Monday, December 23, 2024

Analyzing user behavior and content across all channels can support protect data

Share

In 2024, healthcare organizations experienced multiple costly cyberattacks, costing an average of nearly $10 million.1 With the rise of ransomware and extortion, healthcare will likely continue to be targeted by such attacks.

“[Threat actors] they are trying to extort money from the organization. That’s a trend we’re seeing,” said Ryan Witt, Proofpoint’s vice president of industry solutions and chair of the company’s healthcare client advisory board.

Healthcare information security executives are also concerned about data loss attributable to malicious actors, compromised accounts, and haphazard users using unsecured email, remote work applications, cloud computing, and productivity platforms.2

Advanced security measures are needed to protect patient data from AI ransomware, phishing and insider threats and ensure the integrity of healthcare operations. Understanding the current threat landscape in healthcare is the first step towards taking a proactive, people-centric approach to data protection.

Data protection starts with people

Today, attackers target people, not technology. And this is where cybersecurity leaders should focus their attention and resources.

“The cybercrime economy relies heavily on the digital interactions of exploited people,” said Brian Reed, senior director of cybersecurity strategy at Proofpoint. “It’s a much lower barrier to entry to socially engineer a victim or create a phishing bait than to spend time and energy creating, testing and releasing zero-day exploits.”

Reed estimates that in healthcare, as in most other industries, about 80% of attacks focus on human elements rather than technical vulnerabilities. “The vast majority of data losses are simply good people making bad decisions,” he said. According to Reed, the most common threats of this type are:

  • Ransomware attacks, which typically trick you into installing a browser extension, clicking a link, or downloading an application;
  • Work email compromise, which involves covert attempts to trick users into taking actions that go beyond normal workflow; AND
  • Data loss due to malicious, compromised or haphazard people.

Prevent accidental and intentional data loss

Traditionally, cyber defense meant patching vulnerabilities, stopping incoming phishing attempts, and identifying social engineering efforts before they reach end users. However, the exponential growth in endpoints and widespread adoption of the cloud across the healthcare ecosystem and an ever-changing workforce that may include short-lived workers and traveling physicians have increased the need for data loss prevention (DLP) solutions.

Proofpoint’s report found that 70% of respondents cited haphazard users as the leading cause of data loss and regulatory breaches.3 Verizon’s found that 68% of breaches involved “a non-malicious human element, such as someone falling victim to a social engineering attack or making a mistake.”4 Illustrating this point, a 2023 report from Tessian (now Proofpoint) found that about one-third of employees sent about two emails a year to the wrong recipient.5

DLP solutions realize that preventing data loss from the inside is just as significant as stopping external exploits. Most approaches apply sophisticated pattern matching to identify sensitive data that may be accidentally or intentionally extracted before it can leave the network. Advanced DLP goes much further; immense language models can sift through billions of records and classify sensitive data based on understanding context and relationships between files and directories.

Joshua Linkenhoker, Proofpoint’s enterprise security advisor, said these models can scan outgoing emails or file transfers to identify attachments that potentially contain sensitive data. Moreover, AI can be trained in human behavior to prevent it from catching arduous errors, such as an email recipient accepting an incorrect autocomplete suggestion. Linkenhoker calls this “behavior-based functionality.”

Detect data leakage from email, cloud and endpoints

Real-time AI interventions are a powerful element of automated compliance. Any time an employee is instructed on how to make the right choice when handling sensitive data, potential regulatory violations are avoided.

Behavioral AI can also teach users to think twice before moving data to an unsecured cloud folder or sharing a confidential file via OneDrive or SharePoint. Witt believes that cloud-based productivity applications, which are intended to share information by default, have become a major security vulnerability in healthcare.

Reed agreed that anticipating the moves of a determined cybercriminal is one thing, but it’s much more arduous to predict inventive, if uncertain, solutions for an overstretched medical staff.

Of course, he added, behavioral AI can also stop unusual behavior with more malicious intent. When a user who has already been notified starts renaming sensitive financial files “familyphotos.zip”, transferring them to a USB drive and deleting them from the local drive, it becomes clear that this type of exfiltration is not innocent. Without the ability to leverage scalable AI to recognize suspicious behavior, it is arduous to identify internal bad actors.

As the number of endpoints and channels to monitor increases, specialized information security solutions proliferate. While a defense-in-depth approach is valuable, the proliferation of data sources can make it arduous for healthcare security analysts to review incidents in real time and understand human actions in context.

Proofpoint research found that nearly 70% of surveyed IT professionals consider visibility into sensitive data, user behavior and external threats to be the most significant capability of data loss prevention programs.6 This is a intricate problem because information security analysts must simultaneously see both deeper and wider, which is also known as visibility at scale.

When information from disparate sources is integrated, healthcare organizations can move from protecting against known, commoditized attacks to preventing the most advanced, customized and unforeseen exploits. This provides the opportunity to apply artificial intelligence across information silos to obtain a truly contextual, 360-degree view of the threat environment.

“Now you have to find the needle in the haystack,” Witt said. “You need that level of end-to-end visibility, that level of analytics, that level of artificial intelligence that detects a diminutive number of interactions…. You only capture a very diminutive fraction of the total traffic, but that’s so little that really matters.

Download the full Proofpoint-HIMSS white paper on adopting a people-centric approach to healthcare data security Here.

Reference

1. IBM and the Ponemon Institute. 2024. https://www.ibm.com/reports/data-breach.

2. Proofpoint and CyberEdge. 2024. https://www.proofpoint.com/us/resources/threat-reports/data-loss-landscape.

3. Ibid.

4.Verizon. 2024. https://www.verizon.com/business/resources/reports/dbir/.

5. Evidence. 2024. [eBook]. https://www.proofpoint.com/sites/default/files/e-books/pfpt-us-eb-rethinking-dlp.pdf.

6. Proofpoint and CyberEdge,

Latest Posts

More News