Healthcare Data Is The Holy Grail for Cyber Thieves

While some incidents are a result of lost or stolen files, sophisticated hackers looking to lift the treasure trove of information found in health records are now the leading cause of data loss

The threat isn’t likely to ease. Cybercrime is a “growing $6 billion epidemic that puts millions of patients and their information at risk,” according to a report on healthcare data security published last year by the Ponemon Institute.

To counter the growing threat, providers need to rethink their security strategies.

Rapid rise in medical identity theft

No longer are virus scanning and intrusion detection software sufficient.
“Protection technologies have a purpose; the problem is there are really wonderful ways to evade these things,” says Ronald Mehring, chief information security officer (CISO) for Texas Health Resources. “We’ve seen that with a multitude of breaches across organizations that have strong programs.”

The key, say experts, is a complex solution of multiple defense layers embedded with new data analysis techniques that can spot hackers before they can break into health data stores.

CIOs and their security staffs have to consider a class of more sophisticated tools that can sense when a breach is being attempted or already underway. For example, advanced classes of firewalls are aware of the applications running behind them and can take into consideration what is and isn’t normal traffic trying to access those applications.

Many organizations are turning to these types of layered protection, healthcare security professionals say.

“You want to have advanced application-level firewalls at the edge,” says David Reis, vice president of IT governance and security at Lahey Health, Burlington, Mass. “You want to have intrusion detection and prevention at the network layer inside the firewall to catch those things that get through the firewall. And then for the Internet-facing systems that you’re really worried about, you can put host-based intrusion detection on those very specific servers.”

But layered approaches alone may be incomplete because of threats burrowing in from the Internet, says Mehring. “Before, we looked at it like this iterative approach. Somebody comes in from the Internet, they hit an external firewall--some type of defense system that keeps them out, at the outer shell. Then if they make it past there, there is some other control, then some other control, and some other control. It doesn’t quite work that way anymore, because of the way users interact with technology, the Internet.”

Network protections can be thwarted when an employee unwisely falls prey to a phishing gambit, by either clicking on a hacker’s URL link or attachment. “Professionally and personally, that’s my biggest worry,” says Reis. Phishing attacks “can be incredibly effective, especially in the healthcare market where we’re all trained to be patient-centric, trained to be helpful.”

HIPAA has prompted health systems to elevate their efforts, adding encryption of data at rest, media protections, and backup and security protocols, says Russell Branzell, president and CEO of the College of Healthcare Information Management Executives. “It was the nudge we needed to get started, and most organizations generally have those in place today,” he says. Now they have to weigh technology “that measures and reacts to human nature and behavior.”

Barrier technologies are programmed to look for unique signatures of a finite number of viruses and other malware. “You need so many hits of people, machines, users getting infected in order for a rule, a pattern, a signature to be generated,” says Lee Kim, director of privacy and security for the Healthcare Information and Management Systems Society. In contrast to rules-based responses to attackers, the newer behavior-based methods look for departures from normal activity.

It’s all about trying to stay even with hackers who are continually changing their attack modes. “Prevention now is far more important than it’s ever been,” Reis asserts. “Detection is important, but we’re putting a lot more of our focus on preventive measures rather than detection measures, because things happen so much more quickly now than they did even five years ago. If you wait until you’ve detected, you’ve had a really big event. The key now is to make sure that event doesn’t happen.”

“Protection technologies have a purpose; the problem is there are really wonderful ways to evade these things. ”

Increasingly, security technology is performing analyses on data coming from breach prevention and detection systems, sifting for suspicious activity, says Darren Lacey, CISO and director of IT compliance at Johns Hopkins University and its medical school. “Detection controls, what they do is they say, ‘Well, this thing is happening, and it looks kind of funny--what do you want me to do about it?’ ”

Answering those questions are a set of investigative controls, sometimes automated in their responses, but usually operated by a staff pro responding to alerts, says Lacey, adding, “Detection controls are most beneficial when they’re integrated well with investigating.” Information aggregated from the various detection points--firewalls, host-based protection systems, audited activity logs and so on--aid in “creating new prevention signatures and new prevention rules.” And if a detection system sees something get through, “that will shape what prevention controls you run in the future.”
Prevention controls at the outer rim of the IT network include lists of IP addresses known to be both destinations for stolen data and sources of command-and-control centers for a network of malware called bots, guiding them through a breached system looking for lucre. “But sometimes these botnets change IP addresses, so your preventive rule sets don’t tell you a lot,” says Lacey.

