Blog - article

Sorry, this blog post has not been posted yet. Come back and check again later!

Comparing Vectra and Verizon threat research

By:
Chris Morales
June 18, 2019

In our 2019 Spotlight Report on Healthcare, based on anonymized customer metadata, we identified a trend in internal user error.

Lapses in the proper implementation of a security plan or gaps in policies and procedures were a common problem, which could result in errors by staff members, leaving healthcare organizations exposed to theft or data loss.

Echoing what Vectra observed from its own healthcare customers, the Verizon 2018 Data Breach Investigations Report indicated that a key security risk for the healthcare industry is its susceptibility to internal errors and misuse. The report shows that the healthcare industry faces the highest risk from accidental or intentional insider threats than external threats.

The Verizon 2018 Data Breach Investigations Report was the latest available at the time of our research. While the Vectra Spotlight Report on Healthcare was based on 2018 anonymized customer metadata, the 2018 Verizon report was from 2017 breach disclosure research. That means there was a year of discrepancy in observed behaviors.

Since Verizon released its new 2019 Data Breach Investigation Report, I was interested in understanding what had changed in healthcare since the 2018 report. The new Verizon report covers the same period as the 2019 Vectra Spotlight Report on Healthcare.

Unsurprisingly, not much changed in the Verizon report from 2018 to 2019. The findings for healthcare appear to be nearly identical. As I was comparing the reports, I had to continually validate if I was looking at the 2018 or 2019 data because they were so similar. I took what Verizon reported for healthcare in 2018 and 2019 and broke it down into this table to understand the variances.

The obvious difference is the frequency of breaches, with 750 incidents reported in 2018 compared to 466 incidents reported in 2019. The decrease is a good overall trend. I’m happy to see that the total number of incidents is trending down along with the number of confirmed data disclosures.

While examining the rest of the data, I found the same patterns of miscellaneous errors along with the same threat actors, motives, and types of data compromised.

Verizon discloses the total count and percentages of the type of actions taken in incidents. When comparing those metrics from a raw-numbers view, 2019 had far less incidents as the total number of incidents across the year trended downward.

But when I compared the actions taken based on percentages, the numbers are very consistent year over year, with only a few percentage points difference between most of them.

The takeaway by comparing research from Vectra and Verizon is that the problem of internal errors in healthcare is very real and something that impacts all of us.

Healthcare is constantly challenged with balancing security and policy enforcement with usability and efficiency. This is because healthcare organizations struggle with managing legacy systems and medical devices that don’t always have the best security controls for many reasons.

As a result, vulnerable processes persist, and weak trust models often stay implemented.

In the Vectra 2019 Spotlight Report on Healthcare, we recommended broader visibility into traffic and behaviors inside the network. This will help security teams remain vigilant and more confident as cutting-edge medical technologies are adopted and deployed.

Emerging medical technologies will continue to become essential to the quality and speed of healthcare delivery, attracting patients and providing the best patient outcomes.

As the transformation of healthcare through new medical technology continues to move forward, healthcare organizations must remain mindful about what technologies are in place, how they are utilized, and when unauthorized actions occur.

About the author

Chris Morales

Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.

Author profile and blog posts

Most recent blog posts from the same author

Threat detection

Bedrohungserkennung und Response mit einer Architektur ohne SIEM

April 5, 2019
Read blog post
Security operations

How to gain visibility into attacker behaviors inside cloud environments

June 10, 2019
Read blog post
Cybersecurity

Visibilité, détection et aide à la résolution des incidents avec une architecture sans outil SIEM

April 30, 2019
Read blog post