Maksim Kabakou - Fotolia
In May 2017, organizations across the globe received a grim reminder of how computer malware and ransomware can easily cripple their operations. Computer systems in government entities, hospitals and for-profit companies were affected by the WannaCry ransomware worm. Some IT departments faced the daunting task of having to explain why their systems were impacted while others escaped it. This raised the question of what hospitals can do to mitigate and stay ahead of the ongoing healthcare threats they face.
In the ongoing fight between good guys and bad guys, security tools are flooding the market with claims to offer the best prevention and protection against these threats. However, choosing the right product or combination of products is difficult for many hospital IT departments and leaves them uncertain of what direction they should take to improve their protections.
There are multiple types of attacks hospitals face today, and the most popular are the ones where attackers attempt to gain access to the data and network through malware concealed in emails. Targeting unsuspecting users to open email attachments or links allows attackers to infect the machine and attempt to control it remotely to gain access to the rest of the environment. Another option is to get end users to open attachments that encrypt the sensitive files located on the machine or server to hold the data for ransom.
In either attack scenario, IT must put protections in place to block incoming healthcare threats, but blocking infections at the endpoint alone is not sufficient; there are other methods besides email that hackers use to gain access to systems, and they can stay hidden while stealing information and exploring the targeted environment. For this reason, a new set of tools that take a different approach to protecting the hospital network has been gaining traction in the marketplace.
While antivirus tools are still a must-have on end-user devices, advanced threat protection software that offers intelligent scanning and protection capabilities while monitoring the network and endpoint activities provide an extra layer of security. There are three distinct areas in which new advanced threat protection products can protect against active or upcoming attacks against hospitals.
To reduce the volume of attacks and infections affecting endpoint devices, protecting and filtering email messages is one of the most effective methods to reduce the risk of malicious code execution. Hospital IT can leverage a number of services that analyze attachments, email messages and links and block any suspicious code or content from getting to the end user's machine. This new type of protection relies on machine learning to evaluate the behavior of the content in the email messages or attachments in a sandbox and then trigger a block or quarantine if it deems the behavior malicious.
Endpoint protection based on application activities
Attackers can gain access to an endpoint by either bypassing email protections or by infecting the machine from a website or USB flash drive. Once the infection latches on to the machine, there is no guarantee that antivirus software can block the malicious code if it does not recognize its signature. To protect against this, similar to how emails are scanned using advanced intelligent analysis, advanced threat protection software monitors the activities of the different processes running on a machine, and can send an alert and block any suspicious behavior such as privilege escalation.
Network and infrastructure protections and analysis
One of the biggest challenges hospitals face when it comes to detecting criminal activities and attackers within the network is the burden of reviewing multiple activity reports from the network and servers. The flood of security reports makes it nearly impossible for anyone to continuously monitor and detect an intrusion without a full-time resource or the use of a third-party monitoring service. With the help of advanced machine learning to analyze and ingest the different networking and system activities, IT administrators can get an early warning that reduces false alerts and allows them to focus on activities that are likely to be the most concerning. Using the behavioral analytics many vendors offer that monitor the environment 24/7 is set to make a much bigger difference to hospitals as they continue to fight increasing attacks.
Overall the use of advanced threat protection software that works with behavioral analytics to detect and flag attacks is already making a difference to hospitals that see the limitation in traditional signature-based protection platforms. More vendors are introducing new solutions that can provide additional protection. IT will be forced to adapt to the ever-changing healthcare threats and add multiple security layers to their infrastructure to ensure the safety and protection of their environment.
Prevent a hospital ransomware attack with these tips
Use a three-layered approach to protect healthcare data
Cloud security tools offer protection against healthcare cyberattacks