A detection system might identify a new IP address to which several devices inside an IT network are communicating back and forth, for unknown reasons. Chances are that something suspicious is in play, Lacey explains, and an alert is triggered for investigation. The first response likely is to set up a new preventive control, adding the address to the block list. If it prevents a compromised computer from communicating back to an outlaw site, “that greatly reduces the amount of damage that bots can do.”

10 Top Health Data Hacks

The giant breach at health insurer Anthem (previously WellPoint) potentially affecting up to 80 million insured members and employees, reminds us that the hacking threat to protected health information is persistent and growing. The HHS Office for Civil Rights Web site of large breaches lists more than 90 major incidents of hacking, which have become much more prevalent during the past two years. Here are the 10 largest healthcare hacking incidents to date. Texas Health Resources takes the analytical route even further, devising risk profiles of users in its 25-hospital system based on their access to areas of the network, especially highly sensitive lodes of information, and how much of a target they would be for, say, phishing attempts, says Mehring. He calls it a zonal approach within the network as compared with a layered approach, intended to shut down breaches before they can spread.

“Quickness is key,” Mehring declares. “What we’ve found is that when that phishing email comes in, those first two hours that it’s in your environment are the most critical.” THR uses a cloud-based product that does a better job than in the past at detecting an attack and purging the invading agent, he says.

Vast improvements in the speed, computing ability and connectedness of healthcare information technology greatly complicate the business of keeping IT systems safe from intrusion. “Not only do hackers’ methods change, but the systems that we’re trying to protect evolve as well,” says Reis. “The systems get more complicated, and the hackers get more sophisticated, and to be effective we have to be able to keep up with both at the same rate.”

The fast movement of huge amounts of data make near-real-time intrusion detection critically important, says Kim of HIMSS, because attackers that get in can move quickly and access quantities of data in no time. A reactive strategy of spotting known malware in action will miss the mark, she emphasizes, because reaction hours or days later is often too late.

Information- Management: http://bit.ly/1ntZeMa

« Facebook’s Next New Data Center Is Coming To Ireland
90% of Data Breaches Are Avoidable »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Avatu

Avatu

Avatu specialise in providing clients the advice, technology and tools they need to fight cyber and insider threats.

Owl Cyber Defense

Owl Cyber Defense

Owl patented DualDiode Technology enables hardware-enforced network segmentation and deterministic, one-way transfer of all data types and file sizes.

Thermo Systems

Thermo Systems

Thermo Systems is a design-build control systems engineering and construction firm. Capabilties include industrial control system cybersecurity.

SecurityScorecard

SecurityScorecard

SecurityScorecard provides the most accurate security ratings & continuous risk monitoring for vendor and third party risk management.

Zettaset

Zettaset

Zettaset’s XCrypt Data Encryption Platform delivers proven protection for Object, Relational/SQL, NoSQL, and Hadoop data stores…in the cloud and on-premises.

Sharktech

Sharktech

Sharktech designs, develops, and supports advanced DDoS protection and web technologies.

Char49

Char49

Char49 specialize in Penetration Testing, Red Team Assessment, Social Engineering and Security Research.

Global Cybersecurity Association (GCA)

Global Cybersecurity Association (GCA)

GCA’s Symposium and conferences featuring global thought leaders and CISOs provide a global best practice perspective on cybersecurity.

HEQA Security

HEQA Security

HEQA Security (formerly QuantLR) offer the world’s most cost-effective, easy-to-integrate, and secure Quantum Key Distribution (QKD) solution

Pangu Laboratory

Pangu Laboratory

Beijing Qi an Pangu Laboratory Technology Co., Ltd. was established on the basis of Pangu laboratory, a well-known cyber security team.

Saudi Information Technology Company (SITE)

Saudi Information Technology Company (SITE)

SITE is a forward-thinking enterprise, which aims at revitalizing Saudi Arabia’s digital infrastructure, cybersecurity, software development, and big data and analytics capabilities.

Corinium Global Intelligence

Corinium Global Intelligence

At Corinium, we have been bringing together the brightest minds in data, AI and info sec since 2013, to innovate at the intersection of technological advancements and critical thinking.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.

NinjaOne

NinjaOne

The NinjaOne Platform was built to help IT and MSP teams efficiently manage, patch, and support all endpoints.

SplxAI

SplxAI

Our mission at SplxAI is to secure and safeguard GenAI-powered conversational apps by providing advanced security and pentesting solutions, so neither your organization nor your user base get harmed.

Assurestor

Assurestor

Assurestor's singular focus is delivering leading cloud-based backup and disaster recovery designed to increase levels of IT resilience.