AGT Advanced German Technology

Digital Forensics in Healthcare

Cyber-criminals are driven by the pursuit of information. Upon breaching the firewalls of an organisation, the goal for many malicious actors is to either extract, steal or monitor data assets of an organisation. With that in mind, it is hardly surprising that the healthcare sector is such an alluring target. Information of both patients and products are two examples of digital materials that are extremely valuable and can be sold on the dark web. The transition of hospitals and pharmaceutical companies to digital storage highlights the need for comprehensive cybersecurity. The average person would probably think that the transition means that they have invested in the necessary cybersecurity protocols and digital forensics to prevent and contain cyber-attacks. Unfortunately, this is not always the case. In 2020, TechJury reported that hospitals accounted for 30% of all large data breaches and, between 2017 and 2020, security breaches have cost $3 trillion dollars for healthcare companies.

Digital forensics involves the recovery and investigation of digital information within devices and electronics, and is an increasingly important field of forensic science. Once it was most commonly used in police and governmental investigations, but due to increasing cyber threats, businesses and organisations have needed to adopt this methodology as a form of protection against digital attacks – especially within the healthcare industry. Given the aforementioned figures, one would assume that the healthcare industry is being targeted more than other economic segments – although that is not strictly true.  

Despite the healthcare industry shifting to digital storage, the mass of data breaches is more to do with a lack of preparedness than it is due to the transition itself. According to the report by TechJury, roughly 34% of data breaches within the healthcare sector in 2020 were due to unauthorised access or disclosure – highlighting the carelessness of healthcare corporations regarding their cybersecurity. The exposure of the pharmaceutical industry and hospitals to unnecessary risk is a prevailing problem that needs to be addressed. The continuing vulnerability and lack of adequate defences is no doubt a large reason as to why cyber criminals continue the assault on their digital networks and materials. In light of the fact that cybersecurity protocols are never fool proof, it is essential that the healthcare industry make digital forensics their priority.

In the 2018 study, Healthcare Data Breaches: Implications for Digital Forensic Readiness, conducted by the University of Kentucky and Edith Cowan University in Perth, the spotlight is shone on the healthcare industry’s lack of preparedness and also the fact that investigations of incidents are often constrained by the lack of forensic readiness. The study highlights the fact that fundamental security safeguards are still considered to be lacking, despite the fact that health information is one of the most attractive targets for cybercriminals. Lack of suitable digital infrastructure and recovery plans prevent the healthcare industry from being able to contain breaches, and reduce the likelihood of them being able to retrieve and recover essential information that would prevent similar attacks in the future.

Even the largest healthcare organisations still fail to safeguard sensitive information of their patients and products. The pharmaceutical giant Pfizer is the perfect example of this, highlighting in a very public way the great need for more consistent use of digital forensics in damage reduction and prevention.

In December 2020, Pfizer was subjected to a data breach by malicious actors, regarding its COVID-19 vaccine. Crucial data about the vaccine and its development were stolen and later released in early 2021, leading Pfizer shares to drop by more than 2%. It wasn’t just their intellectual property that was compromised – the breach also affected their equity. The fallout was bad, though surprisingly it wasn’t the first time that Pfizer had failed to protect its assets. Pfizer was subjected to a large data breach on its unsecured cloud infrastructure two months prior to the vaccine hack. The storage bucket on Google Cloud contained hundreds of recorded conversations between Pfizer’s automated customer support software and patients using their prescription pharmaceutical drugs. The transcripts contained not only confidential medical information, but also full names, home addresses and email addresses of their customers that the hackers could then use to launch highly effective phishing attacks. What makes the whole situation so much worse is the fact that the information was exposed online for months prior to being taken down.

This degree of negligence indicates a completely ineffective method of digital forensics. If proactive digital forensics and incident response solutions had been established and implemented, Pfizer would have been able to swiftly assess the scope and severity of the breach and take down the information in a timely fashion. The fact that the data that was stolen was exposed for months put patients in at risk. Matt Walmsley of Vectra AI pointed out in a 2020 interview, “When administrators inadvertently leave the front door open it’s unsurprising that attackers walk straight in and out unnoticed.”

If you want to ensure that your organisation is secure and does not make the same mistakes as Pfizer, you should work with a skilled and experienced cybersecurity provider such as Advanced German Technology (AGT). If you would like to learn more, contact us today.