Guest post by Santosh Varughese, president, Cognetyx.
Since cybersecurity healthcare threats on hospital EHR systems have become a topic of nightly newscasts, no longer is anyone shocked by their scope and veracity. What is shocking is the financial damage the attacks are predicted to cause as they reverberate throughout the economy.
In the 30 days of June 2016, more than 11 million patient EHRs were breached, making it the year’s worst incident according to a study by DataBreaches.net and Prontenus. For comparison, May had less than 700,000 and 2016’s former breach leader (March) topped out at just over 2.5 million.
While traditional security filters like firewalls and reputation lists are good practice, they are no longer enough. Hackers increasingly bypasses perimeter security, enabling cyber thieves to pose as authorized users with access to hospital networks for unlimited periods of time. The problem is not only high-tech, but also low-tech, requiring that providers across the healthcare continuum simply become smarter about data protection and privacy issues.
Healthcare security executives need to pick up where those traditional security tools end and investigate AI cybersecurity digital safety nets. IDC forecasts global spending on cognitive systems will reach nearly $31.3 billion in 2019.
CISOs are recognizing that security shields must be placed where the data resides in the EHR systems as opposed to monitoring data traveling across the network. Cloud deployment directly targeting EHR systems data is needed rather than simply protecting the network or the perimeter.
Pre-cursors to AI are also no longer that reliable. Organizational threats manifest themselves through changing and complex signals that are difficult to detect with traditional signature-based and rule-based monitoring solutions. These threats include external attacks that evade perimeter defenses and internal attacks by malicious insiders or negligent employees.
Along with insufficient threat detection, traditional tools can contribute to “alert fatigue” by excessively warning about activities that may not be indicative of a real security incident. This requires skilled security analysts to identify and investigate these alerts when there is already a shortage of these skilled professionals. Hospital CISOs and CIOs already operate under tight budgets without needing to hire additional cybersecurity guards.
Some cybersecurity sleuths deploy a variety of traps, including identifying an offensive file with a threat intelligence platform using signature-based detection and blacklists that scans a computer for known offenders. This identifies whether those types of files exist in the system which are driven by human decisions.
However, millions of patient and other medical data files need to be uploaded to cloud-based threat-intelligent platforms, scanning a computer for all of them would slow the machine down to a crawl or make it inoperable. But the threats develop so fast that those techniques don’t keep up with the bad guys and also; why wait until you are hacked?
The Mix of Forensics and Machine Learning
Instead of signature and reputation-based detection methods, smart healthcare CSOs and CISOs are moving from post-incident to pre-incident threat intelligence. AI innovations that use machine learning algorithms to drive superior forensics results and deploy pre-incident security are just what the IT doctor should be prescribing.
In the past, humans had to look at large sets of data to try to distinguish the good characteristics from the bad ones. With machine learning, the computer is trained to find those differences, but much faster with multidimensional signatures that detect problems and examine patterns to identify anomalies that trigger a mitigation response.