Healthcare organizations have been paying more attention than ever to cybersecurity in recent months, especially after Change Healthcare suffered a ransomware attack that crippled its systems and disrupted claims payments nationwide, and Ascension has been working for weeks to recover from its own cyber event.
Clearly, despite threats becoming more sophisticated and sophisticated, the cybersecurity learning curve remains daunting for organizations large and small.
For example, advances in persistent threat attack vectors have made nearly all endpoint detection and response systems vulnerable to at least one EDR evasion technique, according to Ricardo Villadiego, CEO of cybersecurity company Lumu.
There are many ways a threat actor can successfully launch an attack without arousing suspicion, and while some EDRs may record these attempts, “logs don’t necessarily trigger alerts,” he said. Healthcare IT News.
Certain code injection techniques allow malicious code to execute within legitimate processes, hiding its presence and making it harder for security products to detect intrusions, for example, whereas traditional threat detection technologies allow such execution instead of blocking it.
We spoke with Villadiego this week to discuss cybersecurity blind spots in the healthcare industry, where he advises on leveraging artificial intelligence models to better understand attack vectors and responses, and offers some tips to help prevent the next major healthcare system outage.
Q. What are the biggest obstacles to overcome in cybersecurity efforts at healthcare organizations?
A. There are a few problems. First, blind spots. Healthcare organizations have more blind spots than other types of healthcare organizations. They rely on basic security measures that have proven to be ineffective, typically relying on EDR, firewalls, and email security tools.
What we know from the last time Empirical evaluation 94% of EDR platforms have been found to be vulnerable to at least one common evasion technique, and the blind spot is further exacerbated by the sheer number of devices connected to the network, combined with the inability to install protective software on these devices due to the IoT.
Talent shortages are also an issue, and healthcare is not immune to the effects of the security talent shortage.
The demand for SOC analysts continues to grow exponentially, leading to higher salaries and a growing demand for benefits like remote work and PTO.
Additionally, the healthcare sector’s complex digital infrastructure and the presence of specialized medical IoT devices provide cybercriminals with numerous entry points and means of persistence – a problem that is only growing against the backdrop of stringent regulatory compliance requirements.
Q. How can AI tools empower teams and enable faster response times?
aAI tools can help achieve outcomes, but AI can’t be thought of as a magic bullet that will solve all the world’s problems. AI is a tool that needs to be embedded into processes that enable organizations to:
- Reduce your network threat blind spots.
- Identify these network threats in real time.
- It will enable autonomous response to network threats.
This is the act of viewing AI as an end, when in reality AI is a means. Instead, we need to ask ourselves if we are deploying AI to create efficiencies and provide the best possible product for the end user. We need to ensure that AI is working for us, not us working for it.
Q. How can the healthcare industry prevent the next chain reaction cyber attack?
A. Healthcare organizations can no longer rely on legacy technologies to detect and respond to today’s attacks. A security strategy without technology to address network threats is not only incomplete, it’s a ticking time bomb. In addition to protecting and making it harder for adversaries to get in, you also need a way to know when protection fails and do something about it. This is the first step.
They should also hold their third-party vendors to the same standards and require them to employ the same protection and detection methods, which will encourage healthcare organizations and their partners to act in a unified manner and make their businesses less susceptible to being compromised.
Andrea Fox is a senior editor at Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a publication from HIMSS Media.
HIMSS Healthcare AI Forum to be held September 5-6 in Boston. More information and registration.