Rick McElroy
Rick McElroy 21 May 2018
Categories B2B, Technology

Getting smarter about protecting healthcare systems from cyberattacks in 2018

We often use similar terms in the security and healthcare. We talk about viruses and weaknesses and we put plans in place to reduce vulnerability, improve the health of the patient/network and protect it against attacks from external factors. We also act to mitigate the effects of attacks that do get through from the inside.

As your doctor will tell you, to really improve overall health, we need a good monitoring regime and a system of preventive medicine and activity that keeps health threats at bay. A good security strategist will tell you the same about your network.

A vulnerable patient

The healthcare sector faces multiple points of pressure to get smarter when it comes to cybersecurity. First, the personal information that is held by healthcare systems commands a premium when offered for sale on the dark web, making it highly attractive to cybercriminals.

Second, the well-publicised WannaCry attack on the NHS in 2017 flagged up that this is a sector with vulnerabilities, offering a good chance of success for a determined cybercriminal. The sector saw a big spike in attack volume over 2017, with more than 50% of all cyberattacks being targeted at healthcare, up from 38% in 2016.

Third, the consequences of attacks on critical network infrastructure are severe – potentially life and death. The UK saw 19,000 appointments cancelled as a result of WannaCry. On top of the human cost, there is a huge financial cost associated with handling both immediate and longer-lasting effects of a breach. For a predominantly publicly funded sector this is a hard cross to bear.

Related to this are the increasingly strict regulations that are governing data protection and system security in healthcare. From HIPAA in the US to the GDPR in Europe, the security compliance burden and penalties for mishandling data breaches are growing. Healthcare organisations need to reduce their liability.

Finally, the growth of connected healthcare, incorporating remote monitoring devices and increasing IoT deployment, while it improves the level of care offered to patients, also means that the potential attack surface gets larger every single day.

All of this pressure is placed on a sector that is already overburdened and has limited budgets. It’s not surprising that security professionals are seeking streamlined defence that is both effective at keeping the bad guys out and also clearly demonstrates compliance.

The right prescription – inside and out

When we look at the anatomy of a typical cyberattack aimed at exfiltrating personal data, we see five key phases: initial unauthorised access to the network; delivery of the payload; command and control of the system by the attacker; data is stolen; attacker covers their tracks and remains on the system to enable future attacks – or “obfuscated persistence.” A good defence needs to understand how data is moving around the organisation and be able to detect these phases and alert defenders as early in the cycle as possible. It must also demonstrate that an attack has been found and report how it has been dealt with. Furthermore, you need to be able to conduct impact assessments of any breach using the data logged by the system.

There are two perspectives that work in tandem to create a strong security posture. First, we look at the network from the outside in. We prepare the network to recognise and act on external threats by implementing rules that prevent unauthorised software from running to stop attacks. By monitoring unfiltered data on endpoints, the system – in our case Cb Defense - detects activity that indicates an attack may be in progress. An example might be the use of PowerShell – which can be innocent - but which starts to look suspicious when it is used to launch unexpected files or applications. The context provided by the unfiltered data warns us that this activity is not as expected and should be automatically prevented and an alert is issued. Stopping this activity means the attackers can’t gain a foothold on the network from which to move laterally and steal data or disrupt the system. We saw this type of defence in action in the NHS WannaCry attack in 2017. The ransomware was uploaded to our client’s endpoint, but because of the rules set up in Cb Defense, the suspicious file was not permitted to run, so the network was protected.

The second perspective is to look at protecting your critical assets from the inside out. For this we use Cb Protection. When you have identified your critical data – patient records, for example – you set up a protection system that locks it down to prevent any changes to that data by unauthorised persons and automatically logs any attempt to do so. In this way we stop the attacker getting what they want. Recent reports are also indicating increased threats from internal sources, where employees are accessing and modifying sensitive data. The event logs show which credentials were used and help identify suspicious actors.

In both cases a critical aspect, when it comes to compliance, is the real-time nature of monitoring, alerting and mitigation. All regulations prioritise the early detection and notification of breaches on the basis that, the sooner you identify a breach, the quicker you can act to contain it. The comprehensive data collected on the endpoints is also invaluable in conducting subsequent investigations into the incident for reporting purposes. With this system in place, the time and cost required for compliance - as well as the overall liability - is reduced, which is welcome for overstretched security specialists.

This approach also hands an advantage to defenders when it comes to threat hunting and predicting which threats are likely to prove serious. The wealth of unfiltered data collected on endpoints can be interrogated in a bid to find out which tactics, techniques and procedures the attackers are using against your network. This is being active to keep your posture strong – just like the doctor advises!

The healthcare sector will remain a highly attractive target for attackers for the foreseeable future. It is therefore vital that there’s a good defensive and protective regime in place. Rather like the doctor, by observing the vulnerabilities from the outside, and checking for weaknesses in important systems on the inside, we can prescribe a system of preventive medicine that keeps infections under control and the patient – in this case the network – fighting fit.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
Top 10 B2B Platforms to Help your Business Grow Worldwide

Top 10 B2B Platforms to Help your Business Grow Worldwide

Although the trend of a Business to Business portal is not new but the evolution of technology has indeed changed the way they function. Additional digital trading features and branding has taken the place of...

Salman Sharif
Salman Sharif 7 July 2017
Read more
Top 10 Skills to Become a Rockstar in Digital Marketing

Top 10 Skills to Become a Rockstar in Digital Marketing

Technology is continuously evolving, prompting marketers and entrepreneurs to dive into digital marketing to increase brand awareness, reach their target market, and ultimately drive sales and profit. 

Jessica Andriani
Jessica Andriani 7 September 2018
Read more
The Impact of New Technology on Marketing

The Impact of New Technology on Marketing

Technology has impacted every part of our lives. From household chores to business disciplines and etiquette, there's a gadget or app for it. Marketing has changed dramatically over the years, but what is the...

Alex Lysak
Alex Lysak 22 September 2020
Read more
How to Encourage Customers to Post Photos about Your Brand

How to Encourage Customers to Post Photos about Your Brand

Visuals impact buyer behavior – there’s no doubt about it. But not just any visuals will have the impact you planned on your eCommerce marketing strategy. If the only images your customers see in relation to...

Luisana Cartay
Luisana Cartay 8 June 2016
Read more