LigoLab’s Enhanced Cybersecurity Solutions Give Customers Added Protection and Peace-of-Mind

A high-profile ransomware attack has sent shock waves throughout the healthcare industry, reminding lab leaders how important it is to strengthen an organization’s cybersecurity and risk management protocols to guard against these costly and damaging attacks from nefarious actors. 

UnitedHealth Group, the nation’s largest healthcare insurance company, is still attempting to fully recover from a damaging attack on its subsidiary Change Healthcare on February 21, 2024. 

Just this week Change Healthcare began reaching out to providers, insurers, and other customers whose patient and member data were compromised in the attack.

The BlackCat ransomware group (a.k.a ALPHV) claimed responsibility for the attack, alleging it stole more than six terabytes of data. The attack affected the Change Healthcare network and operations disrupting hundreds of hospitals, pharmacies, and prescription drug services nationwide for weeks. 

In a first-quarter earnings report released in April, parent company UnitedHealth noted a cost of $872 million due to “unfavorable cyber attack effects,” putting a huge number on the damage caused by the Change Healthcare attack. The most recent estimate is that the cybersecurity breach will cost United Health Group $1.6 billion this year. 

In May, UnitedHealth CEO Andrew Witty confirmed what had been speculated for weeks, and that’s that the company paid a $22 million ransom to the hackers for the Change Healthcare system to be restored. Witty commented during a meeting before the U.S. Senate’s Finance Committee. 

Witty said the hackers gained access to Change Healthcare through a server not protected by multi-factor authentication (MFA). He also said the decision to pay the ransom was his, and one of the hardest decisions he’s ever had to make. 

He also said he was deeply sorry, directing his apology to all patients and providers who experienced disruption, and all those people worried about their private health data.

A Growing and Disturbing Trend 

Unfortunately, ransomware attacks against healthcare providers are nothing new. A study published by JAMA Health Forum in December 2022 revealed that the annual number of ransomware attacks against healthcare companies had doubled from 2016 to 2021.

According to the Office of the Director of National Intelligence, ransomware attacks surged even more in 2023 (see link below for more details). 

Learn More: Ransomware Attacks Surge in 2023

In addition to the Change Healthcare attack in February, Ascension, another high-profile health system comprised of 140 hospitals in 10 states, was also victimized on May 8, 2024. 

The Ascension breach occurred when a worker accidentally downloaded malware that locked providers out of systems that track and coordinate patient care, creating troublesome conditions for medical staff, and compromising their ability to conduct routine safety checks while administering care.

The truth is that healthcare providers, including clinical labs and pathology practices, are particularly vulnerable to ransomware attacks for several reasons.

High-Value Data: Medical records contain sensitive and valuable information, like patient identification, medical history, and financial details. This data is highly lucrative, incentivizing attackers to target healthcare organizations.

Critical Nature of Healthcare Operations: Healthcare providers need continuous access to patient records housed in laboratory information systems (LIS systems), electronic health records (EHRs), and related third-party services to provide timely and effective care. This makes them more likely to pay a ransom quickly to restore access, making them attractive targets for cybercriminals.

Outdated Systems and Software: Many healthcare providers use legacy LIS systems and outdated software that may not receive regular updates or patches. For example, legacy LIS software systems often have known vulnerabilities that attackers can exploit.

Complex IT Infrastructures: Healthcare providers typically have complex IT infrastructures mixed with various systems and devices. Some may not be as uniformly secured as others. This complexity can create security gaps and make it harder to enforce consistent security policies.

Insufficient Cybersecurity Measures: Historically, many healthcare organizations have underinvested in cybersecurity. Limited budgets, especially in smaller practices and labs, mean that robust cybersecurity measures may be lacking.

High-Pressure Environment: The fast-paced and high-pressure environment in healthcare can lead to lapses in cybersecurity practices, such as staff failing to recognize phishing emails or neglecting to follow security protocols.

Given all these factors, it becomes clear why healthcare providers are vulnerable, and why robust cybersecurity strategies are needed now more than ever. 

Protection Against Emerging Threats

Cyber threats are rising with cybercriminals developing new methods to exploit provider vulnerabilities. Independent clinical labs and pathology groups must stay ahead of these threats by closely working with lab vendors to implement up-to-date cybersecurity measures and continuously monitoring their systems. By doing so, these organizations can prevent potential financial losses, legal issues, and even worse, a damaged reputation. 

At LigoLab, we understand the severity of these threats and are actively taking steps to help our customers implement strong preventive measures to mitigate these risks. 

LigoLab’s Security Stance

As a trusted laboratory information system software (LIS software) provider, LigoLab diligently ensures all information within its systems and its customers’ systems is treated with the utmost care while remaining a HIPAA-compliant LIS company and platform. 

Backed by core principles like confidentiality, integrity, and availability, LigoLab’s information security program is built on securing data at every level. It’s aligned with industry best practices, continually evolves with updated guidance, and features a security team working closely with lab customers to ensure security policies are properly extended into customer software environments.

To learn more about LigoLab’s Enterprise Java technology stack and platform architecture and for a detailed accounting of the following technical policies and configurations, please refer to LigoLab’s Security Stance and Architecture document (linked below).

Learn More: LigoLab’s Security Stance and Architecture

The following is covered in LigoLab’s Security Stance and Architecture document:

• Security Overview
• Secure Development
• Data Encryption and Storage
• Data Retention
• Network Security
• Audit Services 
• Endpoint Security and Access Controls
• Logging, Alerts, and Incident Response
• Backup and Disaster Recovery
• Network Security Checklist
• Architecture
• Cybersecurity Training Overview
• Business Continuity Plan Overview
• Threat and Vulnerability Management Overview
• Incident Management Overview

“Data security is important to all organizations, and our unique services make it an integral part of everything we do at LigoLab,” said LigoLab Chief Operating Officer Gor Kalantaryan. 

Introducing LigoLab’s Enhanced Backup Services

In response to the growing cyber threats LigoLab now offers Enhanced Backup Services. The services are designed to ensure all lab data remains secure, immutable, and easily recoverable from a cyber incident. 

The Enhanced Backup Services include:

• Automated, regular backups to secure off-site storage
• Rapid restoration capabilities to reduce downtime during cyber incidents (~4hrs)
• Tailored support and consultation to customize backup solutions to your specific needs

The cost to implement these enhanced services starts at $300 a month with the total cost based on the amount of data backed up. 

For more information about these services and what it would cost for your clinical lab or pathology practice, contact Support@LigoLab.com. 

“We strongly encourage all our customers to strengthen their defenses with these robust backup services,” said Kalantaryan. “The recent cyber incidents serve as a stark reminder of the necessity for reliable data protection and recovery solutions, which are crucial for maintaining the continuity and integrity of your operations.”

To assist even further, at the end of this blog post will be a list of Best Practices for Ransomware Mitigation. 

“The guide was designed to complement LigoLab’s backup solutions and enhance a lab’s overall security posture,” continued Kalantaryan. 

LigoLab Partners with Law & Forensics to Offer Audit Services 

Security and regulatory compliance are crucial to ensuring an organization's cybersecurity posture is robust and resilient, so in addition to offering Enhanced Backup Services, LigoLab has also partnered with Law & Forensics, a global legal engineering firm dedicated to helping organizations  identify vulnerabilities, mitigate risks, and achieve compliance with industry-specific regulations and standards

“Law & Forensics is a team of experts that provide a comprehensive suite of cybersecurity audits and assessments tailored to an organization's unique needs and regulatory requirements,” said Kalantaryan, who encouraged all customers interested in learning more to contact LigoLab Support (Support@LigoLab.com).

Best Practices for Ransomware Mitigation

Below is a list of best practices for enhancing cybersecurity, specifically to mitigate ransomware threats:

• Regular Backups: Perform regular immutable backups of critical data and ensure backups are stored offline and encrypted.
• Patch Management: Regularly update and patch operating systems, software, and firmware to protect against vulnerabilities.
• Employee Training: Conduct regular cybersecurity awareness training for employees, focusing on phishing, social engineering, and ransomware threats.
• Email Filtering: Implement robust email filtering solutions to detect and block malicious attachments and links.
• Endpoint Protection: Use advanced endpoint protection solutions with anti-ransomware capabilities.
• Network Segmentation: Segment networks to limit the spread of ransomware and contain breaches.
• Incident Response Plan: Develop and regularly update an incident response plan specifically designed for ransomware attacks.
• Access Control: Implement the principle of least privilege (PoLP) to minimize user access to only what is necessary.

Minimizing the Number of Records

• Data Retention Policies: Establish and enforce data retention policies to ensure that records are kept only as long as necessary for business or regulatory purposes.
• Data Minimization: Collect and retain only the minimum data necessary for business operations.
• Regular Audits: Conduct regular audits of data storage to identify and securely delete redundant, obsolete, or trivial data.
• Data Anonymization: Where possible, anonymize personal data to reduce the risk of exposure.
• Access Controls: Limit access to sensitive data to only those employees who need it for their roles.
• Encryption: Encrypt data both in transit and at rest to protect it from unauthorized access.
• Automated Deletion: Implement automated processes to delete records according to the data retention policy.

Two-Factor Authentication (2FA)

• Multi-Method Authentication: Use multiple methods for 2FA, such as SMS, email, mobile apps, hardware tokens, or biometrics.
• Strong Authentication Mechanisms: Choose strong 2FA mechanisms resistant to phishing and man-in-the-middle attacks, such as app-based authenticators or hardware tokens.
• User Education: Educate users on the importance of 2FA and how to use it effectively.
• Backup Codes: Provide backup codes or alternative 2FA methods to ensure users can access accounts if their primary 2FA method is unavailable.
• Enforcement: Require 2FA for all critical systems, including email, remote access, and privileged accounts.
• Monitoring and Alerts: Implement monitoring and alerting for suspicious 2FA activity, such as repeated failed attempts.
• Regular Reviews: Periodically review and update 2FA methods to ensure they are still secure and effective.
• Integration with Single Sign-On (SSO): Integrate 2FA with SSO solutions to streamline user access while maintaining security.

Implementing these best practices will help enhance your cybersecurity posture, minimize data exposure, and ensure robust authentication mechanisms.

Be Aware and Take the Proper Steps to Protect Your Lab Business

While it’s clear that clinical labs and pathology groups have inherent cyber vulnerabilities, if proper steps are taken to strengthen their cyber defense, these vulnerabilities can be lessened. 

Being fully aware of the threats and following best practices for mitigation are important first steps. Lab leaders should also strongly consider investing in additional security measures like LigoLab’s Enhanced Backup Services and the audit services offered by Law & Forensics.

Those interested in learning more should contact LigoLab Support at Support@LigoLab.com.