached data, leading to widespread concerns about patient privacy and data security. Similarly, the Medicare breaches exposed the personal information of nearly one million beneficiaries, including names, Social Security numbers, and medical claims information. These breaches were part of a pattern where hackers exploited vulnerabilities in third-party systems, such as the MOVEit file transfer program.

Impact on Business Operations

These incidents have far-reaching implications for business operations, especially in the healthcare sector. The immediate impact includes financial losses, reputational damage, and operational disruptions. For instance, the Change Healthcare breach affected billing and care authorization portals, leading to delays and inefficiencies. Moreover, the exposure of sensitive information can result in legal liabilities and loss of customer trust.

The healthcare industry is particularly vulnerable due to the sensitive nature of the data it handles.

For VGM & Associates members, the implications of these cybersecurity breaches extend far beyond immediate financial losses. The healthcare industry is particularly vulnerable due to the sensitive nature of the data it handles. Imagine the potential fallout if a breach exposed patient health records; not only could it lead to severe legal penalties under regulations like HIPAA, but it could also irreparably damage patient trust, ultimately affecting the bottom line.

Consider the specific case of the Change Healthcare incident. The ransomware attack that compromised 4TB of data disrupted billing processes and care authorizations, resulting in significant delays. This scenario underscores the critical need for robust cybersecurity measures in ensuring operational continuity. If such an incident were to occur within VGM & Associates, it could paralyze entire departments, delaying critical patient care and straining resources as IT teams scramble to contain the breach.

The Medicare breaches provide another poignant example. With nearly one million beneficiaries’ personal information compromised, the incident underscores the importance of securing third-party systems. VGM & Associates members often rely on multiple vendor partners for their operations, from billing services to electronic health records. Ensuring that these vendor partners adhere to stringent cybersecurity standards is not just best practice—it’s a necessity. Failure to do so can result in substantial legal liabilities and loss of business.

Consider this phishing attack example as if it were to target VGM & Associates or any provider in our industry. We will use the MITRE ATT&CK framework to step through a real-world scenario that we, as a security team, see happening daily. The MITRE ATT&CK framework is like a big map that helps us understand how cyber attackers operate. Imagine it as a guidebook that shows the different tricks and techniques hackers use to break into systems and cause trouble.

Here’s a simple breakdown:

Categories of Attacks: It lists various stages of an attack, from the initial break-in to how they move around inside a system.

Techniques and Tactics: Each stage has specific methods (or tactics) that attackers use, like stealing passwords or hiding their tracks.

Defense Strategies: By knowing these tactics, we can better prepare and defend our systems against attacks.

Think of it as a playbook for both attackers and defenders, helping us stay one step ahead in the cybersecurity game.

MITRE ATT&CK Chain Steps

  1. Initial Access: The attacker sends a phishing email with a malicious link or attachment to a DME provider. The email appears to be from a trusted source, leveraging the existing relationship.
  2. Execution: The victim clicks on the link or opens the attachment, which executes malicious code on their device or sends them to a website.
  3. Credential Access: The attacker harvests the user’s credentials through a fake login page or malware. The user inadvertently types in their credentials, thinking they are logging into a legitimate VGM & Associates system.
  4. Persistence: The attacker uses the harvested credentials to gain persistent access to the victim’s account. If Multi-Factor Authentication (MFA) is not enabled or is circumvented, the attacker can maintain access over time. MFA is like adding extra locks to your door. Instead of just using a password, you need to provide another piece of information, like a code sent to your phone, to prove it’s really you. This makes it much harder for hackers to get in. Many times, the attacker attempts or succeeds in successfully adding their own additional MFA device, which could then send the code to their device instead of yours.
  5. Lateral Movement: Using the compromised credentials, the attacker accesses other systems within the network, moving laterally to escalate privileges and gain further control. The attacker can also leverage these credentials to launch secondary attacks to other VGM & Associates members, starting another attack chain.
  6. Collection: The attacker gathers sensitive information, including patient health records, billing information, and other critical data.
  7. Exfiltration: The collected data is exfiltrated to the attacker’s remote servers. This can include downloading large datasets or slowly siphoning off data to avoid detection.
  8. Impact: The attacker may deploy ransomware, encrypting critical systems and demanding a ransom. Alternatively, they may use the exfiltrated data to commit fraud, sell it on the dark web, or carry out further attacks.

Robust data protection measures, like data encryption and multi-factor authentication, can greatly reduce the risk of unauthorized access.

Given these examples, it is evident that the lessons learned from such incidents are invaluable. Strengthening third-party security is paramount. Businesses must perform due diligence in vetting their vendors’ cybersecurity protocols and require regular security assessments to ensure ongoing compliance. Robust data protection measures, such as data encryption and multi-factor authentication, can greatly reduce the risk of unauthorized access. Moreover, regularly updating and patching systems can prevent the exploitation of known vulnerabilities.

Developing a comprehensive incident response plan is another crucial step. Such a plan enables businesses to quickly contain and mitigate the impact of a cyberattack, minimizing operational disruptions and safeguarding sensitive data. Regular training and drills ensure that employees are well-prepared to respond effectively to any cybersecurity threats.

A zero-trust approach adds an additional layer of security, significantly enhancing the organization's cybersecurity posture.

To truly safeguard their operations, businesses should adopt a zero-trust security model. Unlike traditional perimeter-based security, a zero-trust approach assumes that threats can come from both inside and outside the network, verifying every access request regardless of its origin. This strategy adds an additional layer of security, significantly enhancing the organization’s cybersecurity posture.

