What You Should Know:
– Vectra spotlight report on healthcare discredits the widely held belief that external threats would lead to an increase in data breaches during the COVID-19 pandemic.
– According to Vectra, although opportunistic attacks against healthcare were up – and some might have succeeded – external activity does not appear to have led to an internal activity normally observed in successful attacks. Healthcare organizations in general are doing a good job of mitigating inbound attack attempts.
Vectra AI, a provider of network threat detection and response (NDR), today released its 2020 Spotlight Report on Healthcare, which notably discredits the widely held belief that external threats would lead to an increase in data breaches during the COVID-19 pandemic. The latest Spotlight Report on Healthcare is based on observations and data from January-May of this year using a sample of 363 opt-in enterprise organizations in healthcare and eight other industries.
Cloud services and remote healthcare create new exploitable attack surfaces
When specifically examining cybersecurity statistics for healthcare in 2020, Vectra research has found that there is an increase in two trends during the first half of the year. The first is the upward trending of command-and-control behaviors, which indicate remote access of internal systems. The second is the doubling of data exfiltration behaviors, which indicates that data is leaving internal healthcare networks to external destinations like cloud services. This increase in remote access and data transmitted to external destinations aligns with the rapid adoption of cloud services in healthcare during the COVID-19 pandemic.
External threats targeting healthcare are not leading to increased internal threat activity
According to Vectra, although opportunistic attacks against healthcare were up – and some might have succeeded – external activity does not appear to have led to an internal activity normally observed in successful attacks. Healthcare organizations in general are doing a good job of mitigating inbound attack attempts.
Within the current climate, the need for immediate response outweighs the normal policy oversight of ensuring secure data handling processes. Healthcare operations involve never-ending challenges to balance security and policy enforcement with usability and efficiency. Security organizations in healthcare will likely struggle with managing the need for availability of patient information with the policy and controls required for securing and protecting that data in the cloud.
Analysis of security in the healthcare industry from January-May 2020
From January-May 2020, the Vectra Cognito® Network Detection and Response (NDR) platform detected and correlated behaviors consistent with attacker behaviors in host devices, assigned a threat-severity score, and prioritized the highest-risk threats to healthcare. This analysis provides the context needed to better understand what data is moving to the cloud, as well as how it is being used and shared.
For healthcare organizations, the migration of data to the cloud was already in motion, and COVID-19 has accelerated this transition and the policies that govern it. NDR is an effective approach for the detection and response to attackers that circumvent or defeat defensive controls and gain an operating capability inside an organization’s infrastructure.
“Healthcare providers have been tasked with quickly leveraging remote access and cloud analytics to scale their operations,” said Chris Morales, head of security analytics at Vectra. “While cloud computing better optimizes the use of resources in healthcare, it also creates significant risks. This is especially true when cloud adoption happens faster than proper due diligence can be applied by information security personnel. This trend will persist well after the pandemic.”
For more information about the report, click here.
