SAN FRANCISCO — Return on investment. Teenage hackers have pretty much mastered it but hospital executives continue struggling to get the funding for information security let alone demonstrate ROI.

Take the typical threat actor, for instance. The FBI profile includes young males (mostly) between 17 years old and their late twenties, some of whom are formally trained but most are instead self-taught on the Dark Web, according to FBI Special Agent MK Palmore.

[Also: HIPAA breach fines: It's time to rethink this mess]

“Because they operate with near anonymity they get to practice a lot,” Palmore said at the HIMSS and Healthcare IT News Privacy and Security Forum in San Francisco Friday. “These guys are experts at return on investment, they know how much effort to put in to get a return that is advantageous to them.”

Not all ROI is the same, of course. Hospital executives, IT and information security professionals are aiming for different kind of return than criminals looking to make a quick buck -- and that ROI is much more complicated. 

“Security ROI is very difficult to compute because -- despite algorithms, impact and risk issues -- trying to calculate a return gets really tricky when you’re talking about human lives,” Symantec Chief Health Officer David Finn said.

Hackers are not making life any easier on hospitals, to be certain.

While Symantec saw an uprising of elaborate hacks in 2016, the company’s SOCs picked up criminals using very inexpensive and hard-to-detect tools, notably Windows Powershells and Macros.

[Also: 75% of health orgs live below cybersecurity poverty line]

“Macro’s were a big threat 20 years ago and now they’re back,” Finn said. “Powershell is on every Windows machine in the world and 95 percent of the script is malicious across the globe.”

Hackers, in fact, are using Powershell and Macro’s to get onto networks and do east-west migrations and move around undetected. 

“No one is suspicious of these,” Finn said. “They’re very clever at using our own tools against us.”

And those are merely two new examples of how hackers, nations-states, organized crime and other cyberthieves set an increasingly faster pace in the evolving reality of current threats.

“They are always in a position to win,” Palmore said. “You have to be right 100 percent of the time and they only have to be right once.”

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn