By Derek Manky, Global Security Strategist, Fortinet
When it comes to protecting patient information and proprietary medical research, the healthcare industry faces significant cybersecurity challenges every day. The adoption of new medical technology—including electronic health records (EHRs), online patient portals, connected devices and wearables—offers improved patient care and convenience. However, it also creates greater opportunity for attack.
Of all the industries affected by advances in cybercrime techniques, healthcare providers continue to be at high risk. That’s because providers not only store personal and financial data that’s extremely valuable to criminals, but their network systems are also very sensitive to interruptions.
And with lives potentially on the line, they may be more motivated than other sectors to pay ransoms to decrypt or release hijacked network resources. However, this sector also historically lags in terms of technology adoption – including cybersecurity. It’s not surprising then that cyberattacks targeting healthcare providers increased 63 percent in 2016.
Dangers of the IoMT
One of the most widely adopted trends in medical technology – the Internet of Medical Things (IoMT) – is also one of the greatest targets of cyber threats, for several reasons. First, as with far too many IoT devices on the market today, IoMT devices are often not built with security as a primary consideration. And unlike the healthcare providers that install and use these devices, the device manufacturers are not typically bound by HIPAA regulations that require features to secure the protected healthcare information (PHI) of patients.
This makes IoMT devices an attractive entryway into healthcare networks for cybercriminals. The advent of IoMT has put security administrators in a tight spot. These devices are linked to human lives, so there is pressure to not impede these network flows. However, if proper security solutions are not put in place, the entire healthcare organization is placed at risk. Providers must address risk from all directions before disaster strikes.
Second, IoMT devices don’t always have simplified mechanisms to distribute or receive security-related updates and patches when a new vulnerability is discovered. Third, these devices, as well as the web applications patients use to interact with them, are often programmed to access private and sensitive information stored on hospital networks.
Unsecured endpoints and applications can act as an easy entryway into the broader network when compromised. As a result, IT administrators are required to develop new network security protocols to deal with the increased number of unsecured and often highly mobile endpoints connected to the internal network.
AI and Automation: The New Threats
Cyberattacks have multiplied not only in number but in ingenuity as well. For example, one new attack system uses tools with automated front-ends that mine for information and vulnerabilities, combined with artificial intelligence (AI)-based analysis to sift through Big Data. It’s also now possible for cybercriminals to leverage machine learning in order to modify code on the fly based on what has been detected in black hat labs in order to make these cybercrime and penetration tools more evasive and harder to identify.
A July 2016 survey conducted by Solutionary discovered that healthcare is the industry most frequently targeted by malware, accounting for 88 percent of all detections in Q2. And this may just be the beginning. It has been predicted that we will soon see custom malware written completely by machines based on automated vulnerability detection, complex data analysis and automated development of the best possible exploit derived from the unique characteristics of a discovered weakness.
For example, the recent Reaper botnet malware used nine different packages that targeted vulnerabilities in IoT devices from seven different manufacturers. Reaper is capitalizing on a larger attack surface, and these types of evolving IoT botnets are bound to hit IoMT devices.
The Role of Automation in Security
The innovations being introduced by cybercriminals will soon be able to subvert the technologies healthcare organizations currently have in place. To survive, it is imperative that healthcare IT teams develop and deploy advanced, integrated security systems.
Fortunately, automation can benefit the healthcare industry just as much as it does criminals. As security automation develops, it enables healthcare security professionals to keep pace with the growing onslaught of malware attacks that are specifically targeting their sector.
For instance, automation can be used to dynamically segment traffic, even in highly elastic environments. Such internal segmentation technologies are able to identify and then automatically isolate sensitive data located behind firewalls within the network based on specific security protocols. This ensures that a compromised device is never able to spread laterally and thereby infecting the entirety of the healthcare network.
Healthcare IT teams can also use automation to enhance or replace basic security functions and day-to-day tasks like tracking and patching devices and configuring security and network devices. Automation can also be leveraged to detect device vulnerabilities and apply or update security protocols or an intrusion prevention system (IPS) policy to protect them until a patch is available, or to modify policies and protocols in real time in response to newly detected threats or intrusions.
The Role of AI in Security
The key to cybersecurity is visibility; you cannot protect what you cannot see. If you know what is happening in your network, at the granular level, you can quickly identify any anomalous behavior and act to isolate it from spreading throughout your network.
So then, the challenge is to take advantage of AI to address two critical issues: greater visibility and improved collaboration.
Capturing and correlating all relevant threat intelligence from your entire network of sensors adds transparency to network operations. The next step is to combine this intelligence with metrics observed across individual networks to provide a benchmark for comparison. And, to expand visibility even further, healthcare organizations can create partnerships with vendors and other industry members to integrate local and global metrics to build an industry-specific knowledge base as a launching pad for AI-based analytics.
There is an old saying in network security: “Attackers only need to be right once. You need to be right every single time.” The only way to stay ahead of cybercriminals is to act immediately whenever and however they strike. Using Big Data analytics to examine and analyze these files in combination with AI and adaptive learning to mitigate the threat in order to detect and predict threats and threat behavior.
AI and Automation: A Winning Combination
Increasingly, adversaries are adding automation and machine learning to their attack toolkits at a rapid pace to better scale across the newly expanded attack surface. As a result, targeted systems need to become more intelligent and integrated. Driving towards intent-based security will enable organizations to leverage the power of automation and integration as critical tools to combat the constantly evolving ransomware and malware attacks on the horizon.
Security needs to be able to operate at digital speeds, which means automating security responses and comprehensively applying intelligence combined with self-learning technologies so that networks can make effective and autonomous decisions. To survive the sophisticated and increasingly intelligent and autonomous attacks currently being developed, healthcare organizations will need to replace organically developed, “accidental” network architectures with intentional design that folds automation and AI into an expert system that creates actionable intelligence. In this way, healthcare providers will be able to detect and withstand serious and sustained attacks.