Healthcare organizations have been paying much more attention to cybersecurity in recent months, especially after Change Healthcare suffered a ransomware attack that weakened its systems and disrupted claims payments across the country, and as Ascension has been rolling back weeks of its own cyber event.
It’s clear that for organizations huge and diminutive, learning cybersecurity remains a challenge – even as threats become more sophisticated and insidious.
For example, according to Ricardo Villadi, CEO of cybersecurity firm Lumu, advances in persistent threat attack vectors have made almost all endpoint detection and response systems vulnerable to at least one EDR bypass technique.
A threat actor can launch a successful attack in many ways without arousing suspicion. While some EDRs may log these attempts, “the logs don’t necessarily trigger alerts,” he said.
Some code injection techniques involve executing malicious code through a legitimate process, for example to mask its presence, making it more tough for security products to detect the intrusion. Older threat detection technologies allow this to be done without blocking them.
We spoke with Villadiego this week to discuss some of the healthcare industry’s cybersecurity vulnerabilities. He advised on the exploit of artificial intelligence models to better understand attack and reaction vectors. He also shared some tips that can support prevent another devastating healthcare shutdown.
Q. What are the main obstacles to overcoming cybersecurity readiness in healthcare organizations?
AND. There are a few issues. The first is blind spots. Healthcare organizations have more vulnerabilities than organizations in other industries. They rely on basic security measures that have proven to be ineffective, typically relying on EDR, firewalls, and email security tools.
We know from the previous one empirical evaluation 94% of EDR platforms were found to be vulnerable to at least one common threat avoidance technique. Additionally, the number of devices connected to the network, combined with the inability to install security software on these devices because they are IoT devices, further exacerbates the blind spots.
Another problem is the talent shortage, and healthcare is not immune to security talent shortages.
The demand for SOC analysts continues to grow exponentially, resulting in higher salaries and higher benefits requirements, including remote work and PTO.
Additionally, we see the problem being exacerbated by the healthcare sector’s convoluted digital infrastructure and the presence of specialized medical IoT devices that provide cybercriminals with multiple entry points and means of survival – all in the context of stringent regulatory compliance requirements.
Q. How can AI tools support teams deliver faster response times?
AND. AI tools can support you achieve the result. However, we cannot think of artificial intelligence as a magical thing that will solve all the world’s problems. These are tools that should be used in processes that enable organizations to:
- Reduce their network threat blind spots.
- Identify these network threats in real time.
- Be able to independently respond to network threats.
It’s seeing AI as an end when in fact it’s a means. Rather, we should ask ourselves whether we are implementing AI to raise efficiency and deliver the best possible product to end users. We need to ensure that artificial intelligence actually works for us, not us for it.
Q. How can healthcare prevent another chain reaction cyberattack?
AND. Healthcare organizations cannot rely on legacy technologies to detect and respond to state-of-the-art attacks. A security strategy without technology to detect network threats is not only incomplete, but also a time bomb. In addition to protecting yourself and making it harder for your opponent to get in, you also need a way to know when your defense has failed so you can do something about it. This is the first step.
We must also hold our third-party vendors to the same standards and require the same protection and detection methods. This will support healthcare organizations and their partners act as a united front and make their business more tough to compromise.
It is planned to organize the HIMSS AI in Healthcare Forum September 5-6 IN Boston. Find out more and register.