Blogs

Healthcare is one of cybercrime’s most targeted sectors

Posted by Chris Morales on Jan 25, 2017 7:02:52 PM

Find me on:

Healthcare organizations are prime targets of cyber attackers because they are reliant on vulnerable legacy systems, medical IoT devices with weak security and have a life or death need for immediate access to information.

healthcare-cybercrime-most-targeted.jpgMedical breaches are everyone's problem

Based on a survey of the information security landscape, healthcare organizations have implemented a modest amount of security tools. Yet these same survey shows that executives and security professionals know that securing healthcare information must be approached as though attackers have already breached the perimeter. I like to call it, assume the breach, reduce the impact.

So why is there cybersecurity awareness but no implementation? Why did we see over 200 breaches in the medical industry in 2016, even though the awareness and good intentions are there?

Ironically, after bringing attention to the use of modest cybersecurity tools, the survey shows that healthcare organizations are definitely concerned, have prioritized security in the business, and are in fact acting on those concerns.

So what’s missing?

It has a lot to do with complexity. Building a proactive defense is complex, and many times tedious, especially threat hunting. Complexity requires highly skilled labor and can be expensive and time consuming to find and onboard.

Perhaps the biggest issue in healthcare information security is the lack of talent to fill existing needs. It isn’t just the cost of skilled cyber warriors; there simply aren’t enough of them. Other issues of concern include the cost to build an effective program followed by the ability to respond to emerging threats, with ransomware being the most prominent.

Barriers to entry

The cybersecurity skills shortage – Finding complex threats requires exceptional knowledge. Security analysts must know about attackers, industry regulations and about the local healthcare environment. All this while watching the network 24/7.

It’s a tall order. But Vectra develops sophisticated artificial intelligence software that augments existing staff to close the cybersecurity skills gap needed to automate threat hunting. This reduces the barrier to entry needed for Tier 1 analyst work.

Show me the money – It’s important to remember that time equals money. When it comes to threat hunting, reducing the impact means the defender must be faster at finding threats than an attacker is at finding and stealing valuable information. Time-equals-money should be broken down into how much work an analyst can do in a single day and how many analysts you need.

Here’s the formula:
(cost) = (number of events) x (time to resolution) x (staff value)

Many healthcare organizations have leveraged Vectra artificial intelligence software to automate real-time threat hunting and reduce the time spent on threat investigations and remediation by 75-90% – without adding incident-response headcount. And Vectra is specifically tuned to detect the ransomware threat that’s plaguing the industry.

From threats to hostage-taking – Unfortunately, healthcare organizations have become high-value targets for ransomware. With lives at stake, medical teams can’t be denied access to systems and data critical to patient care.

Then there are medical IoT devices. These vulnerable, unprotected IP-enabled devices are an easy entry point for cyber attackers who can then move laterally through the network in search of personal health information (PHI) and other key assets.

The persistent, internally driven network attack has become the norm, and healthcare security teams, products and processes must adapt accordingly to head off disaster. Cybercriminals make things tougher by quickly and easily modifying their malware and launching a succession of advanced persistent threats (APTs).

The bottom line

Healthcare organizations should start by automating the hunt for cyber attackers inside their networks. Working in real-time, it must provide visibility into attacker behaviors hidden in all network traffic and connected host devices, including IoT and BYOD. And it must detect every phase in the cyber-attack kill chain like command-and-control communications, internal reconnaissance, lateral movement and data exfiltration behaviors.

This is what Vectra does. But don’t take our word for it. “Vectra was the missing link in our security strategy,” says Connie Barrera, chief information security officer at Jackson Health System. “It closes the security gap between perimeter defenses and post-breach analysis.”

Want to know more? Watch Connie talk about how she uses Vectra in her day to day environment.