Sensitive healthcare data is being targeted by hackers like never before. Keen to steal the crown jewels of Patient Health Information, which can fetch a high price on the dark web, cybercriminals have been pretty successful so far – breaching at least 7.5m records in 2014. Yet, as they move to more covert, sophisticated attack techniques, so can health IT workers leverage new threat intelligence systems to root them out.
A threatening landscape
Like every other industry, healthcare is increasingly being victimized by targeted cyber attacks. The industry was the hardest hit in 2014 as far as the number of reported breaches. These usually arrive in the form of a spear-phishing email designed to trick the user into opening a malicious attachment or clicking on a malicious link – perhaps a spreadsheet spoofed to come from a senior hospital official, for example. This will trigger a malware download without their knowledge, and once inside, the attackers can lie hidden for weeks or months, silently smuggling out PHI data and other sensitive data.
Attackers use multiple ports, leverage multiple protocols and often craft malware to evade traditional filters. Most cybercriminals can now find all they need to launch such a raid on the underground forums where tools and services are traded. To respond, hospital administrators and healthcare IT workers need more than AV, firewall and IDS/IPS.
What makes their task even more challenging is that for the hackers, this is a low-risk, high-reward endeavour. They can make use of high speed global internet infrastructure and hide out in jurisdictions with a “look-the-other-way” approach to cybercrime. For healthcare IT staff, however, there is an increasingly complex environment to secure – with heterogeneous systems and security products, and a broad attack surface comprising cloud apps, social media and employee-owned devices, to name just a few.
Towards a clean bill of health
Under ever-greater resource challenges, and battling a sophisticated and persistent enemy, healthcare IT managers need to work under the assumption they have already been compromised. After that, they need answers and direction. They need to know who is attacking, what data they’ve obtained, how long it’s been going on for, and how to stop it from happening again. In short, they need actionable intelligence.
Leveraging big data analytics, the best threat intelligence systems will automatically monitor the entire IT environment – including the network, servers, desktops, and any connected mobile devices and related web apps. Automated, continuous intelligence streams will help identify any unusual network behavior, which may be a tell-tale sign of covert intrusion.
But threat intelligence alone is not enough to keep PHI safe from harm. For maximum effectiveness, it must be properly aligned to the needs of your organization:
Consider the following:
Watch costs. It’s important to get executive/administrator buy-in for this, and to do so, ensure that threat intelligence tools are used to their fullest, by focusing them on protecting the most sensitive data.
Don’t forget IT skills. Your staff needs to be able to use threat intelligence effectively, or the investment will be wasted. Ensure they have the right training and resources. Invest now so you don’t pay for it later.
Connect the dots. Once your advanced analytics tools have picked out an anomaly, it’s time to act. The best systems are able to correlate unusual traffic with known threat activity, allowing you to quarantine or block dangerous traffic before it can do too much harm.
In the next post, we’ll look at some best practice tips on how this can be achieved.