Tips to shorten healthcare's cybersecurity learning curve
Photo: Mikhail Nilov/Pexels
Healthcare organizations are paying much more attention to cybersecurity in recent months, especially after Change Healthcare experienced a ransomware attack that debilitated its systems and disrupted claims payments nationwide, and as Ascension has been digging out from its own cyber event for weeks.
Clearly, for organizations large and small, the cybersecurity learning curve remains challenging – even as the threats become more sophisticated and insidious.
For instance, advances in persistent threat attack vectors have made nearly all endpoint detection and response systems vulnerable to at least one EDR evasion technique, according to Ricardo Villadiego, CEO of cybersecurity firm Lumu.
There are numerous ways that a threat actor may launch a successful attack without raising suspicions. While some of EDRs may log these attempts, "logs do not necessarily trigger alerts," he told Healthcare IT News.
Certain code injection techniques entail executing malicious code in a legitimate process to mask its presence, for example, making it harder for security products to detect the intrusion. Legacy threat detection technologies have allowed such executions without blocking them.
We spoke to Villadiego this week to discuss some of the healthcare industry's cybersecurity blind spots. He offered advice on leveraging artificial intelligence models to better understand attack vectors and responses. And he weighed in with some tips that could help prevent the next debilitating healthcare outage.
Q. What are the top roadblocks to overcoming cybersecurity preparedness at healthcare organizations?
A. There are a few issues. The first are blind spots. Healthcare organizations have more blind spots than those in other verticals. They are relying on basic security measures that have proven to be ineffective, typically depending on EDRs, firewalls and email security tools.
We know from a previous empirical assessment that 94% of EDR platforms have been found vulnerable to at least one common evasion technique. Additionally, the number of devices connected to the network, coupled with the inability to install protection software on these devices because they are IoT, exacerbates the blind spots even further.
The talent shortage is another, and healthcare is not immune to the security talent shortage.
The demand for SOC analysts continues to grow exponentially, which is translating into higher salaries and higher demands for benefits, including remote work and PTO.
Additionally, we see that the issue is magnified due to the healthcare sector’s complex digital infrastructure and the presence of specialized medical Internet of Things devices, which grant cybercriminals many entry points and means to persist – all against a backdrop of stringent regulatory compliance requirements.
Q. How can AI tools elevate teams to provide faster response times?
A. AI tools can assist in achieving an outcome. However, we cannot think of AI as this magic thing that will solve all the world’s problems. They are tools that need to be put in processes that enable organizations to:
- Reduce their blind spots of network threats.
- Identify these network threats in real time.
- Be able to respond to network threats autonomously.
This is viewing AI as an end, when, in fact, it is the means. Rather, we should be asking ourselves if we are implementing AI to realize efficiencies and deliver the best possible product to end-users. We must ensure that AI is indeed working for us, rather than us working for it.
Q. How can healthcare prevent the next chain reaction cyberattack?
A. Healthcare organizations cannot rely on legacy technologies to detect and respond to today’s attacks. A security strategy without a technology that looks at network threats is not only incomplete, but is also a time bomb. In addition to protecting and making it harder for the adversary to get in, you also need a way to know when the protection failed and be able to do something about it. So, this is the first step.
Also, we need to hold our third-party vendors to the same standards, and demand that they have the same protection and detection methods. This will help healthcare organizations and their partners to act as a united front and make their businesses harder to compromise.
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.
The HIMSS AI in Healthcare Forum is scheduled to take place September 5-6 in Boston. Learn more and register.