By understanding these lessons and implementing robust cybersecurity measures and awareness, VGM & Associates members can better protect themselves against future threats. Not only does this proactive approach safeguard their business operations, but it also demonstrates a commitment to safeguarding patient data, thereby maintaining trust and compliance in an increasingly digital world.

Cybersecurity

Lessons Learned

  1. Strengthen Third-Party Security: The Medicare breaches underscore the importance of securing third-party systems. Businesses must ensure that their vendors adhere to stringent cybersecurity standards and conduct regular security assessments.
  2. Implement Robust Data Protection Measures: Encrypting sensitive data and implementing multi-factor authentication can significantly reduce the risk of unauthorized access. Regularly updating and patching systems is also crucial to prevent exploitation of known vulnerabilities.
  3. Develop a Comprehensive Incident Response Plan: Having a well-defined incident response plan can help businesses quickly contain and mitigate the impact of a cyberattack. This includes regular training and drills for employees to ensure they are prepared to respond effectively.
  4. Enhance Employee Awareness and Training: Human error remains a significant factor in  cybersecurity breaches. Regular training and awareness programs can help employees recognize and avoid phishing attempts and other common attack vectors.
  5. Adopt a Zero-Trust Security Model: Traditional perimeter-based security models are no longer sufficient. A zero-trust approach, which verifies every access request regardless of its origin, can provide an additional layer of security.

By adopting a proactive approach and implementing the lessons learned, businesses can better protect themselves against future cyber threats.

Moving Forward

The recent incidents serve as a wake-up call for businesses to prioritize cybersecurity in their operations. By adopting a proactive approach and implementing the lessons learned, businesses can better protect themselves against future cyber threats. As the Chief Information Security Officer at VGM, I urge all business leaders to take these threats seriously and invest in robust cybersecurity measures to safeguard their operations and customer’s data, especially when it comes to their patient’s health data. 

Action Item: Strengthen Your Cybersecurity with Free and Trusted Resources 

  1. Start with Free Resources: Utilize the Cybersecurity and Infrastructure Security Agency (CISA) for free tools and guidance. CISA offers a wealth of resources to help you understand and implement basic cybersecurity measures. Additionally, check with your local government for any cybersecurity support programs they might offer.
  2. Partner with Experts: Consider partnering with cybersecurity firms for more comprehensive protection. For example, ProCircular is a trusted partner that VGM uses for parts of our cybersecurity program. They can provide tailored solutions and expert advice to enhance your security posture.

By leveraging these resources, you can build a strong foundation for your cybersecurity efforts without overwhelming your team.

Resources

Change Healthcare Reports Ransomware Data Breach to HHS (hipaajournal.com)

Medicare data breach bared info of nearly 1M people (axios.com)

Medicare Data Breach Impacts 600,000 Beneficiaries (aarp.org)

https://apnews.com/article/change-cyberattack-hospitalspharmacy-alphv-unitedhealthcare-521347eb9e8490dad695a7824ed11c41

MITRE ATT&CK® – MITRE ATT&CK Framework

Home Page | CISA – Cybersecurity and Infrastructure Security Agency

ProCircular I CyberSecurity Consulting Based in the Midwest

READ THE FULL ARTICLE HERE

VGM Playbook Mastering Business Management and OptimizationThis article was originally featured in the VGM Playbook: Mastering Business Management and Optimization. To read the full article and more like this, download your copy of the playbook today

TAGS

  1. cybersecurity
  2. operations
  3. playbook
  4. vgm

Get Connected

Stay up-to-date on the latest resources and news provided by VGM & Associates.

Sign Up for Email

From Our Experts

Aligning Your Capital Structure with Growing Your Business thumbnail Aligning Your Capital Structure with Growing Your Business By preparing and adapting for economic changes, you will be helping maintain strong working capital and positive cash flow to facilitate stability and growth. Operational Excellence: Ten Proven Concepts for Business Management thumbnail Operational Excellence: Ten Proven Concepts for Business Management Operational excellence is not just about improving efficiency and reducing costs, it's about creating a culture of continuous improvement and innovation that drives long-term success. Exciting Updates to the VGM Heartland Conference: New Colors and Logo thumbnail Exciting Updates to the VGM Heartland Conference: New Colors and Logo As part of our ongoing commitment to innovation and excellence, we have refreshed our VGM Heartland Conference brand with new colors and a modernized logo. Mobility City Holdings, Inc. Completes Its Fifth Annual Franchise Owners Conference in Boca Raton thumbnail Mobility City Holdings, Inc. Completes Its Fifth Annual Franchise Owners Conference in Boca Raton Attendees had the chance to network, exchange best practices, and explore new mobility solutions from exhibitors, ensuring that Mobility City remains at the forefront of the industry. Enhancing Referral Relationships Through Effective Physician Liaison Strategies thumbnail Enhancing Referral Relationships Through Effective Physician Liaison Strategies In today's dynamic healthcare environment, the importance of nurturing relationships with referral sources cannot be overstated. An effective physician liaison strategy is essential for sustained success. VGM Calls for 2025 Heartland Conference Speakers thumbnail VGM Calls for 2025 Heartland Conference Speakers VGM is now accepting proposals from prospective speakers for its annual Heartland Conference, taking place June 9-11, 2025. Cindi Petito and Nikki Grace Join VGM & Associates thumbnail Cindi Petito and Nikki Grace Join VGM & Associates VGM & Associates is excited to announce key leadership updates. Cindi Petito will be joining as Director of Clinical Networks, and Nikki Grace will be joining as Director of OPGA. Tyler's Thoughts: October 2024 thumbnail Tyler's Thoughts: October 2024 We are thrilled to introduce the newest member of the U.S. Rehab team, Cindi Petito, who will be joining us as the Director of Clinical Networks.

Be Part of Something Bigger

Become a Member