Prestigious healthcare systems continue to be at risk for the next devastating ransomware attack or data breach. Defending against attacks while staying compliant with patient and data security regulations is difficult, but not impossible if you have the right security tools deployed.
The Impact of COVID-19 in Healthcare Security Continues
The last year of the COVID-19 pandemic has brought a striking proliferation of cyber-criminal activity against the healthcare industry. Numerous hospitals and medical centers have had operations severely impacted, even halted. How did organizations deal with these new threats, and what steps were taken/ are actively being taken to ensure security? The response from healthcare institutions typically varies based on an organization’s ability to rapidly adapt to digital technologies and restructure and transform systems and operations. At the beginning of the pandemic there was a huge rush of digital transformation, and certain organizations within the healthcare industry advanced “years” with their technology in just a few short months.
Security and compliance have always been a key focus for the healthcare industry, but COVID-19 introduced new challenges. Remote work technologies are playing an important role to enable a healthcare telework community, and threat actors continue to target VPN vulnerabilities – a high-risk point. Other changes, such as outside testing centers housing secure healthcare data, the addition of more hardware, as well as more employees accessing databases, all solidified the need for a fully equipped and robust security infrastructure across the healthcare sector.
Workloads Are the New Attack Surface
The attack surface has moved to the workloads themselves, which must be defended from within. This requires application-aware workload protection that provides comprehensive coverage during runtime and secures applications, hosts, and all supporting files, libraries, processes, and binaries.
“Real-time memory protection on servers is the single most important protection upgrade a company can make.” – AITE Group
Runtime protection puts guardrails around applications and workloads that harbor organizations’ critical data. Endless threat chasing and trying to seal off porous perimeters is a failed tactic. Enacting application-aware workload protection ensures that applications do not execute malware during runtime.
Security & Compliance Can Work Together
Security and compliance have been a priority in the healthcare industry for many years. The Health Insurance Portability and Accountability Act (HIPAA) was introduced back in 1996 and since then hospitals and other healthcare organizations have been required to uphold a level of patient privacy and security. While compliance is often seen as a tool to avoid a negative outcome from a regulatory perspective, it can help reinforce widespread standards and security measures that reflects an industry committed to ensuring the safety and security of patients, data and institutions.
The difference between profit and nonprofit healthcare organizations can often be seen in their ability to adequately secure infrastructure. Challenges can arise very quickly as older medical devices and operating systems increasingly develop vulnerabilities that require patching and often present integration and access control problems. These vulnerabilities are well known to threat actors and remain a preferred target.
The most effective security models extend beyond IT infrastructure and incorporate training and educating all staff members on best practices, embedding in the culture a sense of community responsibility.
Medical Devices: A Necessary Risk?
From a compliance and risk standpoint, organizations sometimes have no choice but to accept the risk with certain medical devices. Older devices that do not offer a secure integration to the security infrastructure, or a device that does not allow for secure access control, can create a problem. In this case, it’s most important to look at risk. While there may be times that not much can be done to deter likelihood, we can focus on impact.
Being able to quickly detect any deviation and mitigate as soon as possible is the best-case scenario for these kinds of situations. IT staff should strive to maintain current software releases and updates where possible, implement a reliable backup and recovery system that is protected from network access, and enable two-factor authentication on network devices and systems.
Ransomware Continues to Escalate
“One user making a wrong click is all it takes to bring a whole network down.”
Ransomware is a particularly complex threat to hospitals and other healthcare organizations as it not only places confidential data at risk, but the entire system as a whole. Threat actors are continuously devising new techniques to avoid detection. These hackers find their way into networks through stealthy means, often via endpoints. Endpoints can be user devices – user laptops, workstations and devices often used to access networks remotely via VPN.
After they’ve gained entry, the attackers’ target destination is deep inside the network. They seek critical data residing on applications running on corporate servers and server workloads. Ransomware and associated malware are intended to run in stealth mode – they look like normal operations by design. This is how these bad actors are able to dwell inside networks for weeks and months, carrying out nefarious tasks undetected.
The most effective way organizations can ensure that ransomware doesn’t detonate is to enforce better defense, not only at the end points, but further inside at their application workloads. It would be convenient if better security at the user endpoints was sufficient to keep ransomware from getting inside. But these efforts often fail when endpoint security tools are used to protect server workloads.
"Do not use an offering designed to protect end-user endpoints and expect it to provide adequate protection for server workloads." - Gartner
Any device – authorized or unauthorized – can be a conduit for malware. The large quantity of outdated medical devices that can't be patched and other critical systems pose risks. This underscores the importance of protecting the avenues of remote access as well as the critically important application servers to prevent damage before it happens.
What is needed beyond these basic best practices is to protect the inside. The source of where data resides - applications, servers and memory – must be reliably and proactively guarded in ways it never has been before.
The Virsec Security Platform provides application-aware workload protection that provides system integrity assurance, runtime application and memory protection in a single solution. Virsec delivers precise, immediate and automated detection, blocking sophisticated and evasive attacks at the first step of the kill chain.
The Virsec solution maps the expected performance of each application on a workload and protects the memory those applications use to execute. Virsec ensures that the components of those applications are correct and unmodified before they are allowed to execute. Any deviation from the norm is instantly detected, treated as a threat, and blocked.
With Virsec’s unique AppMap® technology, you don’t need to use multiple tools to hunt for threats or spend time determing what threat is happening – the solution already recognizes that there is a threat the moment the code deviates and blocks it. Get in-depth visibility across the entire workload without prior knowledge, signatures, or tuning.
• Full runtime protection and visibility at the host, memory and web layers
• Enterprise-ready, easy to operationalize
• Protect all applications – from legacy to COTS to custom – in any environment
• Defend against every threat without prior knowledge, signatures, or tuning
• Zero dwell time
Webinar: Ransomware: Cyber Defense Demo
Webinar: EPP/EDR Tools Don't Work
Solution Brief: Virsec Ransomware Protection