sss78 - Fotolia


Ward off insider healthcare security threats with this tech

Healthcare cybersecurity expert John Nye shares what technologies he recommends that healthcare organizations can use to fight against insider healthcare security threats.

While many fear the nation-state or single basement hacker working their way into a health system, it turns out that one of the greatest healthcare security threats comes from users within an organization.

According to a report by IBM, in 2016 internal healthcare security threats made up 71% of attacks and half of those attacks were caused by users who were unaware they were causing a security threat.

John Nye, vice president of cybersecurity strategy at CynergisTek, a health IT consulting firm based in Mission Viejo, Calif., talks about effective tools healthcare organizations can use to defend against insider healthcare security threats and make sure users aren't putting the organization at risk, intentionally or unintentionally.

Data loss prevention and file integrity monitoring

Nye said that data loss prevention (DLP) and file integrity monitoring (FIM) technologies often go hand in hand. He added that many of the products that incorporate these technologies will include both DLP and FIM and the user can choose whether to use both, or one or the other.

It's not that we shouldn't trust our users, it's that we shouldn't be giving them access they don't need.
John Nyevice president of cybersecurity strategy, CynergisTek

"Data loss prevention is a system that scans all outgoing traffic, particularly emails, looking for any kind of sensitive data. So it would look for anything that might appear like a patient's record," he said. "And if they compare that to something like a whitelist of allowed recipients and ensure that it's not going to somebody's personal Gmail or somebody in Russia."

FIM, on the other hand, monitors who accesses files and what alterations, if any, have been made to the files.

"It'll make sure that a file doesn't change, doesn't move from where it's supposed to be," Nye said. "It's a way of tagging where a file is and how a file should look."

Should someone access this file and make changes to it, the FIM system will alert the organization or deny access until that access has been approved.

Use privilege freezers

Privilege freezers are a technical solution that allows the least possible amount of access and helps make sure only the appropriate people access certain files, systems or networks.

"A user has access to, you know, various parts of the networking ... maybe to HR or maybe ... specific systems in the network, and it should be regularly reviewed because the longer a user stays around the more likely they have access to things they don't need," Nye said. "And it's not that we shouldn't trust our users, it's that we shouldn't be giving them access they don't need."

Nye added that a user may have access to a system that they never use. However, even though they may not be using it, someone else could capitalize on that access undetected.

Conduct phishing exercises

Phishing exercises, Nye said, can help make users more aware of potential healthcare security threats. For example, he said, when CynergisTek works with healthcare organizations the company sets up a phishing exercise where a certain percentage of people at the organization will receive a fake email. He added that initially the phishing emails are unsophisticated and then as time goes on they become more and more sophisticated.

"We do see significant improvement in user awareness," Nye said. "Not only will we see an increase in people not clicking them, we'll see an increase in people reporting these phishing emails, which I think is hugely advantageous to the organization because they can remove all of those from everyone else's inbox before anybody else clicks on it. And that makes a big difference."

Use safe links technology

Nye also advocates using safe links technology, which determines whether a link in an email is safe or not and either allows the content to be displayed if it is safe or blocks the content if it is not.

Office 365, for example, uses this technology.

"The Office 365 server ... will set up a proxy or a system in the middle so when you click on the link you're not actually going to that main link," Nye said. "It goes through this server ...that acts as a filter."

Next Steps

Risk management and risk analysis mistakes in healthcare

Medical devices are the new threat landscape

Next-generation cybersecurity tools are a must

Dig Deeper on Electronic medical records security and data loss prevention