A Weekend in Incident Response #30: New Cybersecurity Center Promises to Help U.S. Healthcare Sector Improve Their Cyber Resilience

In light of the increased frequency of cyber attacks against health care institutions in the United States and around the globe, the recent announcement from U.S. Department of Health and Human Service (HHS) regarding the launch of a dedicated cybers ecurity center gives hope to security practitioners in this sector that they will soon be able to improve their cyber resilience against the escalating cyber threats.

The Health Cybersecurity and Communications Integration Center (HCCIC), scheduled to reach initial operating capability before the end of June, is modeled on the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center. Christopher Wlaschin, the CISO at the U.S. HHS, identified the key goals of the HCCIC as trying to “reduce the noise about cyber threats in the health care industry” and to “improve the ability of health care institutions to protect against cyber attacks.”

Mobile Health Applications and Growing Ransomware Attacks Raise Concerns

The imputes for this center are twofold: first, the exploding rate of ransomware attacks on health care organizations in recent years, and second, the increased exposure to cyber attacks brought about by the growing adoption of mobile health applications. Together these developments have pushed the government to take more decisive action to help the health care sector build more effective cyber resilience systems.

Information Sharing and Best Practices

Information collaboration and analysis of cyber threat intelligence will be at the forefront of the activities undertaken by the new center. Sharing cyber threat intelligence within an industry sector and between private companies and authorities is a significant part of overall efforts for improving the preparedness of an organization to promptly and effectively respond to cyber incidents. However, this sharing of intelligence can often also create a torrent of noise, rendering it difficult for security practitioners to discern credible information on what actually constitutes a potential threat to the cyber security of their organization. Antithetically, unfiltered intelligence sharing can actually prevent a faster and more effective response.

For this reason, organizations require a programmatic solution to help them share only the essential information related to cyber threats, past and current, and the cyber security events they have already faced. The prescribed solution is an automation and orchestration platform that has the built-in capability to integrate with threat intelligence sharing platforms such as STIXTAXII or Splunk, to name a few. This customizable platform can enable organizations within the health care sector to: share operational intelligence related to cyber security events in a secure and efficient manner; eliminate the risk of sharing any confidential company or patient data; and, cut out the noise from irrelevant information that so plagues intelligence sharing today.

In this new reality, where new and ever more sophisticated threats loom large on the horizon, health care organizations that choose to implement a cyber incident response platform with these built-in threat intelligence capabilities will do so knowing they have taken a big step forward to ensuring the protection of valuable business information, and confidential and sensitive patient data.

A Weekend in Incident Response #5: Reducing the Risks of Cyber Attacks in the Healthcare Sector

The healthcare industry is under a constant threat of cyber attacks, mostly due to the fact that organizations within this sector keep a variety of confidential and pertinent information, such as credit card information, social security numbers, insurance-related information, and some believe most importantly personal medical records.

A recent report states that healthcare entities have been under increased risk of targeted attacks lately, including phishing attacks, ransomware attacks, and network hacking attacks. The heightened risk for cyber attacks points to a growing need for enhanced protection, in addition to raising awareness of the different types of cyber attacks that many healthcare organizations are facing.

Healthcare Surpasses Financial Sector as the Most Frequently Attacked Industry

According to data provided by Advisen and Hiscox, the average cost of a cyber incident in the healthcare industry cost $150,000. A recent report published by IBM states that the healthcare industry was attacked more frequently than any other sector last year, replacing the financial services sector at the top. According to the report, over 100 million healthcare records were compromised in 2015, which is a staggering figure by all standards.

The Advisen and Hiscox report also notes that there has been a 1.6-times increase in Health Insurance Portability and Accountability Act (HIPAA) violations in the last five years. This statistic suggests that entities such as hospitals and clinics, need to ramp up their efforts for ensuring HIPAA compliance because it is one of the key steps toward achieving improved protection against cyber attacks.

Detecting Ransomware and Phishing Attacks

Currently, the most common cyber threats faced by healthcare entities include phishing attacks and ransomware. These are the most commonly used techniques by hackers trying to retrieve confidential patient information that is critical to protect. The best practices for preventing such threats involve data encryption tools, which are recommended for all covered entities.

Another solution that can be useful to healthcare organizations is a software that can create rules and can be integrated with different tools that can be adjusted in a way that allows them to automatically detect and report problems. Platforms with such capabilities should be a crucial part of each entity’s cyber defense efforts.

How to React in Case You Are Attacked

Even though there are tools designed to detect and prevent ransomware and phishing attacks, hackers often manage to find a way to go around all sorts of defenses and breach even the most sophisticated security armors. When that happens, organizations must be prepared to react as quickly and as effectively as possible with a proven solution.

To that end, all covered entities, including healthcare organizations, need to have a Computer Security Incident Response Team (CSIRT) in place. In order to help their CSIRT resolve cyber incidents, entities are advised to acquire platforms that have the ability to automatically notify CSIRTs when a cyber attack occurs, be it via e-mail or SMS, and gather a team of investigators to do the forensics on a given incident.

Incident Response platforms featuring specialized playbooks are also necessary for tackling healthcare-related incidents. They are the most indicated tool for resolving cyber incidents fast and efficiently, through their ability to accelerate the incident triage process, integrate with forensics and response systems, and predict similar events in the future. Some of those platforms (SIRPs) are also able to provide playbooks for vertical regulation, such as HIPAA and similar.