Next-generation threats in a hybrid healthcare environment

By Rikin Patel

Virtually every organization today, irrespective of industry, faces huge uncertainties over security threats. Today’s threats are more sophisticated; breaches are more frequent; and the cost in time, dollars and brand value is more punishing.

Cyber security specialists now acknowledge that organizations can no longer hope to build impenetrable firewalls around their enterprises. Rather, security efforts must focus on identifying threats, disrupting adversaries and extending security measures across the organization.

Experts estimate the annual cost of cybercrime and espionage at $100 billion for the U.S. economy, and almost $300 billion worldwide. A joint Ponemon and HPE study shows the average cost to resolve a single attack is more than $1 million. In the past 2 years alone, we have witnessed successful and damaging cyber-attacks against leading retail chains, banks and financial institutions, as well as entertainment giants, non- profit organizations and governmental agencies—even the White House. Hospital networks, insurance firms and other healthcare organizations have also suffered high-profile breaches.

The consequences and costs for healthcare are troubling. In 2013, healthcare organizations account for 43 percent of major data breaches reported. Since federal reporting requirements were instituted in September 2009 for organizations handling protected health data, the U.S. Department of Health and Human Services (HHS) has tracked more than 1,100 separate breaches where the data of more than 120 million people was compromised. In those and other assaults, hackers gained access to vast troves of information affecting thousands of organizations and tens of millions of consumers worldwide. Lost or compromised data includes proprietary company intellectual property, sensitive internal communications, consumer names, home addresses and telephone numbers, as well as credit account information, PIN codes, Social Security numbers, and even patient ages, illnesses and test results.

Preparing for new security challenges

As healthcare organizations seek to leverage the innovation in the industry through hybrid solutions, the power of cloud, mobility and social, as well as other new technologies, they must address more complex security challenges. As the industry transforms to a modular architecture, the high value of the data involved may attract more sophisticated and determined attackers. It’s not uncommon for such cyber attackers to initially target lower-level, lower-value components, and then work to gain a foothold with administrative rights, later attacking intellectual property or patient/member records. Early attacks should present a warning to organizations to act quickly and thoroughly.

The industry must address the current threats while preparing for the next-generation threats – those with more sophisticated attacks that include industry-specific targeting, advanced malware with rapid spread capabilities, advanced persistent threats, configurable rootkits and the ecosystem modifying these rapidly. Future adversaries will be faster, there will be more of them, and they will be increasingly sophisticated.

It is not a case of “if” but “when” future incidents occur or an organization’s entire platform is severely compromised. These sophisticated attackers will adapt to user behavior supported by a high degree of collaboration and exchanges between threat creators. National Institute of Standards and Technology (NIST) and Health Insurance Portability and Accountability Act (HIPAA) compliance can no longer be delivered through people, process and tools integration on a modular architecture, but rather must be integrated into the architecture, allowing a strategic approach to compliance and protection of member or patient information.

Improving cyber resiliency while realizing the value of modularity will require healthcare organizations to:

  • Adapt business and IT solutions to next-generation threats
  • Adapt services based on broad experience, best practices and a wide partner base with cross-industry expertise
  • Update protection, detection and response approaches to behaviors common in next-generation threats
  • Communicate changes and implement changes to current solution sets
  • Continuously monitor and adapt
  • Transform security with a structured approach that drives improvement to meet enterprise risk tolerance
  • Conduct regular business continuity and recovery planning, drills, measurement and board level reporting for continuous improvement

In an age of cyber insecurity, healthcare organizations will need to adopt a strategic, operational, and technical approach to protecting their data and platforms:

  • At a strategic level, it’s important to have an integrated view across the enterprise for faster detection and response, adopt policy changes for next-generation cyber threats, establish resilient platforms and robust business operations, and develop core capabilities, including those of partners and suppliers.
  • From an operational level, organizations should establish training to ensure that internal and external stakeholders are ready to address security incidents, take ownership of data, and develop the expertise for recovery when dealing with platform attacks and outages. That will include being able to rebuild systems through bare metal restore techniques where necessary. Processes should be put in place to improve notification, communications and prioritization. Given that any system can be targeted, organizations need E2E visibility and monitoring to correlate where incidents occurred or began. It’s also important to validate security controls against the new target architecture, such as architecture that is complex, hybrid, and built in the cloud – to meet HIPAA and NIST requirements.
  • The third part of cyber security resilience is technical, requiring network segmentation and compartmentalization, cross-platform backup and recovery, protection of the entire infrastructure including cloud/hybrid/shared environments, plus access control through identity access management and privileged account management.

The industry must consider end-to-end enterprise security needs when improving cyber resiliency.  To enable this, each organization will need to leverage best practices by using a proven cyber-reference architecture that aligns to key cyber security architecture frameworks, is technology agnostic, accelerates security foundations and delivers business outcomes.

Rikin Patel is a DXC Technologist with 25 years of diverse experience in Information Technology.  He serves as the Chief Technologist for DXC’s Americas Healthcare & Life Sciences and is a member of the Office of the CTO. Rikin is responsible for building key client relationships, advising senior leadership on technology trends, and providing thought leadership to effectively grow client and DXC business.


Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.