Healthcare Data Is The Holy Grail for Cyber Thieves

While some incidents are a result of lost or stolen files, sophisticated hackers looking to lift the treasure trove of information found in health records are now the leading cause of data loss

The threat isn’t likely to ease. Cybercrime is a “growing $6 billion epidemic that puts millions of patients and their information at risk,” according to a report on healthcare data security published last year by the Ponemon Institute.

To counter the growing threat, providers need to rethink their security strategies.

Rapid rise in medical identity theft

No longer are virus scanning and intrusion detection software sufficient.
“Protection technologies have a purpose; the problem is there are really wonderful ways to evade these things,” says Ronald Mehring, chief information security officer (CISO) for Texas Health Resources. “We’ve seen that with a multitude of breaches across organizations that have strong programs.”

The key, say experts, is a complex solution of multiple defense layers embedded with new data analysis techniques that can spot hackers before they can break into health data stores.

CIOs and their security staffs have to consider a class of more sophisticated tools that can sense when a breach is being attempted or already underway. For example, advanced classes of firewalls are aware of the applications running behind them and can take into consideration what is and isn’t normal traffic trying to access those applications.

Many organizations are turning to these types of layered protection, healthcare security professionals say.

“You want to have advanced application-level firewalls at the edge,” says David Reis, vice president of IT governance and security at Lahey Health, Burlington, Mass. “You want to have intrusion detection and prevention at the network layer inside the firewall to catch those things that get through the firewall. And then for the Internet-facing systems that you’re really worried about, you can put host-based intrusion detection on those very specific servers.”

But layered approaches alone may be incomplete because of threats burrowing in from the Internet, says Mehring. “Before, we looked at it like this iterative approach. Somebody comes in from the Internet, they hit an external firewall--some type of defense system that keeps them out, at the outer shell. Then if they make it past there, there is some other control, then some other control, and some other control. It doesn’t quite work that way anymore, because of the way users interact with technology, the Internet.”

Network protections can be thwarted when an employee unwisely falls prey to a phishing gambit, by either clicking on a hacker’s URL link or attachment. “Professionally and personally, that’s my biggest worry,” says Reis. Phishing attacks “can be incredibly effective, especially in the healthcare market where we’re all trained to be patient-centric, trained to be helpful.”

HIPAA has prompted health systems to elevate their efforts, adding encryption of data at rest, media protections, and backup and security protocols, says Russell Branzell, president and CEO of the College of Healthcare Information Management Executives. “It was the nudge we needed to get started, and most organizations generally have those in place today,” he says. Now they have to weigh technology “that measures and reacts to human nature and behavior.”

Barrier technologies are programmed to look for unique signatures of a finite number of viruses and other malware. “You need so many hits of people, machines, users getting infected in order for a rule, a pattern, a signature to be generated,” says Lee Kim, director of privacy and security for the Healthcare Information and Management Systems Society. In contrast to rules-based responses to attackers, the newer behavior-based methods look for departures from normal activity.

It’s all about trying to stay even with hackers who are continually changing their attack modes. “Prevention now is far more important than it’s ever been,” Reis asserts. “Detection is important, but we’re putting a lot more of our focus on preventive measures rather than detection measures, because things happen so much more quickly now than they did even five years ago. If you wait until you’ve detected, you’ve had a really big event. The key now is to make sure that event doesn’t happen.”

“Protection technologies have a purpose; the problem is there are really wonderful ways to evade these things. ”

Increasingly, security technology is performing analyses on data coming from breach prevention and detection systems, sifting for suspicious activity, says Darren Lacey, CISO and director of IT compliance at Johns Hopkins University and its medical school. “Detection controls, what they do is they say, ‘Well, this thing is happening, and it looks kind of funny--what do you want me to do about it?’ ”

Answering those questions are a set of investigative controls, sometimes automated in their responses, but usually operated by a staff pro responding to alerts, says Lacey, adding, “Detection controls are most beneficial when they’re integrated well with investigating.” Information aggregated from the various detection points--firewalls, host-based protection systems, audited activity logs and so on--aid in “creating new prevention signatures and new prevention rules.” And if a detection system sees something get through, “that will shape what prevention controls you run in the future.”
Prevention controls at the outer rim of the IT network include lists of IP addresses known to be both destinations for stolen data and sources of command-and-control centers for a network of malware called bots, guiding them through a breached system looking for lucre. “But sometimes these botnets change IP addresses, so your preventive rule sets don’t tell you a lot,” says Lacey.

