Over the past few years, healthcare organizations have increasingly become one of the leading targets for cyber criminals with data breaches exposing personal patient data, medical records, and financial information, resulting in millions of dollars of added cost to these institutions. As the healthcare organizations become savvier with their cybersecurity, the criminals just get more creative.

Continuous real-time monitoring of the network connections in the system is of paramount importance. (Credit: iStock)

The list of targets and the methods by which cyber threats are perpetrated are long and varied; however, one of the primary conduits for cyberattacks is the ecosystem of Internet-connected devices. To help minimize system pitfalls and to protect the confidentiality and availability of patient and network data, healthcare organizations have been working on consolidating their systems to reduce gaps and vulnerabilities that ultimately serve as “hot spots” for malicious activity.

While an expanded use of network technology, Internet-enabled medical devices, and electronic databases for clinical, financial, and administrative operations can prove to be a significant benefit for patient care data delivery and organizational efficiency, it also increases the exposure to potential cyberattacks. In addition, required industry laws and regulations are ever-changing, and while tedious security measures provide a good platform to ensure the basic protection of the infrastructure, it is no longer enough to prevent breaches. See the sidebar, “Cyberattacks by the Numbers” for statistics that illustrate the scale and impact of data breaches.

The First Step: Assess the System

For any IT environment, the total state of the network, including individual connected devices as well as the effective topology of the network itself, must be evaluated to determine potential risks and vulnerabilities. These include the following areas:

  • Network segmentation connections.

  • Identified rogue connections.

  • Data leak detection.

  • Bad actor site connections.

  • High-risk open ports.

Fig. 1 - A cybersecurity plan includes activities that identify, protect, detect, respond, and recover when an attack occurs.

Cyberattacks by the Numbers

1,579: Number of reported data breaches in 2017

1,093: Number of reported data breaches in 2016

781: Number of reported data breaches in 2015

$400 billion: Estimated global cost of cyber-attacks annually

$2.1 trillion: Projected global cost of cyberattacks in 2019

In addition to the vulnerability identification, cyber real-time situational awareness monitoring of the network is needed to detect any changes over time. All connected known and unknown IP addresses need to be identified and validated, and the system should provide real-time awareness of their behavior. Meta data, which can identify the operating system, properties, and connections, should also be collected on all IPs on the network to determine where the organization needs to update vulnerabilities before a cyber breach occurs.

Cyberattacks are becoming more sophisticated and damaging, and these potentially crippling assaults are premeditated, deliberate, and coordinated. When a device such as a network switch, firewall, or router is identified as end of life, it either has a technological market disadvantage or a technical flaw that renders the device vulnerable in certain situations. Software patches are similar in respect but are much more frequent and are typically called security updates or security bulletins. Many of the updates are categorized as critical, important, or moderate, and they identify the issue as either part of the native vendor products or vulnerabilities in third-party applications used by the native applications that can compromise the OEM publisher's products. Once a flaw is known, the hacker communities also then know and start targeting their attacks to enter an organization through the identified vulnerabilities.

The issue of deployment of patches or updates by companies is the biggest concern given the public awareness of these broad-based cyber/malware attacks. Recently, some attacks have been based upon gaps in the patching software. These attackers develop their software hacks to automatically detect and exploit these unpatched software and systems that are not updated with the current software as the bases for the attack and entrance into the healthcare facility.

The Foundation of Network Security: Visibility

Comprehensive network behavioral analytics and proactive cybersecurity situational awareness are key to maintaining system security. A structure needs to be developed and implemented that has the ability to assess, identify, and detect, in real-time, known and unknown threats in the enterprise environment, while providing complete network visibility. Data traffic should be analyzed as well as the behavior of all IP addresses in the organization's infrastructure. Frequent threats identified include the following:

  • Segmentation.

  • Rogue connections.

  • Data leaks.

  • Bad actor site connections.

  • High-risk open ports.

The First Line of Defense: Real-Time Monitoring

Continuous real-time monitoring of the network connections in the system is of paramount importance to develop and align an organization's security posture, network, endpoints, cloud devices, and applications. This serves as the first line of defense in identifying and addressing potential threats, while ensuring continuity through any changes. Proactive cybersecurity situational awareness is needed with complete visibility of complex networks to protect the healthcare organizations, and their vast web of connected devices, with real-time continuous monitoring, while maintaining compliance with a range of regulatory requirements such as HIPAA, HITECH, and NHS Directive, among others.

These elements are a necessity to ensure that the gap between known and unknown threats does not grow. In many cases a 20 percent gap in network situational awareness can develop. Utilizing gap analysis technology, the healthcare organization can assess network changes to narrow this gap with the ultimate goal of identifying and monitoring 100 percent of network connections and devices.

Best Practices

To effectively create network situational awareness with complete visibility of an organization's IT assets, there is a need for integrative capacity, scalability, and real-time assessment capabilities. Understanding best practices in developing effective cybersecurity measures is a strategic approach to delivery on this agenda (see Figure 1). The following four factors must be taken into account:

  • Comprehend the threats facing an organization.

  • Identify the company's critical assets and proprietary knowledge.

  • Understand the strengths and weaknesses of current cybersecurity arrangements.

  • Develop a cybersecurity roadmap.

On the last point relative to developing a cybersecurity plan, executives in coordination with their IT departments and vendor partners should focus on several important actions, including:

  • Ensuring that all company technology has the latest security software, web browser, and operation system.

  • Creating a mobile device action plan.

  • Protecting company Internet connections by using a firewall and encrypting information.

  • Controlling physical access to computer and network components.

  • Ensuring that service and SaaS providers are using the most trusted and certified or validated tools that include protection for anti-fraud/anti-malware on their systems.

With the range of cyber threats constantly changing, healthcare organizations need to be even more vigilant in their approach to mitigating cyber risks and strengthening their security profile. Executives can benefit from the insight and expertise of a trusted IT solutions team to assist them in navigating the complexities of the cyber security world.

This article was written by Brian Berger, Executive Vice President of Cytellix, Commercial Division, Aliso Viejo, CA. For more information, visit here.