Healthcare Cybersecurity: Using Network Detection and Response to Stop Cyberattacks
Healthcare is a prime target for cyber-attackers and it’s hitting the pocketbook hard. For the ninth year in a row, the Ponemon Institute reports that healthcare organizations had the highest costs associated with data breaches at $6.45 million – over 60 percent more than the global average of all industries.
Network Detection and Response (NDR) can help to protect your healthcare organization from attack. True to its name, NDR detects threats on a network and responds to them to tackle some of healthcare’s top challenges such as ransomware, Internet of Things (IoT) device security, data exfiltration, compliance, and cloud workload security.
Ransomware attacks are becoming more common, and healthcare is a popular target. Just last week, on October 1, a ransomware attack on the DCH Health System forced three hospitals in Alabama to turn away “all but the most critical new patients.”
Employees can easily introduce ransomware without knowledge of what they are doing. Though training can limit this risk, it can’t eliminate it entirely; any employee can ultimately make a mistake. As ransomware is constantly changing, a single security system or process isn’t always able to catch it.
NDR can detect ransomware as soon as it attempts entry via your network, email, the cloud, or the web. This detection happens before the ransomware can begin encrypting files and moving laterally across the network.
Protecting Medical IoT Devices
Medical IoT devices can be ideal targets for cyber-criminals targeting healthcare organizations. They are easy targets since their firmware often has vulnerabilities that are simple to exploit, and their default security, if any, is very low. In addition, they are an attractive target since an attacker can use it as a backdoor to get to more valuable systems.
NDR uses a combination of three complementary techniques to deliver IoT security and block both known and unknown attacks targeting medical devices:
- First, NDR leverages Global Threat Intelligence Network to scan traffic metadata and payloads for variants of known threats
- Second, NDR applies unsupervised AI to a healthcare organization’s network traffic to detect protocol and traffic anomalies generated by a compromised IoT device
- Third, NDR uses supervised AI to automatically create classifiers that recognize malicious network behaviors and previously unknown malware
Stopping Exfiltration of PHI, PII and Payment Card Information
Attackers love going after healthcare data since it’s such a high-value target. NDR prevents data exfiltration of Protected Health Information (PHI), Personally Identifiable Information (PII), and payment card data by providing complete visibility of every stage of the attack chain. NDR creates a unique approach to detecting advanced threats where our AI learns from both anomalous network traffic in the healthcare environment and malicious behaviors.
NDR analyzes both traffic crossing a healthcare organization’s perimeter and traffic moving laterally in its network. NDR delivers unmatched awareness and visibility of advanced attacks:
- The initial email or web-based attack attempting to compromise a single system to initiate the attack chain
- Asset discovery as it looks for more systems to compromise or data sets to harvest
- Lateral movement as it spreads across the network
- Anomalous behavior of compromised systems, including personal devices and medical IoT devices
- Internal data transfers as the attackers prepare for data exfiltration
- External command & control (C&C) communication and transfer of data
Meeting Healthcare Compliance Requirements
NDR helps satisfy Intrusion Detection and Presentation Systems (IDPS)-specific compliance requirements and best practices frameworks. Those relevant to the healthcare industry include HIPAA (NIST SP 800-66), PCI DSS 11.4, NIST DE.AE (Detect – Anomalies and Events) and DE.CM (Detect – Security Continuous Monitoring), and Center for Internet Security Control 12.7.
Securing Healthcare Cloud Workloads
Security is a major consideration for healthcare organizations that are moving their confidential data to the cloud. Attackers employ a range of techniques to penetrate healthcare cloud infrastructure, launch new instances, and move laterally to launch attacks on other workloads, ultimately harvesting and exporting data. NDR discovers cyberthreat techniques, including:
- Targeting servers in public subnets in a virtual public cloud (VPC)
- Exploiting a misconfigured server with open ports to gain access to Internet-facing assets
- Moving laterally to find servers in a private subnet that you thought were safe (because they do not have a route to the Internet)
- Compromising servers running in cloud instances and downloading data
See NDR in Action
Don’t let your organization get breached. See how you can deploy a Lastline Sensor in as little as 30 minutes and begin to secure your organization.
Schedule a demo today!
Latest posts by Teresa Wingfield (see all)
- Don’t Hate Your Legacy IDPS – Replace It - February 3, 2020
- Faster, More Effective Threat Investigation, Threat Hunting and Reporting with Kibana - January 22, 2020
- 451 Research Discusses Why Network Detection and Response (NDR) is Gaining Momentum - January 15, 2020