For nearly three decades, the healthcare industry has been combatting cyber threats. A recent report by the HHS’s Health Sector Cybersecurity Coordination Center details the scale and scope of cyberattacks on the industry, starting with the first ransomware attack in 1989 and finishing with an examination of attacks in 2021.
In building a picture of the breadth of cyberattacks on the industry, the report also laid out an overview of the current threat landscape. The authors summarized the situation as follows:
- Ransomware continues to be relevant despite efforts to combat it
- Data breaches are as common as ever
- Threat actors continue to evolve and become more sophisticated and effective
Healthcare enterprises, the report warns, should be prepared for distributed attack vectors. These include compromises originating from managed service providers, supply chain attacks, and open-source software vulnerabilities. In short, organizations should be prepared to see threats entering their networks from every possible angle.
Their findings track with other reports and coverage about the industry. Ransomware, in particular, has been a troubling threat to health IT teams. In a recent survey of 328 IT decision-makers in the healthcare sector, 34% admitted to being hit by ransomware in 2020.
So how can health IT teams fortify their defenses against an increasingly sophisticated enemy? While most have a variety of sophisticated cybersecurity tools, many still lack two things:
- An easy way to visualize all communication activity across the network
- A clear picture of normal network behavior
A network detection and response (NDR) solution that uses network flow data offers health IT teams those missing elements. Network flow data is information that is readily available from existing network and security devices—things like switches, routers, firewalls, packet brokers, security tools, and network monitoring systems. By tapping into the data collected from the devices already on the network—from cloud to core to edge—the NDR solution is able to analyze all north/south and east/west network traffic and provide teams with a single source for network activity. With machine learning, the NDR can then establish a continuously updated analysis of normal behavior. In turn, the NDR can then detect threats in real-time.
Health IT networks have grown increasingly complex. Digital infrastructure spans from finance and HR to electronic health records and digitally connected medical devices. A network compromise from any of these areas can disrupt clinical operations and put patient safety at risk. Not to mention the valuable data that could be up from grabs or used as leverage in a ransomware attack.
Healthcare organizations need a clear picture of normal activity, pervasive network visibility, and intelligent threat detection. Our latest case study takes a deeper look at the healthcare threat landscape and how an NDR solution can help.