An Important Line of Defense: Securing Healthcare with Deception

Updated on December 20, 2022
A programmer is typing a code on a keyboard to protect a cyber security from hacker attacks and save clients confidential data. Padlock Hologram icons over the typing hands.
FTNT Troy Ament headshot 24Sept20 3

Healthcare organizations have been under siege by cybercriminals who have quickly realized that the combination of valuable information and the increasing number of connected devices makes them a desirable target. Everything from patient scheduling, to reporting results, to almost any other standard function within a healthcare organization is now likely connected to a digital ecosystem. And that means bad actors can have a huge impact – they can shut down vital operations, which can hurt patients and health systems. 

As these organizations work to bolster their cybersecurity posture and continually evolve it, deception technology can be a valuable tool to add to their cybersecurity toolbox.

An introduction to deception

Using deception technology, a business can lure cybercriminals away from its real assets and steer them toward a ruse or trap. To fool the criminal into thinking they have infiltrated and gotten access to the enterprise’s most valuable assets when they haven’t, the decoy imitates legitimate servers, apps and data. This technology is used to reduce harm and safeguard a company’s real assets.

While it’s not always the first cybersecurity strategy that organizations deploy, it can be a way to enhance existing security solutions especially as criminal reconnaissance increases. Any security posture should aim to prevent all unwanted access, and if a breach has been suspected, deception technology can be a helpful tool to put in place. To protect the organization’s genuine assets, it can be very useful to direct cybercriminals toward phony data and credentials.

In addition, other technologies that aid IT security professionals in identifying cybercriminals can be layered on top of cybersecurity deception technology. For instance, tracking data can be incorporated into the files of a database of fictitious credentials. An alert to the organization or to law enforcement can go out upon opening a file. Another tactic is to use sink-hole servers to reroute traffic, fooling malware and bots into reporting to law enforcement rather to the cyber-attacker.

What deception offers healthcare organizations 

Deception technology offers healthcare organizations an opportunity to take a much more proactive stance on security as opposed to just being reactive. Because healthcare is consistently under heavy attack, setting up active defense of this type is a way to regain control and bolster the last line of defense against attack.

One way healthcare firms take a proactive stance is to stand up deceptive decoys within their environment that mimic connected medical devices like an insulin pump or a vitals monitor. When they connect a real device to the network, they have to specify its IP address on the back end, within the electronic medical records system and work with the interface software to tell it, “This is a new piece of hardware.” So, if something contacts the decoy medical device on the network, that’s a high-fidelity alert. Anything that tries to contact one of those decoys must be either something configured wrong on the network or an attack. 

Another proactive stance is with decoys of employee portals. Attackers often scan a healthcare organization’s network or go to their website to look for means of entry. But in some scenarios, they just scan for open IP addresses or open ports trying to find specific portals that might be open. Oftentimes, they’ll stumble upon a fake employee portal. Since the firm doesn’t advertise this employee portal to its employees and doesn’t put it on their website, any time someone lands there should trigger an investigation. 

Deception technology tools also give an IT team the ability to identify which assets are most desirable to attackers. For instance, while it is safe to assume that a database of user information – such as names, addresses, social security numbers and payment data – is an alluring target, you can confirm that these are the actual assets hackers are after by using security deception technology.

Getting started

Setting up deception technologies requires an intimate understanding of your environment and visibility into your most important assets. Virtualization, on which deception technology is predicated, enables deployment automation. For instance, effective deception technology will automatically create an inventory of network assets. The platform will automatically create the deception components, as well as analyze and deploy the decoys to simulate an environment, based on the inventory. Furthermore, deception technology can give security teams insight into the assets that an organization possesses and the extent to which a deception deployment is protecting these assets.

Contrary to common assumption, deception technology can actually be particularly useful for smaller businesses, who may lack the resources (people or money) to adopt more sophisticated solutions or hire a full security team. The increased visibility that a deception solution provides can be advantageous to numerous types of organizations.

Deception for greater security

As the Internet of Medical Things advances and employee portals multiply, the healthcare threat surface expands. Deception technology enables healthcare organizations to minimize harm to their network and to observe the real-world tools that malicious actors use. It’s a last line of defense that adds additional protection to the vital data this industry holds and needs to perform its life-saving work. 

FTNT Troy Ament headshot 24Sept20 3
Troy Ament
CISO for Healthcare at Fortinet

Troy Ament is Fortinet’s field CISO for healthcare. He brings more than 20 years of experience to Fortinet, transforming information technology and security programs, with 14 years in the healthcare sector as an executive overseeing clinical technology implementations, and serving as the chief information security officer (CISO) at two of the largest integrated health delivery systems in the U.S. Before joining Fortinet, Troy held the positions of CISO and Director, CISO chief at Sanford Health where he had oversight of the Security Technology, Security Operations, Identity and Access Management, and Governance Risk and Compliance (GRC) Teams.