Editor’s Note: Santosh Varughese is the President of Cognetyx, a provider of ‘Ambient Cognitive Cyber Surveillance’ to protect information assets against cyber security threats, data breaches and privacy violations.
Welcome to 2017, the writing is on the wall and it didn’t take long to get there. Earlier this month Atlanta’s Emory Healthcare was hacked by the Harak1r1 the 0.2 Bitcoin Ransomware. A database from the facility’s Brain Health Center containing data from more than 200,000 patients and other sensitive information was wiped clean and blocked access to these records. The database is gone and now boasts a ransomware message asking for .2 bitcoin, the equivalent of about 180,000 US dollars.
A report by credit firm Experian predicts 2017 will even be worse that 2016 for the healthcare industry as more attackers recognize the value in rich medical record data. Personal health information is 50 times more valuable on the black market than financial information. Stolen patient health records can fetch as much as $60 per record.
Cybersecurity Ventures predicts global annual cybercrime costs will grow to $6 trillion annually by 2021, which includes damage and destruction of data, stolen money, lost productivity and theft of intellectual property, personal and financial data, embezzlement and fraud.
However, the real surge in healthcare data crime is expected in ransomware in which a data thief holds a patient’s records for ransom. According to a recent U.S. Government report, there have been approximately 4,000 ransomware attacks per day in 2016– a dramatic increase over the 1,000 attacks per day reported in 2015.
The report estimates the average ransom will be $300,000 per day, a whopping increase from today’s payment of about 2 Bitcoins or $670 daily. Ransomware is on track to net organized cybercrime more than $1 billion in 2016 according to a Gartner presentation at the 2016 Gartner Security & Risk Summit.
Enter the Ransomworn!
But wait, there’s more. There is growing talk that 2017 will also be the year of the first ransomworm which will help spread various flavors of ransomware even faster, like crypto-ransomware that encrypts files and holds them captive until a ransom is paid.
Since the release of the ransomeware Cryptolocker Trojan family a few years ago, ransomware attacks have skyrocketed. The attacks typically involve thieves exploiting network vulnerabilities which allow malware to automatically spread over networks. Unfortunately, hospital system EHR are likely to be cyber attackers’ prime targets since access to EHRs has become more mobile with tablets and smartphones.
While traditional security filters like firewalls and reputation lists are good practice, they are no longer enough. Hackers increasingly bypasses perimeter security, enabling cyber thieves to pose as authorized users with access to hospital networks for unlimited periods of time. The problem is not only high-tech, but also low-tech, requiring that providers across the continuum simply become smarter about data protection and privacy issues. Medical facilities are finding they must teach doctors and nurses not to click on suspicious links.
Now Enter the HIT Consultants
While 2017 is shaping up to be a bad year for those vulnerable to data hacks, it could be a great year for healthcare IT consultants versed in solutions like security defenses leveraging the skyrocketing AI boom. With cloud based resources and AI, consultants have the core building blocks to launch a bold, comprehensive defense strategy.
Safeguarding of the EHR data is primary, protecting the network or the perimeter is secondary. If your data is protected, the roads leading to it become less strategic. Why have post incident responses when you can deploy a pre-incident response? It is the old stop chasing the rats and protect the cheese argument.
A data centric approach can also mitigate the argument of whether threats are caused more by rogue insiders or malicious outsiders. It simply will not matter. The real solution for medical facilities in 2017 is to concentrate IT security efforts on protecting the data by deploying an AI strategy using forensic technology. IDC forecasts global spending on cognitive systems will reach nearly $31.3 billion in 2019.
However, organizational threats manifest themselves through changing and complex signals that are difficult to detect with traditional signature-based and rule-based monitoring solutions. These threats include external attacks that evade perimeter defenses and internal attacks by malicious insiders or negligent employees.
Along with insufficient threat detection, traditional tools can contribute to “alert fatigue” by excessively warning about activities that may not be indicative of a real security incident. This requires skilled security analysts to identify and investigate these alerts when there is already a shortage of these skilled professionals. Hospital CISOs and CIOs already operate under tight budgets without needing to hire additional cybersecurity guards.
Healthcare security pros need to pick up where those traditional security tools end and realize that it’s the data that is ultimately at risk. The safeguarding of the EHR data is as important, if not more imperative, than just protecting the network or the perimeter.
Some cybersecurity sleuths deploy a variety of traps, including identifying an offensive file with a threat intelligence platform using signature-based detection and blacklists that scans a computer for known offenders. This identifies whether those types of files exist in the system which are driven by human decisions.
However, millions of patient and other medical data files need to be uploaded to cloud-based threat-intelligent platforms, scanning a computer for all of them would slow the machine down to a crawl or make it inoperable. But the threats develop so fast that those techniques don’t keep up with the bad guys and also; why wait until you are hacked?
The Dynamic Duo—Forensics and Machine Learning
Instead of signature and reputation-based detection methods, smart healthcare CSOs and CISOs are moving from post-incident to pre-incident threat intelligence. They are looking at artificial intelligence innovations that use machine learning algorithms to drive superior forensics results.
In the past, humans had to look at large sets of data to try to distinguish the good characteristics from the bad ones. With machine learning, the computer is trained to find those differences, but much faster with multidimensional signatures that detect problems and examine patterns to identify anomalies that trigger a mitigation response.
Let Your Defense Shield Self Drive
Machine learning generally works in two ways: supervised and unsupervised. With supervised learning, humans tell the machines which behaviors are appropriate or inappropriate and the machines figure out the commonalities to develop multidimensional signatures. With unsupervised learning, the machines develop the algorithms without having the data labeled, so they analyze the clusters to figure out what’s normal and what’s an anomaly.
The obvious approach is to implement an unsupervised, machine learning protective shield that delivers a defense layer to fortify IT security across EHR platforms and other hospital IT systems. A self-learning system with the flexibility of being able to cast a rapidly scalable safety net across an organization’s information ecosystem, distributed or centralized, local or global, cloud or on-premise. Whether data resides in a large health system or small chain of clinics, rogue users are identified instantly.
By applying machine learning techniques across a diverse set of data sources, systems become increasingly intelligent by absorbing more and more relevant data. These systems can then help optimize the efficiency of hospital security personnel, enabling organizations to more effectively identify threats. With multiple machine learning modules to scrutinize security data, organizations can identify and connect otherwise unnoticeable, subtle security signals.
Healthcare security analysts of all experience levels can also be empowered with machine learning through pre-analyzed context for investigations, making it easier for them to discover threats. This enables hospital CISOs to proactively combat sophisticated EHR attacks by accelerating detection efforts, reducing the time for investigation and response.
The Digital Eye in the Cloud Sees All
One of the more popular AI strategies is an ambient cognitive cyber surveillance shield which casts an “all seeing eye” security net that digitally finger prints user access behavior, identifying rogue users virtually instantly. This technology creates a virtual, formidable defense layer powered by cognitive surveillance that is simple to deploy, easy to use, and operates automatically in the background. It can vastly improve an organization’s defense against cybersecurity threats, data breaches and privacy violations.
Deploying an enterprise cybersecurity system such as this understands, recognizes and recalls normal user habits, patterns and behavior as it uses applications in day-to-day work. Through a baseline, such a platform is able to predict and detect anomalous user activity in real-time, thereby mitigating risk rapidly.
Hospital and other healthcare facilities can readily deploy this type of advanced, self-learning protective shield which can rapidly scale across EHR systems, distributed or centralized, cloud or on-premise.
Deploys this type of comprehensive cybersecurity system in 2017, and leave your data theft worries back in 2016.
featured image credit: botcrawl