US healthcare organizations have been in the firing line of cyber-attacks for years. Trend Micro research released last October revealed that, over the past decade, it has been the most attacked sector, accounting for over a quarter (26%) of all breaches since 2005. That’s why organizations like the Health Information Trust Alliance (HITRUST) are so important. Its Cyber Threat Exchange (CTX) enables the sharing of actionable threat information (IOCs) to better fortify participant organizations.
Trend Micro is proud to have been involved in the pilot scheme since last year. And newly released results show Deep Discovery is so effective at detecting IOCs it will be rolled out to even more organizations in the Enhanced IOC Collection Pilot program.
Healthcare under attack
Healthcare IT security bosses, like many of their counterparts in other sectors, are faced with multiple pressures. Budgetary challenges have left many with old or out-of-date kit and security which falls short of the advanced tools required to keep modern threats at bay. Heterogeneous systems comprised of different manufacturers and a jumble of physical, virtual and cloud all add extra challenges. Endpoints have multiplied, increasing the attack surface further. And many systems are deemed too mission critical to patch, compounding the problem.
Historically the threat has been from cybercriminals looking to steal patient data – a goldmine of information which can be sold on the cyber black market. That’s why, according to Office of Civil Rights figures, there were 253 healthcare breaches and a combined loss of over 112 million records last year. But more recently we’ve seen a new threat rear its ugly head: ransomware. As incidents at the Hollywood Presbyterian Medical Center, Kentucky Methodist Hospital, MedStar Southern Maryland Hospital Center and many more have shown, this is a serious problem.
It’s not just the financial cost that’s at issue. When IT systems are pulled offline because of an infection, patient care can suffer, with appointments cancelled and treatment withheld. The past few months have reminded us that cybercriminals have no morality when it comes to choosing their targets.
That’s why HITRUST’s CTX is so important – because it gives healthcare organizations an opportunity to improve their cyber defense through more effective threat intelligence sharing. Trend Micro was delighted to be involved from the start, and even more thrilled to see that our Deep Discovery solution detected and discovered 286 times more IOCs than other participants in the initial evaluation and that it is enabling IOC sharing in near realtime.
Securing the future
The official findings from the Enhanced IOC Collection Pilot tell us a few things. First, 88% of IOCs collected by the pilot were unknown – indicating perhaps that healthcare organizations are being singled out by attackers. But it also shows us that information sharing initiatives like this are overwhelmingly positive. If those threats had never been seen before in the wild then there’s a good chance that they would bypass most traditional security filters at these organizations, if it were not for this type of intelligence sharing.
Forewarned is forearmed when it comes to cyber security, so any effort to get a critical industry like healthcare better prepared to defend itself against an increasingly ruthless, persistent and advanced foe is to be applauded. And of course it’s fantastic that Deep Discovery is at the heart of this program.
In fact, in addition to opening up the program to anyone who meets the Enhanced IOC Program criteria, HITRUST will enable another 30 organizations in the program specifically using Deep Discovery – representing 15 health plans and 15 health systems – with the product and any installation, training, support, and HITRUST CTX integration they need.
As excited as we are in how Deep Discovery is enabling IOCs sharing in the healthcare industry, we are also excited about the benefits the organizations that are leveraging the technology are receiving. They have much greater insights into the cyber threats coming in and out of their networks.
Deep Discovery features specialized detection engines, custom sandboxing, and global threat intelligence from the Trend Micro Smart Protection Network, to defend against covert targeted attacks that are invisible to standard security products.
