Blog - article

Confronting risk and exposure in healthcare networks

By:
Chris Morales
April 24, 2019

The technology used in patient treatment for the betterment of our health has been undergoing a huge transformation for some time. This transformation has made it easier for healthcare providers to customize care around patient needs through:

  • Advances in mobile technology
  • Smaller and more portable medical devices
  • Greater portability and accessibility of digitized patient records

The rapid and widespread deployment of new, innovative medical technologies has prompted the healthcare industry to become one of the fastest adopters of internet-of-things (IoT) devices, also known as internet-of-medical-things, or IoMT.

But there’s a downside to fast expansion of a digital footprint. The rapid growth of medical devices is fueling an unprecedented volume of healthcare data about all of us, and most people are unaware of what or where those devices are.

This vast amount of data, coupled with the need for fast, easy access to ensure 24/7 healthcare delivery, has created an ever-expanding attack surface that can be exploited by cybercriminals.

Risk and exposure

Healthcare IT security teams are often kept in the dark and behind the curve when it comes to changes in infrastructure. For example, new IoMT devices are often connected to the network without informing IT security teams.

Furthermore, gaps in IT security policies and procedures make it easier for healthcare staffs to make unintentional errors that result in exposure and increased security risk. This can take the form of improper handling and storage of patient files, which is a soft spot for cybercriminals in search of weaknesses to exploit.

Attackers intent on stealing personally identifiable information (PII) and protected health information (PHI) can easily exploit this vulnerable attack surface and disrupt critical healthcare delivery processes.

Reduce your time to discovery

When you factor in the time it takes a lean security team to discover a data breach, it becomes apparent that healthcare organizations must be more vigilant about what happens inside their networks.

It’s critically important to know the difference between an attack in progress versus network traffic that is associated with business as usual. It’s unacceptable (and embarrassing) to find out weeks, months or years later that a breach occurred.

I believe the answer lies in 360-degree visibility inside the network, real-time attacker detection, and the prioritization of all detected threats – from cloud and data center workloads to user and IoT devices.

However, that answer must address the challenges I mentioned. Here are four ways you can get there:

  1. Eliminate the manual, time-consuming work of security analysts
  2. Lower the skills barrier needed to hunt down cyberthreats
  3. Consider that everything is connected, which makes for an easy target
  4. Provide visibility inside the network to see attackers and what they’re doing

This is the fundamental approach advocated by a growing number of healthcare organizations. Many are augmenting their security teams with artificial intelligence to automate the detection and triage of cyberattacks in the network while speeding-up incident response. It’s a battle that’s been won by many healthcare organizations.

2019 Spotlight Report on Healthcare

To share our own observations, we published the 2019 Spotlight Report on Healthcare, which reveals behaviors and trends in networks from a sample of 354 opt-in enterprise organizations in healthcare and eight other industries.

These enterprise organizations utilize the Cognito platform from Vectra, which detects and correlates behaviors consistent with attacker behaviors with compromised host devices. All detections are assigned a threat-severity score and are prioritized from the highest-risk threats to the lowest-risk threats.

The 2019 RSA Conference Edition of the Attacker Behavior Industry Report from Vectra provides a breakdown of behavior-detection statistics by industry. It shows network behaviors that are consistent with threats across the attack lifecycle – botnet monetization, command and control, internal reconnaissance, lateral movement and data exfiltration.

About the author

Chris Morales

Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs with nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles.

Most recent blog posts from the same author

Cybersecurity

Most attacks against energy and utilities occur in the enterprise IT network

November 1, 2018
Read blog post
Security operations

2018 Black Hat Superpower Survey: It's about time and talent

August 22, 2018
Read blog post
Threat detection

Cyberattack detections from more than 250 Vectra customers with over 4 million devices and workloads

August 8, 2018
Read blog post