HIT Think

How threat intelligence can keep providers' network defenses up to date

Register now

Cyberthreats are increasing in volume, diversity and sophistication, rapidly outstripping organizations’ abilities to effectively mitigate attacks with legacy security solutions. With Internet-connected devices such as MRIs and dialysis pumps becoming integrated into patient care, the risks and vulnerabilities continue to evolve.

As Arbor Networks reports, the largest attack in 2017 crippled healthcare organizations by overwhelming their systems with 800 gigabytes of data per second. This marked an increase of 60 percent over the largest attack of 2015, which used 500 Gbps.

To identify and thwart the multitude of potential vulnerabilities that healthcare organizations are now exposed to, organizations need a comprehensive approach to security. In fact, a recent security study found that healthcare leaders reported planning to expand their security capabilities by investing in cloud-based firewalls, distributed denial-of-service (DDoS) attack solutions and threat intelligence within the next two years — the latter being a critical element in any organization's security strategy.

Let’s break down why cyberthreat intelligence is particularly critical to healthcare.

In this field, it is absolutely essential for organizations to ensure 24/7 uptime and optimal performance of care-critical applications and systems. With evolving threats, organizations must cover their bases in efficient and cost-effective ways to protect care continuity as well as patient data.

Threat intelligence tools can apply sophisticated global threat analytics, identify known bad actors and track two-way communications patterns, and then apply that intelligence to shore up the environment. Such tools can identify threats throughout all levels. For instance, they can identify suspicious scanning activities among particular servers or end devices, helping IT departments discover weak endpoints before threats are deployed.

Offloading such sophisticated monitoring and analytics and then prioritizing potential threats in real time arms a security team with actionable intelligence to immediately address the most imminent exposures.

The Arbor Networks security report warns that the average DDoS attack can cost healthcare organizations as much as $500 per minute of downtime. That’s nearly $4 million per incident.

By investing in threat intelligence tools and working with the best security providers, security professionals can significantly lower a healthcare organization’s risk of falling victim to such an attack.

Key steps include the following.

Properly vet solution options. Choose a provider whose purview extends into the global threat landscape and who collaborates within the industry (working alongside the FBI, for example). Solutions they provide should prioritize threats and integrate with security information and event management (SIEM) systems, which help prioritize, deploy and track proactive security initiatives based on threat intelligence.

SIEM systems also provide interactive, nearly real-time visualizations driven by customer data as well as insights on attack patterns. This enables security staff to research geographic trends and review victim or attacker profiles.

Granular details, such as which laptop is communicating with known bad actors and what server shows suspicious scanning activity, make the intelligence actionable and better enable teams to prioritize resources.

Keep data actionable. Vet potential security providers to ensure they have 24/7 access to a security operations center to keep threat intelligence actionable. Indicators of compromise to a network should be automatically identified and prioritized in an easy-to-use portal or in a SIEM. The intelligence should outline suspected vulnerabilities in a clean, actionable way, and expert support staff in the security operations center should only be a phone call away at any given moment.

Threat intelligence shouldn’t create more work; rather, it should enable a security team to do more with less and to more strategically prioritize initiatives. Security executives should know what endpoint is being scanned and what laptop may be compromised so that staff can be deployed accordingly.

Prioritize efforts. Promote flexibility in prioritizing efforts and avoid biting off more than you can chew. As security staff leverage a threat intelligence platform, priorities will likely change on the fly as the threatscape evolves each day. An organization that focuses on creating a culture of agility will be more able to focus on actionable, prioritized threat intelligence.

To foster this agility, security teams should be empowered to make decisions with threat intelligence as it comes in. Promote a culture where actionable intelligence drives priorities and resources and is integrated into team strategies early and often. Keep team members throughout the organization informed of the latest threat analyses and routinely practice and test security protocols throughout the organization.

Threat intelligence no longer means a stack of malicious IP addresses piled on a desk or expensive servers or routers piled into a network. It means being armed in real time with personalized actionable intelligence that helps security staff prioritize efforts more effectively, ultimately better preserving protected health information and care continuity.

For reprint and licensing requests for this article, click here.