Protecting Health Organisations from Breaches and Ransomware

Today’s threat security landscape will not be that of tomorrow’s; the healthcare industry in particular needs to harden its protective armour in the face of a constantly evolving climate of cyber-attacks. Furthermore, strengthening security is now the concern of every Health and Life Sciences (HLS) organisation – and every link in the chain must be robust.

I recently spoke at a webinar, alongside Rocky DeStefano, Cloudera’s cybersecurity expert and Niara’s VP product management, Karthik Krishnan, where we discussed how HLS organisations should be looking to approach their security strategy moving forward – and the sorts of technology and solutions available to support it.

Below is a brief overview of the main areas covered.

Low-hanging fruit: know your position

During my portion of the discussion I asserted that it’s no longer an option for HLS organisations to be reactive in the face of cyber-attacks. With every breach, hundreds of thousands or even millions of dollars are at stake, and more importantly, thousands of patients may be affected as their care and safety is severely disrupted and compromised by ransomware, and their trust is eroded.

To be proactive requires knowledge. Basic security compliance is no longer sufficient to adequately mitigate the risk of breaches and ransomware, so how far do HLS organisations need to go in securing themselves?

The answer lies in the rest of the industry. No organisation wants to be lagging behind peers, relatively vulnerable to breaches and ransomware. Executives need to measure their organisation’s security against their peers to understand if they are lagging, on par, or leading the industry. They need to understand if their security priorities are significantly different from peers, and if they may be over- or under-prioritising, as can sometimes be the case where there is an over dependence by the security team on what they see in the media. For any gaps in security capabilities they may have, it is particularly useful to see if this gap is common across peers or if they may be lagging behind peers in implementing that capability, and relatively vulnerable and exposed within that gap.

Capabilities that need to be assessed include those to prevent, detect and remediate security incidents. Speed of detection is key to minimising impact. Behavioural analytics is a key capability that can improve healthcare organisations’ ability to rapidly detect threats, vulnerabilities and security incidents, stop loss and initiate remediation.

The Intel HLS breach security assessment program is a culmination of these ideas. Global in scope and continuing at least until the end of 2017, this is an open industry collaboration with many industry partners, led by Intel Health & Life Sciences.

Over 55 healthcare organisations across eight countries are already participating in this program, and this number is projected to more than triple through to the end of 2017. Security maturity, priorities across eight breach types, and 42 security capabilities, are assessed, and confidential benchmark results enable healthcare organisations to compare these with the healthcare industry.

This provides key input to better inform future security decisions and how they want to best utilise constrained budgets and resources to best protect themselves from breaches and ransomware.

Healthcare industry results to date reveal just how underprepared some organisations are in the face of a security breach - with some organisations stating they only had 17 percent of the capabilities relevant to mitigating risk of ransomware. It’s an example of how HLS organisations often only cover the basic requirements needed to safeguard against these threats.

The tide is turning, however, and the industry is starting to realise the importance of a robust approach to security – particularly across its hardware.

Solving breaches and ransomware will need a concerted and collaborative effort.

The threat ecosystem has evolved, so should your tools, Rocky DeStefano, Cloudera

Hackers are now far more sophisticated thanks to their tools and collaborative approach, and as such, attacks are more frequent and damaging.

The reason for this isn’t simply that they have more powerful techniques to use – but more, our defence systems have not evolved at the same pace. Rather than using data to protect against future breaches, most HLS organisations use software systems which are backwards-facing and reactive. Certain software releases may update periodically, but attacks evolve much faster.

Today’s security issue is about scale: more data, trillions of events in fact, now need to be analysed to properly report on incoming or potential threats and legacy systems can’t handle the machine learning capabilities required.

Security analytics bests threat intelligence, Karthik Krishnan, Niara

One of the applications within Cloudera’s hub is Niara, developed by a Silicon Valley company which aims to reduce the time and effort HLS organisations expend trying to detect, understand and respond to attacks.

Krishnan began by contrasting threat intelligence and security analytics. The former discovers threats with clear signatures, rules or blacklists quite effectively, while the latter is ML (Machine Learning) driven and focuses on finding advanced, unknown threats without signatures or rules. Niara’s solution uses ML for advanced detection, analysis and remediation of attacks.

Up the tech, up the security

Across all three discussions it became clear that HLS organisations not only need to invest more in threat detection and remediation tools, but also look outside their own four walls. Using others in the industry as a benchmark for identifying their own strengths and weaknesses will be crucial to developing security strategies fit for today, and tomorrow.

For further information on the elements outlined above, watch the webinar in full here.