A detection system might identify a new IP address to which several devices inside an IT network are communicating back and forth, for unknown reasons. Chances are that something suspicious is in play, Lacey explains, and an alert is triggered for investigation. The first response likely is to set up a new preventive control, adding the address to the block list. If it prevents a compromised computer from communicating back to an outlaw site, “that greatly reduces the amount of damage that bots can do.”

10 Top Health Data Hacks

The giant breach at health insurer Anthem (previously WellPoint) potentially affecting up to 80 million insured members and employees, reminds us that the hacking threat to protected health information is persistent and growing. The HHS Office for Civil Rights Web site of large breaches lists more than 90 major incidents of hacking, which have become much more prevalent during the past two years. Here are the 10 largest healthcare hacking incidents to date. Texas Health Resources takes the analytical route even further, devising risk profiles of users in its 25-hospital system based on their access to areas of the network, especially highly sensitive lodes of information, and how much of a target they would be for, say, phishing attempts, says Mehring. He calls it a zonal approach within the network as compared with a layered approach, intended to shut down breaches before they can spread.

“Quickness is key,” Mehring declares. “What we’ve found is that when that phishing email comes in, those first two hours that it’s in your environment are the most critical.” THR uses a cloud-based product that does a better job than in the past at detecting an attack and purging the invading agent, he says.

Vast improvements in the speed, computing ability and connectedness of healthcare information technology greatly complicate the business of keeping IT systems safe from intrusion. “Not only do hackers’ methods change, but the systems that we’re trying to protect evolve as well,” says Reis. “The systems get more complicated, and the hackers get more sophisticated, and to be effective we have to be able to keep up with both at the same rate.”

The fast movement of huge amounts of data make near-real-time intrusion detection critically important, says Kim of HIMSS, because attackers that get in can move quickly and access quantities of data in no time. A reactive strategy of spotting known malware in action will miss the mark, she emphasizes, because reaction hours or days later is often too late.

Information- Management: http://bit.ly/1ntZeMa

« Facebook’s Next New Data Center Is Coming To Ireland
90% of Data Breaches Are Avoidable »

Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

MAY Cyber Technology

MAY Cyber Technology

MAY Cyber Technology is a Security Management solutions provider located in Turkey & Germany.

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

The mission of the PNP Anti-Cybercrime Group is to implement and enforce pertinent laws on cybercrime and other cyber related crimes and pursue an effective anti-cybercrime campaign.

MINSEG-CSIRT

MINSEG-CSIRT

MINSEG-CSIRT is the Computer Security Incident Response Team of the Argentine Ministry of Security.

TypingDNA

TypingDNA

TypingDNA uses AI to recognise people by the way they type on desktop keyboards and mobile devices.

CYQUEO

CYQUEO

CYQUEO is your professional partner and system integrator. We secure your organization against advanced cyber threats.

ITRecycla

ITRecycla

ITRecycla are specialists in the protection of sensitive computer data by data destruction, re-marketing of reusable computer equipment, computer recycling and disposing of electronic e-waste.

Kickstart

Kickstart

Kickstart supports your startup in scaling deep technology businesses in Switzerland in areas such as AI, Blockchain and Cybersecurity.

JobStreet.com

JobStreet.com

JobStreet is one of Asia’s leading online employment marketplaces in Malaysia, Philippines, Singapore, Indonesia and Vietnam.