Healthcare organizations have been paying much more attention to cybersecurity in recent months, especially after Change Healthcare suffered a ransomware attack that weakened its systems and disrupted claims payments across the country, and as Ascension has been digging out its own cyber event.
It’s clear that the cybersecurity learning curve remains a challenge for organizations large and small – even as threats become increasingly sophisticated and insidious.
Advances in persistent attack vectors have left nearly all endpoint detection and response systems vulnerable to at least one EDR evasion technique, said Ricardo Villadiego, CEO of cybersecurity company Lumu.
There are numerous ways a threat actor can launch a successful attack without arousing suspicion. While some EDRs can record these attempts, “logs don’t necessarily trigger alerts,” he said Healthcare IT news.
Some code injection techniques involve executing malicious code in a legitimate process to mask its presence, for example making it more difficult for security products to detect the intrusion. Older threat detection technologies have allowed such executions without blocking them.
We sat down with Villadiego this week to discuss some of the blind spots in healthcare cybersecurity. He provided advice on using artificial intelligence models to better understand attack vectors and responses. And he offered some tips that could help prevent the next debilitating health care outage.
Q. What are the top barriers to overcoming cybersecurity preparedness in healthcare organizations?
A. There are a few problems. The first is blind spots. Healthcare organizations have more blind spots than organizations in other industries. They rely on basic security measures that have proven to be ineffective, usually relying on EDRs, firewalls and email security tools.
We know it from a previous one empirical assessment that 94% of EDR platforms have been found vulnerable to at least one common evasion technique. Furthermore, the number of devices connected to the network, coupled with the inability to install security software on these devices because it is IoT, further exacerbates the blind spots.
The talent shortage is another example, and healthcare is not immune to the security talent shortage.
Demand for SOC analysts continues to grow exponentially, which translates into higher salaries and increased benefits requirements, including remote work and PTO.
Furthermore, we see the problem being magnified due to the complex digital infrastructure of the healthcare sector and the presence of specialized medical Internet of Things devices, which provide cybercriminals with many entry points and means to persist – all against the backdrop of strict regulatory compliance requirements.
Q. How can AI tools take teams to the next level and provide faster response times?
a. AI tools can help achieve a result. However, we cannot see AI as this magical thing that will solve all the problems in the world. They are tools that must be used in processes that enable organizations to:
- Reduce their blind spots from network threats.
- Identify these network threats in real time.
- Being able to respond independently to network threats.
This means that AI is seen as an end, while in fact it is a means. Instead, we should ask ourselves whether we are implementing AI to achieve efficiencies and deliver the best possible product to end users. We need to ensure that AI actually works for us, and not that we work for it.
Q. How can healthcare prevent the next chain reaction cyberattack?
A. Healthcare organizations cannot rely on older technologies to detect and respond to today’s attacks. A security strategy without technology that looks at network threats is not only incomplete, but is also a time bomb. In addition to protecting and making it harder for the opponent to get in, you also need a way to know when the protection failed and to be able to do something about it. So this is the first step.
We must also hold our third-party suppliers to the same standards and require them to have the same protection and detection methods. This will help healthcare organizations and their partners act as a united front and make it harder to compromise with their companies.
Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.