CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number  of data breaches and compromised records. While successful attacks are inevitable, it’s incumbent upon healthcare organizations to limit their exposure, and minimize the likelihood of cyberattacks.

 

According to the HIPPA Journal, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reported 725 healthcare-related data breaches in 2023, exposing 133 million records in 2023. HHS noted an almost continual upward trend in these numbers every year since the data was first tracked 14 years ago. In 2023, OCR reported a 239% increase in hacking-related data breaches between January 1, 2018, and September 30, 2023, and a 278% increase in ransomware attacks over the same period. In 2019, hacking accounted for 49% of all reported breaches. In 2023, 79.7% of data breaches were due to hacking incidents.

 

Obviously, threat actors are upping their game while healthcare institutions are struggling to protect their data, but an offensive and defensive approach to security can improve resilience and reduce risk.

 

 

Database Security Starts with having Solid Cybersecurity Practices

 

In its report, Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape, Trustwave’s elite SpiderLabs team covered the Techniques, Tactics, and Procedures (TTPs) attackers use to gain the access that results in a ransomware attack or data breach, which in the end will likely expose elements found in the victim’s database. This means the first step in database security is often making sure cybersecurity basics are covered.

 

Phishing and business email compromise (BEC) attacks are the most common and generally successful. These can target anyone inside an organization and contain malicious attachments or links that lead to an attacker injecting malware. Other methodologies are finding credentials either on the Dark Web or in the network itself, exploiting system software vulnerabilities, or gaining access through a third party or the supply chain. Essentially, finding a poorly secured partner with access to the primary target and then using that access as a gateway.

 

On the defensive side, SpiderLabs has many recommendations a healthcare or any organization can implement either on its own or by partnering with a security firm. These include:

  • Regularly back up data to help ensure the ability to recover from a ransomware attack or other types of data loss. Be sure to store backups offsite and verify that they can be restored.
  • Utilize vulnerability assessments and penetration testing to identify vulnerable servers. Pay close attention to systems that store PHI, like DICOM systems.
  • Databases that store patient PHI should be a priority for system and software patching.
  • Place all servers behind the firewall and practice proper network segmentation for enhanced access control.
  • Strengthen access controls to the minimum necessary levels for authorized users.
  • Promptly patch critical vulnerable systems.

Recognize the significance of patching in the healthcare sector, where it can be challenging due to reliance on legacy systems.

  • Ransomware and other malware gangs target Remote Desktop Protocol (RDP), the Microsoft protocol that allows users to execute remote operations on other computers. So, secure exposed RDP services, patch known vulnerabilities, and/or disable them if unnecessary.
  • Trustwave’s DbProtect solution can assist in finding and protecting sensitive data on-premises or in the hybrid world.

 

Zero Trust and Database Security

Organizations should also adopt a Zero Trust Architecture approach to protect databases on the principle of “never trust, always verify.” As defined by NIST, the gist is that no person, system, network, or service is ever trusted, no matter where it’s located (within corporate walls vs. the Internet) or who owns it. That means organizations must verify anything and everyone attempting to establish access to the network and/or resources.

 

Zero Trust, then, also applies to the databases where the most crucial data are stored. In addition to the authorization and authentication that takes place before anyone should be granted access to any of the resources, in a Zero Trust environment, additional measures are needed to ensure the security of data.

 

Those measures are required to:

  • Identify vulnerabilities in on-premises or cloud databases that attackers could exploit to gain access to sensitive data.
  • Limit user access to the most sensitive data.
  • Alert on suspicious activity, intrusions, and policy violations.

 

Trustwave’s DbProtect and AppDetectivePRO

 

Since databases are where the crown jewels are kept, database security is paramount. Database auditing tools like Trustwave’s DbProtect and AppDetectivePRO deliver seven times more database-specific security and compliance checks vs. vulnerability assessment tools.

 

DbProtect accomplishes this by proactively assessing database threats to gain visibility into the vulnerabilities in on-premises or cloud databases that could lead to a data breach. It automates critical data security by uncovering vulnerabilities that would-be attackers could exploit, limiting user access to the most sensitive data, and alerting on suspicious activities, intrusions, and policy violations. As a result, clients can spend less time chasing database security alerts and more time on activities that drive value, like remediating risks and reducing the attack surface.

 

Database_Security_Pic

Take the first step towards a more secure database by clicking here or the image above.

Latest Trustwave Blogs

Unlocking the Power of Offensive Security: Trustwave's Proactive Approach to Cyber Defense

Clients often conflate Offensive Security with penetration testing, yet they serve distinct purposes within cybersecurity. Offensive Security is a broad term encompassing strategies to protect...

Read More

Behind the Scenes of the Change Healthcare Ransomware Attack Cyber Gang Dispute

Editor’s Note – The situation with the Change Healthcare cyberattack is changing frequently. The information in this blog is current as of April 16. We will update the blog as needed. April 16, 2024:...

Read More

Law Enforcement Must Keep up the Pressure on Cybergangs

The (apparent) takedown of major ransomware players like Blackcat/ALPHV and LockBit and the threat groups’ (apparent) revival is a prime example of the Whack-a-Mole nature of combating ransomware...

Read More