The technology used in patient treatment for the betterment of our health has been undergoing a huge transformation for some time. This transformation has made it easier for healthcare providers to customize care around patient needs through:
The rapid and widespread deployment of new, innovative medical technologies has prompted the healthcare industry to become one of the fastest adopters of internet-of-things (IoT) devices, also known as internet-of-medical-things, or IoMT.
But there’s a downside to fast expansion of a digital footprint. The rapid growth of medical devices is fueling an unprecedented volume of healthcare data about all of us, and most people are unaware of what or where those devices are.
This vast amount of data, coupled with the need for fast, easy access to ensure 24/7 healthcare delivery, has created an ever-expanding attack surface that can be exploited by cybercriminals.
Risk and exposure
Healthcare IT security teams are often kept in the dark and behind the curve when it comes to changes in infrastructure. For example, new IoMT devices are often connected to the network without informing IT security teams.
Furthermore, gaps in IT security policies and procedures make it easier for healthcare staffs to make unintentional errors that result in exposure and increased security risk. This can take the form of improper handling and storage of patient files, which is a soft spot for cybercriminals in search of weaknesses to exploit.
Attackers intent on stealing personally identifiable information (PII) and protected health information (PHI) can easily exploit this vulnerable attack surface and disrupt critical healthcare delivery processes.
Reduce your time to discovery
When you factor in the time it takes a lean security team to discover a data breach, it becomes apparent that healthcare organizations must be more vigilant about what happens inside their networks.
It’s critically important to know the difference between an attack in progress versus network traffic that is associated with business as usual. It’s unacceptable (and embarrassing) to find out weeks, months or years later that a breach occurred.
I believe the answer lies in 360-degree visibility inside the network, real-time attacker detection, and the prioritization of all detected threats – from cloud and data center workloads to user and IoT devices.
However, that answer must address the challenges I mentioned. Here are four ways you can get there:
This is the fundamental approach advocated by a growing number of healthcare organizations. Many are augmenting their security teams with artificial intelligence to automate the detection and triage of cyberattacks in the network while speeding-up incident response. It’s a battle that’s been won by many healthcare organizations.
2019 Spotlight Report on Healthcare
To share our own observations, we published the 2019 Spotlight Report on Healthcare, which reveals behaviors and trends in networks from a sample of 354 opt-in enterprise organizations in healthcare and eight other industries.
These enterprise organizations utilize the Cognito platform from Vectra, which detects and correlates behaviors consistent with attacker behaviors with compromised host devices. All detections are assigned a threat-severity score and are prioritized from the highest-risk threats to the lowest-risk threats.
The 2019 RSA Conference Edition of the Attacker Behavior Industry Report from Vectra provides a breakdown of behavior-detection statistics by industry. It shows network behaviors that are consistent with threats across the attack lifecycle – botnet monetization, command and control, internal reconnaissance, lateral movement and data exfiltration.
Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.