As many recent cyberattacks have shown, healthcare networks are prime targets for online criminal networks. Compared to other industries, healthcare systems, and hospital networks have created large attack surfaces based on complex, unintegrated systems that create vulnerabilities. These vulnerabilities are created by a lack of comprehensive visibility across your attack surface. While these vulnerabilities can be exploited by attackers, they can even be problem areas when dealing with more typical outages and latency issues.
With lives at stake and a compelling need to be up 24x7, healthcare executives need to work more closely with their IT operations teams to ensure that their technology investments are working as efficiently as possible to keep their services secure and reliable in order to enable superior patient care, protect revenue, and mitigate reputational risk.
Here are 5 questions you should be asking your security, application, and network team leaders about how to protect your organization from damaging disruptions in patient care.
1. Ransomware is a huge problem in healthcare. What are we doing to prevent ransomware attacks in our system before the damage is done, and it could impact patient care?
Why It’s Important: Malware-focused security solutions alone can only take you so far against ransomware. Successfully preventing against ransomware requires the ability to track unusual user behavior and suspicious network activity long before malware begins to encrypt files, and a ransom demand is made. Bottom line – your network is the source of all digital traffic and serves as a conduit for all cyberthreat activity. Rather than acquiring another narrow, single threat-based security solution, healthcare system executives would do better to invest in solutions that give you a broader view across your organization’s entire network so you can see all cyber threats before they become incidents.
Next Steps: Your teams should be looking to network security solutions that go beyond logs, traces, and metrics to deep packet data as their primary source of insight. Solutions built on analysis of deep packet data represent the best way to anticipate ransomware, DDoS attacks, and other types of cyberattacks by identifying abnormalities and predicting future attack activity.
2. What are we doing to speed up our ability to pinpoint the root cause of cyber incidents, and do we have the right security data to ensure smooth, efficient business operations that are central to quality patient care and revenue?
Why It’s Important: Comprehensive data across your network yields fast root-cause identification and eliminates grinding multi-hour war room sessions. Diagnosing and solving for today’s cybersecurity incidents requires deeper, broader visibility as well as essential data and insights. Remember that whether you’re working with SIEM, SOAR, or AIOps solutions, these tools are only as good as the quality of the data fed into them. The best security data should be extendable and usable across your network, security, and applications teams.
So what is comprehensive network security rooted in? Packet-level visibility that goes deeper than simply analyzing metrics, logs, and traces. If your network security solution stops short of packet-level analysis, your incident response teams won’t have the real-time and historical data they need to quickly investigate, analyze, and respond to security events so they can minimize their impact.
3. Are we doing anything to create stronger efficiencies and collaboration across our network, security, and application leaders, so we build a more holistic, proactive approach to dealing with outages?
Why It’s Important: Network, security, and application teams traditionally have worked in separate, stove-piped organizations with different budgets, vendors, and perspectives on these security problems. This creates a fragmented, unsynchronized view of the network that leaves too many healthcare systems needlessly exposed. Without strong visibility that’s rooted in deep awareness of all network activity, your ability to deliver patient care could be delayed for hours or days in the wake of a security exploit.
Next Steps: Ask your team leaders to see the progress they’ve been making over the past year in responding to outages, application latency, and events like DDoS attacks. Probe about the type of data they use to root out security gaps and whether it is based on network packets. This“conversational” network data is the best way to get to the root cause of outages and incidents faster so your system can focus on delivering the highest-quality care.
4: Third-party security risk obviously is a big problem in healthcare systems. How could we be thinking differently about our approach to improve our risk profile?
Why It’s Important: Chief Healthcare Executive estimates that fully half of data breaches in health systems are through third-party partners. But all cyber incidents begin on the network, so taking a network-centric point of view to your security involves having the right people at the table – network, security, and applications – and having the capability to monitor third-party applications as well as your own.
Next Steps: Work with your full Operations teams to update your risk profile strategy, starting with your network, and understand your ability to secure your most critical applications and monitor unusual activity in those of your partners. Third-party risk profiling can include ensuring that third parties adhere to the latest standards in data protection, encryption, and dual-factor authentication as well as regulations such as HIPAA and industry standards like ISO.
5. How much duplicate data are we feeding into our observability tools, and how can we cut that data and lower our costs?
Why It’s Important: Although automating IT Operations with AIOps platforms reduces the monitoring burden on IT staff, IDC estimates that 30% of metric, log, and trace data fed into these systems is duplicative. This is why many AIOps platforms are in danger of becoming cost-prohibitive based on data processing rates and why false positives are still a big problem.
Next Steps: Encourage your IT operations teams to explore solutions that could give them the ability to monitor, analyze, and correlate data based on the interactions of different data sources. This would avoid false positives that waste precious IT resources while generating savings on operating expenses.
Conclusion
You should be working with your Operations teams regularly to bring all the data at your disposal to bear against security and performance issues, so you continue to ensure superior patient care, reduce risk, and keep critical systems operating.
To get the expert healthcare support you need to navigate today’s toughest challenges, talk to a NETSCOUT expert or view more expert insights at:
netscout.com/welcome/healthcare-risks