Over the last year we've seen the healthcare industry become a motivating target for malicious actors attempting to take advantage of stolen healthcare data. This is a unique sector and completely different from organizations within the retail, financial or any other vertical for that matter. The difference here is when network connectivity and operating system restraints occur within healthcare, human life is at risk. If there's a firewall rule blocking access to an application in financial services, there can be an outage of service. This might seem stressful during the incident, but when paramedics can't access EMR systems to assist with a patient in critical condition, people lose their lives. That's the difference and it's a big one for that matter. The question is then asked, “How do you protect data medical systems and data while at the same time allowing access for physicians to save lives?” This is the task the healthcare industry is tackling right now and doing a better job than most might think. A few weeks ago, I was visiting a loved one in the ICU and realized firsthand the absolute reliance on healthcare applications and network connectivity the physicians were taking advantage of without a second thought. Without the wireless connectivity for the mobile carts, application access with prior medical conditions and heart monitors attached via Ethernet connections the doctors wouldn't have been as prepared to take care of my family member as efficiently as they did. As I mentioned previously, technology in the medical field is saving lives and at the same time attracting hackers.It’s with this double edge sword that information security within healthcare has to play a balancing act to both protect the patient’s data and more importantly, their life. Don’t get me wrong, the healthcare industry can’t throw up their hands and neglect their patents data because it would be too hard to perform proper security within this industry. Since compromised healthcare data is being sold at ten times the normal rate as a stolen credit card, the demand for this information in the black market is exponentially increasing. With this trend alone, the healthcare industry has been taken by storm a target for malicious actors attempting to pawn off sensitive data or use it for their own means. Because the concern for human life is a constant concern – as it should be – the industry has been seen increasing the monitoring capabilities of malicious activity on its network. The ability to view all areas of your network, what’s occurring on the systems and the blocking of malicious attacks on endpoints before they occur is a focus that the industry needs to move towards. By utilizing deception in their security posture (honeypots, false accounts, etc.) the industry will allow for quicker alerting on malicious behavior and allow for expedited incident response. This additional security layer is completely passive to the medical equipment installed around it, which can be used to mimic them and is a safe way to perform security around very critical healthcare systems. With the risk of 'medjacking' occurring on systems with patient data and with limited capabilities to perform security on these endpoints, using deception within the network will assist with catching bad actors. Increasing the threat intelligence and passive monitoring systems backed by data science are also ways to increase the notifications and presence of malicious traffic on a healthcare network. This all occurs without taking down equipment that’s in use to save a human life and sites passively within your network. It’s here where you’re trying to decrease the amount of alerts being sent to a security operations team using threat intel and data science. Showing alerts that are solely outside the norm and focused towards analytical threat behavior will assist with a view into the network that wouldn’t be seen otherwise. As in any industry, if the false positives are too high, the alerts become noise and aren’t followed up on by the security staff. In this case, the passive monitoring of healthcare systems with this additional layer of intel will assist with the deception layer mentioned above. This isn’t to say that proper security shouldn’t already be in place within the network, but there is sensitivity to the systems you’re protecting in healthcare that isn’t present in any other sector. When it comes down to it, life is always more important and information security needs to find creative ways to protect this data at the same time. This in no way means that it won’t have the same level security as a financial or retail environments – it will, but it will look a little different. It's not impossible to protect, and the industry, despite the latest breaches, is getting hold of their networks and putting in additional safeguards to protect their patient’s data and well-being.
About the Author: Matthew Pascucci is a Security Architect, Privacy Advocate and Security Blogger. He holds multiple information security certificates and has had the opportunity to write and speak about cyber security for the past decade. He’s the founder of www.frontlinesentinel.com and can be contacted via his blog, on Twitter @matthewpascucci, or via email [email protected]. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. Title image courtesy of ShutterStock Save
