What once was only science fiction is now our reality, anything and everything can be hacked.
For healthcare providers, ‘anything’ includes not only patient records and claims information, but sentient things like drug pumps and pacemakers. In addition, healthcare has operational functionality that make this space particularly challenging.
The mobility challenge is particularly unusual because the workforce is constantly moving in and out of foundations, universities and hospitals. When they do this, they often need to retain the same access to do their jobs or gain completely different access at the same time because they are fulfilling different roles throughout the day. This is an access management nightmare.
In addition, the Internet of Things (IoT) challenge is unusual because providers already have lots of IoT devices embedded in their daily business. These devices are coming and going from your network and being associated with different patients at different times.
These ‘things’ carry important Personal Health Information (PHI) which is valuable and constantly attacked by bad actors. However, they also control processes throughout the organization that effect lifesaving measures.
Yes, healthcare organizations must remain compliant, but responsible organizations go beyond compliance to make sure a patient’s information and life support systems are respected and secured. The secret is to manage down the threat surface across both the infrastructure and access, to detect when something has been compromised with both speed and efficacy and to give your security practitioners what they need to resolve issues before there is real loss.
Mobile is Mayhem
Devices (your phone, laptop, even the crash carts) can be compromised anywhere, whether at the hospital or in the home, and many of these devices simply don’t have the memory, CPU or OS to impose a monitoring agent on them. In addition to this endpoint device protection, organizations need to be monitoring networks to detect anomalies.
Machine learning algorithms can infer a lot from traffic patterns alone. For example, your medical ventilator probably doesn’t have a history of reading CNN.com. If that device starts hitting CNN, perhaps you want to mark it as suspect and spin up other machine learning models determine if it is truly compromised. If that’s so, what TTPs (tools, techniques and practices) is it using that might point you to the threat actor or threat actor group – this will help you understand motive so that you can sharpen your defenses appropriately. And Stop Acting So Vulnerable – it’s not a good look
Your adversaries are always scanning your systems, probably more intently than you are, so you have to be smart about staying in front of them.
You need to stay on top of known vulnerabilities, but you will never patch them all because perhaps there is no patch or perhaps you just don’t have the resources to get it done in time. Securing your network is all about prioritization. By using an analytics tool to engage in evidence-based prioritization, you are able to patch the vulnerabilities that it deems most at risk.
Staying on top of access is crucial because everything in the cyber community comes down to access to information and processes. You need to understand the access level each person has, whether it’s more than they need, and what needs to happen if they change job functions or move to another hospital. Then, compare the identity to the infrastructure. If an employee has a lot of access and is running on a vulnerable infrastructure, it’s a recipe for disaster.
You need to fix the vulnerability infrastructure and/or reassess the access. These two views are usually separated by your security teams, but combining them provides a much better view into what vulnerabilities exist and what data is truly at risk if the vulnerabilities are exploited.
The winning formula? Right people. Right access to infrastructure and entitlements. Right time. And then re-check to make sure you have it right.
As Ronald Reagan said to our friends in the old Soviet Union, “Доверяй, но проверяй”. This old Russian proverb is amusingly pronounced Doveryai, no proveryai. This proverb still rings true of our security teams today - Trust, but verify.
(About the author: As the general manager of intelligence/analytics at Core Security, Chris Sullivan has responsibility for all Core Security offerings in the space. He leads the end-to-end process from the strategic roadmap through product development and go-to-market execution. Previously, Chris founded Courion Labs and has been vice president of EMEA Operations, Advanced Solutions, Customer Solutions and Professional Services. Outside of Core Security, Chris serves as our primary liaison with the Advance Cyber Security Center, Chairs the Access Risk Benchmarking Standards Committee, manages a number of industry forums on LinkedIn and is a frequent speaker and author at industry venues including the European Identity Summit, Gartner, MISTI, ISACA, IdM in London, IT GRC Forum, Finextra, the ISACA Journal, DARKReading, info security BankTeck, Bloomberg and SC Magazine. Chris received a Bachelor of Science degree in Computer Science from Northeastern University.)
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access