Brigham and Women’s, St. Luke’s Cornwall, Allina Health, Middesex Hospital. Entire these agencies in the last sixty days joined the government’s list of health contributors impacted by security violations. And the year 2015 looks to be the worst year ever for healthcare security challenges. While certain incidents are a result of lost or stolen data, smart hackers looking to lift the treasure trove of data discovered in health records are now the leading reason of information loss.
The risk is not likely to ease. Cybercrime is an “increasing $6 billion epidemic that puts millions of sufferers and their data at risk,” in accordance to a report on healthcare data security issued previous year by the Ponemon Institute.
To counter the increasing danger, contributors require rethinking their security measures.
No longer are virus scanning and intrusion detection software enough.
“Protection technologies have an intention; the issue is there are actually amazing ways to evade these things,” states Ronald Mehring, chief information security officer (CISO) for Texas Health Resources. “We have seen that with a multitude of violations across agencies that have powerful programs.”
The key, claim experts, is a complicated solution of various defense layers embedded with latest data analysis techniques that can track hackers before they can break into health information stores.
CIOs and their security staffs have to think about a class of more sophisticated devices that can sense when a violation is being implemented or already underway. For instance, advanced classes of firewalls are aware of the applications running behind them and can take into consideration what is and is not normal traffic trying to approach those applications.
Many agencies are turning to these kinds of layered protection, healthcare security experts say.
“You need to have advanced application-level firewalls at the edge,” states David Reis, vice president of IT governance and security at Lahey Health, Burlington, Mass. “You need to have intrusion detection and prevention at the network layer inside the firewall to capture those things that get through the firewall. And then for the Internet-facing networks that you are really upset and worried about, you can put host-based intrusion detection on those very particular servers.”
But layered accesses alone may be incomplete because of risks burrowing in from the Internet, states Mehring. “Before, we analyzed at it like this iterative access. Somebody comes in from the Internet; they beat an external firewall--some kind of defense network that keeps them out, at the outer shell. Then if they make it past there, there is some other control, then some other control, and some other control. It does not quite work that way anymore, because of the way users communicate with technology, the Internet.”
Detection is significant, but we are putting a lot more of our concentration on preventive steps rather than detection measures.
Network protections can be thwarted when a worker unwisely falls prey to a phishing gambit, by either clicking on a hacker’s URL link or attachment. “Professionally and personally, that is my huge worry,” states Reis. Phishing attacks “can be astonishingly effective, especially in the healthcare market where we are all trained to be patient-centric, trained to be helpful.”
HIPAA has prompted health networks to elevate their attempts, adding encryption of information at rest, media protections, and backup and security protocols, claims Russell Branzell, president and CEO of the College of Healthcare Information Management Executives. “It was the nudge we required to get started, and most agencies generally have those in area today,” he claims. Now they have to weigh technology “that steps and reacts to human nature and attitude.”
Barrier technologies are programmed to look for distinctive measures of a finite number of viruses and other malware. “You require so many hits of persons, machines, users getting infected in case for a rule, a pattern, a signature to be generated,” states Lee Kim, director of privacy and security for the Healthcare Information and Management Systems Society. In comparison to rules-based responses to attackers, the newer behavior-deployed methods look for departures from general activity.
It is all about trying to stay even with hackers who are continuously altering their attack modes. “Prevention now is far more significant than it is ever been,” Reis emphasizes. “Detection is primary, but we are putting a lot more of our concentration on preventive steps rather than detection steps, because things happen so much more rapidly now than they did even 5 years ago. If you wait until you have detected, you have had a very big event. The key now is to make certain that event does not happen.”
Increasingly, security technology is performing analyses on information coming from breach prevention and detection networks, sifting for suspicious activity, states Darren Lacey, CISO and director of IT compliance at Johns Hopkins University and its medical school. “Detection controls, what they do is they claim, ‘Well, this thing is happening, and it looks sort of funny--what do you want me to do about it?’ ”
Answering those queries are a set of investigative controls, sometimes automated in their reactions, but usually operated by a staff pro responding to alerts, claims Lacey, adding, “Detection controls are most profitable when they are integrated well with investigating.” Data aggregated from the multiple detection points--firewalls, host-based protection networks, audited activity logs and so on--aid in “creating recent prevention signatures and latest prevention rules.” And if a detection network sees something get through, “that will shape what prevention controls you run in the coming days.”
Prevention controls at the outer rim of the IT network involve lists of IP addresses known to be both destinations for stolen information and sources of command-and-control centers for a network of malware called bots, directing them through a breached network looking for lucre. “But sometimes these botnets alters the IP addresses, so your preventive rule sets do not tell you a lot,” states Lacey.
A detection network might recognize a new IP address to which various devices inside an IT network are interacting back and forth, for unknown reasons. Possibilities are that something suspicious is in play, Lacey elaborates, and an alert is triggered for investigation. The 1st response likely is to set up a latest preventive control, adding the address to the block list. If it stops a compromised computer from interacting back to an outlaw site, “that greatly lessens the rate of damage that bots can do.”
Texas Health Resources takes the analytical route even further, devising threat profiles of users in its 25-hospital networks deployed on their access to places of the network, especially greatly sensitive lodes of data, and how much of a target they would be for, claim, phishing efforts, says Mehring. He calls it a zonal approach within the network as compared with a layered approach, intended to shut down violations before they can flourish.
“Quickness is key,” Mehring announces. “What we have discovered is that when that phishing email comes in, those first 2 hours that it is in your atmosphere is the most critical.” THR uses a cloud-based product that does a better job than in the past at tracking an attack and purging the invading agent, he states.
Vast modifications in the speed, computing capability and connectedness of healthcare data technology highly complicate the business of keeping IT networks safe from intrusion. “Not merely do hackers’ methods change, but the systems that we are trying to protect evolve as well,” states Reis. “The systems get more complex, and the hackers get more sophisticated, and to be effective we have to be capable to keep up with both at the similar rate.”
The fast movement of great amounts of information makes near-real-time intrusion detection critically significant, claims Kim of HIMSS, because attackers that get in can move rapidly and access quantities of information in no time. A reactive measure of spotting known malware in action will miss the mark, she asserts, because reaction hours or days later is often too late.
No comments:
Post a Comment