By Robert Johnston
Here’s what we know. The number of healthcare data breaches has trended steadily higher over the past decade, in part because cyber criminals know healthcare IT pros are distracted and juggling multiple priorities. From IoT to traditional Windows networks, healthcare is a huge hacking target because managing and securing the large array of technologies and multiple data flows is overwhelming.
Plus, resource-constrained healthcare organizations struggle to find enough qualified security personnel, time and budget to mount a consistently effective cyber defense. And, with the next big breach lurking, stakeholders are asking if it is possible for a hospital or health system to take control of its data and make itself less vulnerable to bad actors. The answer is “Yes” but it will take commitment and a seriousness of purpose to be effective.
The best strategy is a hub-and-spoke system that collects and indexes data from the numerous sources common in a healthcare setting. These include network traffic, Web servers, VPNs, firewalls, custom applications, application servers, hypervisors, GPS systems, and pre-existing structured databases. But this is only the first step because in today’s threat environment, even that array of capabilities won’t be enough. Healthcare organizations need to be on high alert in their cyber-protection game which begins by running all data feeds through an artificial-intelligence-authored security information and event management (SIEM) system. This needs to be equipped with machine-learning-powered analytics to identify anomalous and malicious patterns.
The next level of protection for healthcare CIOs, CTOs, IT and data management pros to implement is making sure their hub-and-spoke systems provide four critical capabilities: log/device management, world-class analytics, account/system context, and the ability to visualize preferences across their entire network. All of these capabilities can be secured by using one platform as we have done at Adlumin. Below is an in-depth review of each that every healthcare IT executive should follow:
- The log/device management piece should include unlimited log/device/system coverage, integrated compliance management (PCI DSS, HIPAA, SOX, FFEIC), automated log and device ingest, and critical server log management. It also needs to have, real-time event log management, Windows and Linux server management, cloud and on-premise ingest, secure and encrypted log management and log data normalization. Storage and processing are a commodity. The days of not being able to handle your production workload are over. Security vendors should not be asking for 90% of your budget to only solve 10% of your problems.
- For the analytics, find a single platform that provides automated threat intelligence, real-time intrusion detection alerts, 24/7 network vulnerability assessment, automatic analysis of firewall and VPN log data alongside network account data, automated anomaly interpretation and user and device context. There is simply just too much data for a human to analyze. Using artificial intelligence and machine learning to analyze large amounts of data so you don’t have to is the perfect remedy. So, drop your log management solution and replace it with a cloud-native SIEM.
- The account/system context should include risk management, visualization, and analysis, plus automated reporting for auditors and compliance. It should provide the ability to understand
riskwith one button click to enable decision making that takes minutes rather than days. And it should power compliance audit reports. With the power of a single clickyou should be able to understand risk and compliance this will make your response time and network security that much better over time.
- Finally, the ability to visualize privileged users and groups across the network reveals exactly who can touch a healthcare organization’s most sensitive data. Every healthcare IT executive needs to, identify the groups and individuals that have privilege on share drives, and show auditors actual account privilege in real-time. A picture tells a thousand words. Being able to visualize privilege within your environment lets you get your job done faster and take that 2-hour lunch break you so deserve!
Chaos and lack of focus make a healthcare IT operation a ready mark for bad actors. The hub-and-spoke system outlined above, with the additional capabilities, gives healthcare data pros a fighting chance to keep vital patient and employee data out of hackers’ hands.
Robert Johnston is the co-founder & chief executive officer at Adlumin, Inc., and is the cyber detective and strategic thinker who solved the Democratic National Committee hack during the 2016 U.S. presidential campaign. He can be reached at firstname.lastname@example.org (https://adlumin.com/) @dvgsecurityand@adlumin